Sun ONE Web Server 6.1 Release Notes

Sun™ ONE Web Server Release Notes

Version 6.1

Part Number 817-1828-10

August 2003

These release notes contain important information available at the time of release of version 6.1 of Sun™ Open Network Environment (Sun ONE) Web Server, including information about new features and enhancements, known limitations and problems, technical notes, and pointers to additional resources. Be sure to read this document before you begin using Sun ONE Web Server 6.1.

Review the release notes prior to installing and setting up your software, and then periodically thereafter to view the most up-to-date information.

These release notes contain the following sections:


What’s New in Sun ONE Web Server 6.1

Sun ONE Web Server 6.1 includes the following new features:

Java Servlet 2.3 and JavaServer Pages (JSP) 1.2 Support

Sun ONE Web Server 6.1 includes a Java™ 2 Platform, Enterprise Edition (J2EE™)-compliant implementation of the Java™ Servlet 2.3 and JavaServer Pages™ (JSP™) 1.2 specifications. A J2EE-compliant web container provides the flexibility and reliability needed to design and deploy web applications that comply with Java™ technology standards. Web applications can be deployed on a per virtual server basis.

For information about these technologies, see the following resources:

For information about developing servlets and JSPs in Sun ONE Web Server, see the Sun ONE Web Server 6.1 Programmer’s Guide to Web Applications.

J2SE Platform 1.4.1_03 Support

Sun ONE Web Server 6.1 supports Java™ 2 Platform, Standard Edition (J2SE™) 1.4.1_03 (32-bit only; 64-bit is not supported). J2SE software is bundled with the Web Server and installed during installation, if you choose to install it. You can also install your own JDK at a later time, following installation of the Web Server. If you plan to use the Administration server, a JDK must be installed.

WebDAV Support

Sun ONE Web Server 6.1 supports the Web-based Distributed Authoring and Versioning (WebDAV) protocol, which enables collaborative web publishing with the following features:

WebDAV provides integrated support for content metadata, name space management, and overwrite protection. These technologies, combined with the many authoring tools that support WebDAV, provide an ideal development platform for collaborative environments.

NSAPI Filters Support

Sun ONE Web Server 6.1 extends the Netscape Server Application Programmer's Interface (NSAPI) to support NSAPI filters.

Filters enable the custom processing of HTTP request and response streams, allowing a function to intercept and potentially modify the content presented to or generated by another function. For example, a plugin could install an NSAPI filter to intercept an XML page generated by another plugin's Server Application Function (SAF), then transform that XML page into an HTML, XHTML, or WAP page appropriate for the client. Alternatively, an NSAPI filter could decompress data received from a client before presenting it to another plugin.

For more information, see the Sun ONE Web Server 6.1 NSAPI Programmer’s Guide.

HTTP Compression Support

Sun ONE Web Server 6.1 supports content compression, which allows you to increase delivery speed to clients and serve higher content volumes without incurring a corresponding increase in hardware expenses. Content compression reduces content download time, a benefit most apparent to users of dial-up and high-traffic connections.

For more information, see the Sun ONE Web Server 6.1 Administrator’s Guide.

New Search Engine Support

Sun ONE Web Server 6.1 supports a new, Java-based search engine that provides full-text search indexing and retrieval. The search feature allows users to search documents on the server and display results on a web page. Server administrators create the indexes of documents against which users will search, and can customize the search interface to meet specific needs.

For more information, see the Sun ONE Web Server 6.1 Administrator’s Guide.

Enhanced Security

New functionality in Sun ONE Web Server 6.1 allows you to restrict access using flat file authentication. Unlike previous versions of the Web Server, Sun ONE Web Server 6.1 now also supports the Java Security Manager. The Security Manager is disabled by default when you install the product, which may improve performance significantly for some types of applications. Enabling the Security Manager may improve security by restricting the rights granted to your J2EE web applications. To enable the Security Manager, "uncomment" entries in the server.xml file:

<JVMOPTIONS>-Djava.security.manager</JVMOPTIONS>
<JVMOPTIONS>-Djava.security.policy=
instance_dir/config/server.policy</JVMOPTIONS>

where instance_dir is the path to the installation directory of this server instance.

