From d058b302b7a029ed722c13d294cf7f77912ddebf Mon Sep 17 00:00:00 2001 From: Susan Hert Date: Wed, 18 Jun 2025 17:25:51 -0700 Subject: [PATCH 1/3] Update to Tomcat version 10.1.42 (#1100) --- gradle.properties | 2 +- server/configs/application.properties | 5 +++ .../embedded/config/application.properties | 5 +++ .../src/org/labkey/embedded/LabKeyServer.java | 33 +++++++++++++++++++ .../LabKeyTomcatServletWebServerFactory.java | 1 + 5 files changed, 45 insertions(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 3250759761..f2eb2e78bf 100644 --- a/gradle.properties +++ b/gradle.properties @@ -99,7 +99,7 @@ apacheDirectoryVersion=2.1.7 apacheMinaVersion=2.2.4 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below) -apacheTomcatVersion=10.1.41 +apacheTomcatVersion=10.1.42 # (mothership) -> json-path -> json-smart -> accessor-smart # (core) -> graalvm diff --git a/server/configs/application.properties b/server/configs/application.properties index f5311aa879..c62474a7cf 100644 --- a/server/configs/application.properties +++ b/server/configs/application.properties @@ -65,6 +65,11 @@ context.encryptionKey=@@encryptionKey@@ #context.bypass2FA=true #context.workDirLocation=/path/to/desired/workDir +## Tomcat v10.1.42 lowered the default for part count from 1000 to 10. Our default is now 500, but can be overridden here. +## Header size default changed from 10Kb to 512, which is also our default. +#context.maxConnectorPartCount=500 +#context.maxConnectorPartHeaderSize=512 + ## SMTP configuration mail.smtpHost=@@smtpHost@@ mail.smtpPort=@@smtpPort@@ diff --git a/server/configs/webapps/embedded/config/application.properties b/server/configs/webapps/embedded/config/application.properties index 07a93674a8..2bb403a668 100644 --- a/server/configs/webapps/embedded/config/application.properties +++ b/server/configs/webapps/embedded/config/application.properties @@ -103,6 +103,11 @@ mail.smtpUser=Anonymous #context.bypass2FA=true #context.workDirLocation=@@/path/to/desired/workDir@@ +## Tomcat v10.1.42 lowered the default for part count from 1000 to 10. Our default is now 500, but can be overridden here. +## Header size default changed from 10Kb to 512, which is also our default. +#context.maxConnectorPartCount=500 +#context.maxConnectorPartHeaderSize=512 + ## Other webapps to be deployed, most commonly to deliver a set of static files. The context path to deploy into is the ## property name after the "context.additionalWebapps." prefix, and the value is the location of the webapp on disk #context.additionalWebapps.firstContextPath=@@/my/webapp/path@@ diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java index bf4faadf28..9bfd54431a 100644 --- a/server/embedded/src/org/labkey/embedded/LabKeyServer.java +++ b/server/embedded/src/org/labkey/embedded/LabKeyServer.java @@ -7,6 +7,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.context.ApplicationPidFileWriter; import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.boot.web.server.WebServerFactoryCustomizer; import org.springframework.context.annotation.Bean; @@ -147,6 +148,14 @@ public WebServerFactoryCustomizer customizer() return customizer -> customizer.setDisableMBeanRegistry(false); } + @Bean + TomcatConnectorCustomizer connectorCustomizer() { + return (connector) -> { + connector.setMaxPartCount(contextSource().getMaxConnectorPartCount()); + connector.setMaxPartHeaderSize(contextSource().getMaxConnectorPartHeaderSize()); + }; + } + @Bean public TomcatServletWebServerFactory servletContainerFactory() { @@ -159,6 +168,7 @@ public TomcatServletWebServerFactory servletContainerFactory() Connector httpConnector = new Connector(); httpConnector.setScheme("http"); httpConnector.setPort(contextProperties.getHttpPort()); + result.getTomcatConnectorCustomizers().forEach(customizer -> customizer.customize(httpConnector)); result.addAdditionalTomcatConnectors(httpConnector); } @@ -456,6 +466,9 @@ public static class