For more information about server.xml, see the Sun ONE Web Server 6.1 Administrator’s Configuration File Reference.

JNDI Support

Sun ONE Web Server 6.1 supports the Java Naming and Directory Interface™ (JNDI), which provides seamless connectivity to heterogeneous enterprise naming and directory services.

JDBC Support

Sun ONE Web Server provides out-of-the-box, seamless Java™ DataBase Connectivity (JDBC™), and supports a wide range of industry-standard and customized JDBC drivers.

Sun ONE Studio 5 Support

Sun ONE Web Server 6.1 supports Sun™ ONE Studio 5, Standard Edition. Sun ONE Studio technology is Sun's powerful, extensible, integrated development environment (IDE) for Java technology developers. Sun ONE Studio 5 is based on NetBeans™ software, and integrated with the Sun ONE platform. (Sun ONE Web Server 6.1 also supports NetBeans 3.5 and 3.5.1.)

Sun ONE Studio support is available on all platforms supported by Sun ONE Web Server 6.1. The plugin for the Web Server can be obtained in the following ways:

Please note that the Sun ONE Studio 5 plugin for Sun ONE Web Server 6.1 works only with a local Web Server (that is, with the IDE and the Web Server on the same machine).

The behavior of the Sun ONE Studio 5 plugin for Sun ONE Web Server 6.1 is the same as that for Sun™ ONE Application Server 7. For information about using the web application features in Sun ONE Studio 5, see the following tutorial
http://developers.sun.com/tools/javatools/documentation/s1s5/cdshop.pdf

Set the Sun ONE Web Server 6.1 instance as the default, and then take the same actions described in the tutorial.

Also see the following NetBeans tutorial
http://usersguide.netbeans.org/tutorials/webapps/index.html

For more information about Sun ONE Studio 5, visit
http://www.sun.com/software/sundev/jde/

For additional developer resources, see Additional Sun Resources in these release notes.

Using Sun ONE Studio 5 for Debugging

Sun ONE Studio 5 can be used for "remote debugging" if you want to manually attach the IDE to a remote Web Server started in debug mode. The steps are as follows:

  1. Using the Sun ONE Web Server Administration interface, restart the server instance in debug mode (Server Manager > JVM General > Debug Enabled).
  2. Note the JPDA port number.
  3. Start the IDE.
  4. Choose Debug > Start.
  5. Select the dt_socket method, and then enter the remote machine name and the JPDA port number.
  6. At that moment, any breakpoint created in the IDE on servlet source code of a deployed application will be active.

Active Server Pages Support

Sun ONE Web Server 6.1 supports the Active Server Pages 3.0 specification through Sun™ ONE Active Server Pages version 4.0.1 (formerly Sun Chili!Soft ASP). Sun ONE Active Server Pages adds a secure, enterprise-grade Active Server Pages engine to the Sun ONE Web Server.

Sun ONE Web Server 6.1 includes support for Sun ONE Active Server Pages 4.0.1 on the following platforms:

A license is not required for Sun ONE Active Server Pages if you are installing to the Sun ONE Web Server. The Sun ONE Active Server Pages installer is available on the Companion CD if you purchased the Sun ONE Web Server Media Kit, or by download from the following location:
http://wwws.sun.com/software/chilisoft/index.html

Please note the following:

For more information about Sun ONE Active Server Pages, visit the URL listed above.

PHP Compatibility

Sun ONE Web Server 6.1 is compatible with PHP, the versatile and widely-used Open Source web scripting language. PHP runs on all major operating systems.

PHP version 4.3.2 is recommended for use with Sun ONE Web Server 6.1. For PHP-related installation and configuration information specific to Sun ONE Web Server, see
http://www.php.net/manual/en/install.netscape-enterprise.php

NSS 3.3.5 and NSPR 4.1.5 Support

Sun ONE Web Server 6.1 supports Network Security Services (NSS) 3.3.5 and Netscape Portable Runtime (NSPR) 4.1.5.

Enhanced Hardware Accelerator Encryption Support

Sun ONE Web Server 6.1 provides hardware accelerator support for Sun™ Crypto Accelerator 4000, a cryptographic accelerator board that enhances the performance of SSL on the Web Server.


Software and Hardware Requirements

For information about software and hardware requirements, see the Sun ONE Web Server 6.1 Installation and Migration Guide.


Required Patches

It is recommended that you update your operating system with the latest applicable patches. For the Solaris platform, Sun’s recommended patch list can be found at
http://sunsolve.sun.com/pubpatch

Note that patch 108993-22 (SPARC) or 108994-22 (x86) is required on Solaris 8 when Solaris is configured to use LDAP for authentication.

The following patches are required for optimal use of Sun ONE Web Server 6.1:

Solaris 8 (SPARC)

Solaris 9 (SPARC and x86)


Installation Notes

For installation notes, review the information in the Sun ONE Web Server 6.1 Installation and Migration Guide.

It is very important to note that the Web Server will not start if it is installed into a directory with spaces in the name, for instance, Program Files. You will not receive an error message about this during installation, but following installation the server will not start.

For additional information about known issues related to installation, see Known Issues in these release notes.


Product Documentation

Sun ONE Web Server 6.1 includes a complete set of product documentation, which can be found at the following location:
http://docs.sun.com/prod/sunone

Sun ONE Web Server manuals are available as online files in PDF and HTML formats. The following table lists the tasks and concepts described in each manual.

Table 1  Sun ONE Web Server Documentation Roadmap

For Information About

See the Following

Late-breaking information about the software and documentation

Release Notes

Getting started with Sun ONE Web Server, including hands-on exercises that introduce server basics and features (recommended for first-time users)

Getting Started Guide

Performing installation and migration tasks:

  • Installing Sun ONE Web Server and its various components, supported platforms, and environments
  • Migrating from Sun ONE Web Server 4.1 or 6.0 to Sun ONE Web Server 6.1

Installation and Migration Guide

The guide can also be accessed from your Web Server installation: server_root/manual/https/ig/

Performing the following administration tasks:

  • Using the Administration and command-line interfaces
  • Configuring server preferences
  • Using server instances
  • Monitoring and logging server activity
  • Using certificates and public key cryptography to secure the server
  • Configuring access control to secure the server
  • Using Java™ 2 Platform, Enterprise Edition (J2EE™ platform) security features
  • Deploying applications
  • Managing virtual servers
  • Defining server workload and sizing the system to meet performance needs
  • Searching the contents and attributes of server documents, and creating a text search interface
  • Configuring the server for content compression
  • Configuring the server for web publishing and content authoring using WebDAV

Administrator’s Guide

The guide can also be accessed from your Web Server installation: server_root/manual/https/ag/

Using programming technologies and APIs to do the following:

  • Extend and modify Sun ONE Web Server
  • Dynamically generate content in response to client requests
  • Modify the content of the server

Programmer’s Guide

Creating custom Netscape Server Application Programmer’s Interface (NSAPI) plugins

NSAPI Programmer’s Guide

Implementing servlets and JavaServer Pages™ (JSP™) technology in Sun ONE Web Server

Programmer’s Guide to Web Applications

Editing configuration files

Administrator’s Configuration File Reference

Tuning Sun ONE Web Server to optimize performance

Performance Tuning, Sizing, and Scaling Guide


Issues Fixed in Sun ONE Web Server 6.1

This section lists the most important issues fixed in Sun ONE Web Server 6.1.

Table 2  Issues Fixed in Sun ONE Web Server 6.1 

Problem ID

Description

4540254

Rotating log files shouldn't require server restart on UNIX

4727146

Logs filling with "connection reset" entries

4801874

ACL_LDAPSessionAllocate always returns LAS_EVAL_FAIL

4819405

Memory growth/leak of slapd process with digestauth plugin

4842574

Server crash with malformed request

4842601

Accept-Language header security issue

4786735

Installer doesn't set proper JDK CLASSPATH/LIBPATH when the external JDK is used

4792721

Incorrect error messages when LDAP server is offline

4811418

Digest authentication crashes

4820513

digestauth plugin code is not thread safe

4842190

Web Server crashes when receiving Accept-Language header larger than 15 languages

4846832

CRL corrupts database

4848896

digestauth plugin crashes for a particular type of request

4849914

Memory leak in digestauth plugin for a particular type of request

4855546

Log analyser vulnerability

4867887

Basic auth fails for users with uids that have spaces

4799452

sun.tools.javac.Main has been deprecated, exception stops valid JSPs

4839875

When using cachefs/nfs as ClassCache and document-root, Sun ONE Web Server doesn’t always pick up the new JSP

4858026

JSP: crash in getParameter when posting large amounts of data


Known Issues

This section lists the more important known issues and limitations at the time of the Sun ONE Web Server 6.1 release. The issues are listed by category:

Administration

The following table lists the known issues in Sun ONE Web Server 6.1 administration.