ContextProperties private Map>> resources; private Map additionalWebapps; + private Integer maxConnectorPartCount = 500; + private Integer maxConnectorPartHeaderSize = 512; + public List getDataSourceName() { return dataSourceName; @@ -718,6 +731,26 @@ public void setAdditionalWebapps(Map additionalWebapps) { this.additionalWebapps = additionalWebapps; } + + public Integer getMaxConnectorPartCount() + { + return maxConnectorPartCount; + } + + public void setMaxConnectorPartCount(Integer maxConnectorPartCount) + { + this.maxConnectorPartCount = maxConnectorPartCount; + } + + public Integer getMaxConnectorPartHeaderSize() + { + return maxConnectorPartHeaderSize; + } + + public void setMaxConnectorPartHeaderSize(Integer maxConnectorPartHeaderSize) + { + this.maxConnectorPartHeaderSize = maxConnectorPartHeaderSize; + } } @Configuration diff --git a/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java b/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java index a02a5312e1..74cb72ff34 100644 --- a/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java +++ b/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java @@ -38,6 +38,7 @@ public LabKeyTomcatServletWebServerFactory(LabKeyServer server) addConnectorCustomizers(connector -> { LabKeyServer.TomcatProperties props = _server.tomcatProperties(); + _server.connectorCustomizer().customize(connector); if (props.getUseBodyEncodingForURI() != null) { From f5a5121512b8260d9e73eed2796529cd042d45b4 Mon Sep 17 00:00:00 2001 From: Susan Hert Date: Thu, 19 Jun 2025 19:40:25 -0700 Subject: [PATCH 2/3] Revert tomcat v10.1.42 update (#1102) --- gradle.properties | 2 +- server/configs/application.properties | 5 --- .../embedded/config/application.properties | 5 --- .../src/org/labkey/embedded/LabKeyServer.java | 32 ------------------- .../LabKeyTomcatServletWebServerFactory.java | 1 - 5 files changed, 1 insertion(+), 44 deletions(-) diff --git a/gradle.properties b/gradle.properties index f2eb2e78bf..3250759761 100644 --- a/gradle.properties +++ b/gradle.properties @@ -99,7 +99,7 @@ apacheDirectoryVersion=2.1.7 apacheMinaVersion=2.2.4 # Usually matches the version specified as a Spring Boot dependency (see springBootVersion below) -apacheTomcatVersion=10.1.42 +apacheTomcatVersion=10.1.41 # (mothership) -> json-path -> json-smart -> accessor-smart # (core) -> graalvm diff --git a/server/configs/application.properties b/server/configs/application.properties index c62474a7cf..f5311aa879 100644 --- a/server/configs/application.properties +++ b/server/configs/application.properties @@ -65,11 +65,6 @@ context.encryptionKey=@@encryptionKey@@ #context.bypass2FA=true #context.workDirLocation=/path/to/desired/workDir -## Tomcat v10.1.42 lowered the default for part count from 1000 to 10. Our default is now 500, but can be overridden here. -## Header size default changed from 10Kb to 512, which is also our default. -#context.maxConnectorPartCount=500 -#context.maxConnectorPartHeaderSize=512 - ## SMTP configuration mail.smtpHost=@@smtpHost@@ mail.smtpPort=@@smtpPort@@ diff --git a/server/configs/webapps/embedded/config/application.properties b/server/configs/webapps/embedded/config/application.properties index 2bb403a668..07a93674a8 100644 --- a/server/configs/webapps/embedded/config/application.properties +++ b/server/configs/webapps/embedded/config/application.properties @@ -103,11 +103,6 @@ mail.smtpUser=Anonymous #context.bypass2FA=true #context.workDirLocation=@@/path/to/desired/workDir@@ -## Tomcat v10.1.42 lowered the default for part count from 1000 to 10. Our default is now 500, but can be overridden here. -## Header size default changed from 10Kb to 512, which is also our default. -#context.maxConnectorPartCount=500 -#context.maxConnectorPartHeaderSize=512 - ## Other webapps to be deployed, most commonly to deliver a set of static files. The context path to deploy into is the ## property name after the "context.additionalWebapps." prefix, and the value is the location of the webapp on disk #context.additionalWebapps.firstContextPath=@@/my/webapp/path@@ diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java index 9bfd54431a..d3df3c3c38 100644 --- a/server/embedded/src/org/labkey/embedded/LabKeyServer.java +++ b/server/embedded/src/org/labkey/embedded/LabKeyServer.java @@ -148,14 +148,6 @@ public WebServerFactoryCustomizer customizer() return customizer -> customizer.setDisableMBeanRegistry(false); } - @Bean - TomcatConnectorCustomizer connectorCustomizer() { - return (connector) -> { - connector.setMaxPartCount(contextSource().getMaxConnectorPartCount()); - connector.setMaxPartHeaderSize(contextSource().getMaxConnectorPartHeaderSize()); - }; - } - @Bean public TomcatServletWebServerFactory servletContainerFactory() { @@ -168,7 +160,6 @@ public TomcatServletWebServerFactory servletContainerFactory() Connector httpConnector = new Connector(); httpConnector.setScheme("http"); httpConnector.setPort(contextProperties.getHttpPort()); - result.getTomcatConnectorCustomizers().forEach(customizer -> customizer.customize(httpConnector)); result.addAdditionalTomcatConnectors(httpConnector); } @@ -466,9 +457,6 @@ public static class ContextProperties private Map>> resources; private Map additionalWebapps; - private Integer maxConnectorPartCount = 500; - private Integer maxConnectorPartHeaderSize = 512; - public List getDataSourceName() { return dataSourceName; @@ -731,26 +719,6 @@ public void setAdditionalWebapps(Map additionalWebapps) { this.additionalWebapps = additionalWebapps; } - - public Integer getMaxConnectorPartCount() - { - return maxConnectorPartCount; - } - - public void setMaxConnectorPartCount(Integer maxConnectorPartCount) - { - this.maxConnectorPartCount = maxConnectorPartCount; - } - - public Integer getMaxConnectorPartHeaderSize() - { - return maxConnectorPartHeaderSize; - } - - public void setMaxConnectorPartHeaderSize(Integer maxConnectorPartHeaderSize) - { - this.maxConnectorPartHeaderSize = maxConnectorPartHeaderSize; - } } @Configuration diff --git a/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java b/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java index 74cb72ff34..a02a5312e1 100644 --- a/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java +++ b/server/embedded/src/org/labkey/embedded/LabKeyTomcatServletWebServerFactory.java @@ -38,7 +38,6 @@ public LabKeyTomcatServletWebServerFactory(LabKeyServer server) addConnectorCustomizers(connector -> { LabKeyServer.TomcatProperties props = _server.tomcatProperties(); - _server.connectorCustomizer().customize(connector); if (props.getUseBodyEncodingForURI() != null) { From 6e965a2771653364ef970db65958c8c3ea8339ce Mon Sep 17 00:00:00 2001 From: Trey Chadick Date: Fri, 20 Jun 2025 09:13:16 -0700 Subject: [PATCH 3/3] Include contextPath in CSP 'report-uri' (#1103) --- server/embedded/src/org/labkey/embedded/LabKeyServer.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java index d3df3c3c38..2df3c6fdcd 100644 --- a/server/embedded/src/org/labkey/embedded/LabKeyServer.java +++ b/server/embedded/src/org/labkey/embedded/LabKeyServer.java @@ -83,11 +83,11 @@ public static void main(String[] args) String enforceCsp = baseCsp + """ ${UPGRADE.INSECURE.REQUESTS} frame-ancestors 'self' ; - report-uri /admin-contentSecurityPolicyReport.api?cspVersion=e12&${CSP.REPORT.PARAMS} ; + report-uri ${context.contextPath:}/admin-contentSecurityPolicyReport.api?cspVersion=e12&${CSP.REPORT.PARAMS} ; """; // Leave out upgrade_insecure_requests and frame-ancestors directives, since they produce warnings on some browsers String reportCsp = baseCsp + """ - report-uri /admin-contentSecurityPolicyReport.api?cspVersion=r12&${CSP.REPORT.PARAMS} ; + report-uri ${context.contextPath:}/admin-contentSecurityPolicyReport.api?cspVersion=r12&${CSP.REPORT.PARAMS} ; """; application.setDefaultProperties(Map.of( "server.tomcat.basedir", ".",