Table 3  Known Issues in Administration

Problem ID

Description

4865295

The End User Administration feature (under Distributed Administration in the Administration interface) is no longer supported.

4870613

The back button is not working for frames in Netscape 7.0.

When there are three frames and the content in a frame is changed by the frame itself, the browser’s back button may not work. This issue also occurs in Netscape 7.0 with some of the navigation buttons in the Administration UI.

4882999

Inconsistent look and feel to the pages in the Administration UI.

4888696

The Add Server page in the Administration UI "disappears" in Netscape 7.0 when insufficient information is entered.

Workaround
Enter complete information on the Add Server page before clicking OK. If necessary, reload the page to restore the Add Server UI, or click another page or another tab and then navigate back to the Add Server page. This problem occurs only in Netscape 7.0.

4893486

Default values not displayed on the SSL Settings page in the Magnus Editor.

Workaround
Click the Help button on this page for information about the default values.

4910309

The word "null" is incorrectly displayed on an alert message.

This displays when editing directory services in the Pick Directory for Virtual Server page in the Virtual Server Manager.

4910325

Cannot delete multiple virtual server classes all at once in the Administration UI.

Even if you select multiple classes for deletion on the Edit Classes page, only one class will be deleted at a time.

4911548

Style links displayed incorrectly.

This occurs when you create or edit a style, enable or disable WebDAV, and then restart the web server. Once the server is restarted, you are taken back to the styles page.

4894033

Distributed administration IP/DNS ACLs won’t work.

After enabling distributed administration, IP/DNS constraints in the ACLs for the Administration server won’t work.

4904201

The javahome path is wrongly set when adding a server with no bundled JDK.

For example, if you install Sun ONE Web Server with a custom JDK (but no bundled JDK), and then try to add a new server instance, the javahome for the newly created instance will not be correctly set. It still points to the bundled JDK path, which is non-existent in this case.

Workaround
Manually edit the javahome attribute under the JAVA element in the server.xml file.

4905808

Superusers cannot access the Administration interface after enabling distributed administration.

Workaround
After enabling distributed administration, create a user in LDAP with the same administration user name and password as that of "superuser."

4908647

Help buttons missing on two pages accessed from the Remote File Manipulation page in the Class Manager.

4908694

Default link not working for logging settings.

The Default link on the Logging Settings for Virtual Server page does not set the default path, but rather acts as a reset button.

4908787

When creating a listen socket, the default value (1) of acceptor threads in the Administration UI is not reflected in server.xml.

4910197

When editing a JDBC resource, the properties page retains values after they’ve been deleted.

4910272

Backslashes in the docroot.

When adding an instance or a virtual server class, if you specify a docroot that has backslashes or mixed slashes the docroot may not be created correctly.

Workaround
Use forward slashes when specifying the docroot on all platforms, including Windows.

4910281

Configure Directory Service page on the Global Settings tab should use check boxes instead of radio buttons (ease of use issue).

4910397

Redirection doesn’t work in URL forwarding if // is given as the URL prefix.

4911093

Bold tags (<b></b>) in alert message.

An alert message for the Additional Document Directories page in the Class Manager contains HTML bold tags.

4911547

Server allows creation of a duplicate WebDAV collection, and overwrites the older collection.

Collections with the same name can be created, and the collection that was created first will be overwritten. You will not receive an error message or alert about this.

4911550

Server error when trying to access the Web Server with additional document directory.

If you apply an internal-only style such as j2ee or dav to an additional document directory, and then try to access the server using a browser, you will receive a server error.

Workaround
Do not apply internal-only styles such as j2ee and dav to an additional document directory.

For more information about these styles, see issue 4911551 in the Documentation section in these release notes.

4911552

.shtml files are parsed when they shouldn’t be.

This issue pertains to the Parse HTML page on the Content Management tab in the Class Manager. The .shtml files will be parsed even when settings on this page are configured so that they shouldn’t be. For example, if you specify just "Yes, with exec tag" and "All HTML files," .shtml files will still also be parsed.

4911580

Adding a new server instance may fail with a Server Error message.

The problem occurs only when existing server instances have a certain number of listen sockets.

Workaround
It may be possible to avoid the error by creating or deleting listen sockets in the existing server instance(s).

4911630

Not all fields in the Magnus Editor are validated.

For example, some of the fields for SSL Settings or Performance Settings will accept negative integer values, and the magnus.conf file will be updated with those values. You will not receive an error message or alert.

4911633

Cannot change the password of a user in the Administration interface.

If you create a user on the Users and Groups tab, and then try to the change that user’s password using the Administration UI, you will not be able to make the change.

Workaround
Use the administration console software included with the directory server to change user passwords.

4911640

No validation for the "New password (again)" field in the Administration interface.

If you specify two different passwords in the "New password" and "New password (again)" fields on the Edit user page on the Users and Groups tab, you will not receive an alert, notifying you that different passwords have been entered.

4912353

Help button displays wrong topic in Netscape 4.79.

On Netscape 4.79, clicking the Help button on the Add Virtual Server page in the Class Manager displays the bottom of the Help page for this topic. Scroll to the top of the page in the Help window to see the information for this section.

No ID

The sun-web.xml file bundled with the Web Server points to the wrong DTD location.

The correct location is:
http://www.sun.com/software/dtd/webserver/sun-web-app_2_3-1.dtd

Cohabitation

The following table lists the known issues in Sun ONE Web Server 6.1 cohabitation.

Table 4  Known Issues in Cohabitation

Problem ID

Description

4869693

On Windows, the Web Server installation overwrites Sun™ ONE Directory Server .dll files due to cohabitation issues with Directory Server 5.x.

Core

The following table lists the known issues in Sun ONE Web Server 6.1 core.

Table 5  Known Issues in Core

Problem ID

Description

4905681

The AsyncDNS setting is ignored in Sun ONE Web Server 6.1. The Web Server never performs asynchronous DNS lookups.

Documentation

The following table lists the known issues in Sun ONE Web Server 6.1 documentation.

Table 6  Known Issues in Documentation

Problem ID

Description

4909738

Documentation error.

In Magnus Editor, LogVerbose and LogVsId are ignored when set to "On" (in lieu of the loglevel and logvsid attributes of the LOG element in the server.xml file).

4911551

Online Help missing documentation of default styles (Styles tab in the Class Manager).

Sun ONE Web Server includes the default styles listed below. These are default objects created in the obj.conf file. Once you begin customizing your server’s configuration, the styles list will change (new ones will be added, others will be removed, and so on). The default styles are as follows:

  • j2ee. Object that invokes the Java environment.
  • es-internal. Object that determines how requests handled by server core are processed.
  • send-compressed. Object that determines how (or if) the server will send precompressed content if it exists on disk (for instance, index.html.gz instead of index.html).
  • compress-on-demand. Object that determines how (or if) the server will compress content on demand.
  • dav. Object that controls how WebDAV requests are processed.

See issue 4911550 in the Administration section in these release notes for an issue related to the default styles.

Installation

The following table lists the known issues in Sun ONE Web Server 6.1 installation.

Table 7  Known Issues in Installation

Problem ID

Description

4855263

Sun ONE Web Server will not start if it is installed into a directory with spaces in the name, for instance, Program Files. You will not receive an error message about this during installation, but following installation the server will not start.

Workaround
Do no install the Web Server into a directory with spaces in the name.

4869238

On Windows, the Sun ONE Web Server installer will not take a long name as server_root.

Workaround
Specify a path name for the Sun ONE Web Server installation directory that is no longer than 128 characters (even though the dialog allows you to enter up to 256 characters).

4901205

On Solaris, Control+b does not work on screens that follow the Fully Qualified Domain Name screen in the installer (starting with the User and Group Name screen).

Workaround
If you need to return to previous screens during the installation, quit the installer and start again.

Migration

The following table lists the known issues in Sun ONE Web Server 6.1 migration.

Table 8  Known Issues in Migration

Problem ID

Description

4858152

Access log entries in the server.xml file of the migrated instance point to invalid path.

When migrating on Windows, if the 4.1 or 6.0 server root path entered in the migration page has extra slashes (for example, C:\\SunONE_Servers\\webserver\) the migrated instance’s server.xml file will not have a reference to the new server root, and the old instance’s server ID will be removed.

4904088

Information on the final migration page does not display when using Internet Explorer.

If the Web Server version 6.0 or 4.1 obj.conf file contains a reference to the old server root in the <object> tag line, the final migration page will not display full migration details in Internet Explorer (everything displays fine in Netscape). Even though the details are not displayed, however, migration of that instance will happen successfully.

Workaround
To see the information on the final migration page, use a Netscape browser.

Samples

The following table lists the known issues in Sun ONE Web Server 6.1 sample applications. Note that none of these issues prevent the sample applications from functioning correctly.

Table 9  Known Issues in Samples

Problem ID

Description

No ID

rmi-iiop sample is missing a step.

In the "Compiling and Assembling the Sample Application" section, after executing the command ant (step 5), restart the web server instance.

No ID

jdbcrealm sample is missing a quote in the sql statement.

Change the following sql statement in:

<install_root>/plugins/java/samples/webapps/security/jdbcrealm/src
/sql/dbscript-ora.sql

From this:

INSERT INTO user_tbl (userid,firstname,lastname,passwd,groups)
VALUES( 'ws','ws','ws,'secret','staff,engineer');

To this:

INSERT INTO user_tbl (userid,firstname,lastname,passwd,groups)
VALUES( 'ws','ws','ws','secret','staff,engineer');

No ID

jdbcrealm sample has the wrong Oracle driver name.

In the "Compiling and Assembling the Sample Application" section, step 2b, change the following line from this:

<PROPERTY name="dbdrivername" value="oracle.jdbc.pool.OracleDataSource"/>

To this:

<PROPERTY name="dbdrivername" value="oracle.jdbc.driver.OracleDriver"/>

Search

The following table lists the known issues in Sun ONE Web Server 6.1 search.

Table 10  Known Issues in Search

Problem ID

Description

4903319

When you create a collection, not all documents will be indexed and added to the collection.

Files with any of the following extensions (case insensitive) will not be indexed: ASA, ASP, BMP, GIF, JAR, JPG, JS, JSP, SXI, SXW, SXC, SXM, SXG, TAR, WAR, and ZIP. On Linux only, PDF files also are not indexed.

4908010

Unable to remove a search collection for a newly created virtual server before performing an Apply.

Workaround
Click Apply and restart the server before removing a collection for a newly created virtual server.

4908645

Highlighting is incorrect if the query string has an apostrophe.
- and -
Words with commas are not found.

  • When you access the search application in a browser and search using a word with an apostrophe (for instance, server’s), search results will not be highlighted correctly.
  • Search won’t find words that end with a comma.

4910222

Error on Windows when trying to create a collection with a docroot with backslashes.

Workaround
This occurs when you specify a docroot that has backslashes or mixed slashes. Use forward slashes.

4910410

On Windows, collection creation may fail in certain cases when a multi-byte label and/or description is specified.

Workaround
Create the collection without specifying the label and description (which are optional), and then set these using the Configure Collection page on the Search tab.

4911548

Proper error message not displayed when creating duplicate collections (collections with the same name).

4911656

Hyperlinks in the search results page may not work correctly when using Internet Explorer.

The "sort by date," "previous," and "next" hyperlinks in the search results page may not work correctly in Internet Explorer if the query string has either special characters such as &, =, %, and +, or certain multi-byte characters.

4911725

Search doesn’t work when you search for a word using a different case pattern.

Search results will not be displayed on the search page if you search using a word of mixed case (for example, typing jaVa instead of java or JAVA).

Security

The following table lists the known issues in Sun ONE Web Server 6.1 security.

Table 11  Known Issues in Security

Problem ID

Description

4671445

Sun ONE Web Server cannot connect to an LDAP server over SSL if LDAP client authentication is required.

If Sun ONE Web Server contacts an LDAP server that requires client authentication (in this case, the Web Server is the client), the Web Server’s certificate cannot be sent and access will fail.

4863599

Cannot use the same group name under different organizational units.

If the same group name is used, and you try to restrict access with the group name, Sun ONE Web Server returns an error when clients try to access the site.

Workaround
Use a different group name for each organizational unit.

4903162

Security issue on Windows related to the case of url-patterns.

Per the Servlet specification, url-pattern elements in web.xml are treated in a case sensitive manner. On Windows, however, url-patterns are treated case insensitively, which means that security constraints and filter mappings can be bypassed by altering case in the request.

For example, suppose a web application has a security constraint for <url-pattern>*.html</url-pattern>. A file exists called index.html, but there is no file called index.HTML. On Windows, the following happens:

  • GET /index.html triggers authentication because it matches the security constraint.
  • GET /index.HTML does not match the security constraint, so it is not restricted. On other platforms, a 404 error would normally be returned because the file does not exist. But on Windows, the contents of index.html are returned instead, bypassing access control.

Workaround
Avoid extension constraints in Windows. Instead, specify a prefix constraint, such as "/*". A much more unwieldy workaround would be to list the various combinations, so instead of just "*.ps", you would specify "*.ps *.PS *.pS *Ps".

Tools

The following table lists the known issues in Sun ONE Web Server 6.1 tools.

Table 12  Known Issues in Tools

Problem ID

Description

4905696

On Windows, two WAR files in the Servlet TCK fail to deploy due to an issue with the wdeploy utility. The files are:
servlet_jsh_HttpServletResponseWrapper_web.war
servlet_jsh_HttpServletRequestWrapper_web.war

Workaround
Deployment fails if the class file depth (along with the file name) exceeds 255 characters. The suggested workaround:

  • Edit the server.xml file by hand
  • Create the directory to deploy to manually
  • Deploy the WAR file in the directory manually

4912181

On Linux, a null pointer exception is thrown when deploying an application using the wdeploy command-line utility. This happens at the end of the deploy, and only if it succeeds.

Workaround
The error seems to occur when wdeploy reads the stdout/stderr after execution of the reconfigure script following the deploy. The reconfigure should go through, but you should check to see if the server did indeed reconfigure by looking in the errors log for the reconfigure message. If the message is not there, then run the reconfigure script manually.

WebDAV

The following table lists the known issues in Sun ONE Web Server 6.1 WebDAV.

Table 13  Known Issues in WebDAV

Problem ID

Description

4892017

Unable to rename or move a resource if the parent directory is locked exclusively.

This occurs when DAV clients send the incorrect If: header. For example, if you connect to the Web Server using Macromedia Dreamweaver or DAV Explorer, create a collection, and then lock the collection with depth infinity (which locks all of its resources as well), you will not be able to rename or move a resource. Adobe® GoLive® sends the correct If: header only if the lock’s owner href matches auth_user. In all other cases with GoLive, the wrong header will also be sent.

4902651

Lock Management screen in the Virtual Server Manager does not display the lock information properly for hard links.

Symbolic links (hard and soft) are not supported by the WebDAV implementation in Sun ONE Web Server.

4905175

WebDAV ACL settings are inherited into new virtual servers.

This allows an existing WebDAV ACL setting in one virtual server to be set automatically as the default in any new virtual server that’s created. Modifying ACL settings in one virtual server will be reflected in all other virtual servers.

Workaround
Create a new ACL file for each virtual server.


How to Report Problems and Provide Feedback

If you have problems with Sun ONE Web Server 6.1, contact Sun customer support using one of the following mechanisms:

So that we can best assist you in resolving problems, please have the following information available when you contact support:

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions. Send your comments to Sun using the "Send comments" link at
http://docs.sun.com/

Please include identifying information with your comments, such as the book’s part number and title.


Additional Sun Resources

Useful Sun ONE information can be found at the following locations:


Copyright © 2003 Sun Microsystems, Inc. All rights reserved.

U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. Use is subject to license terms. Portions may be derived from Berkeley BSD systems, licensed from U. of CA. Sun, Sun Microsystems, the Sun logo, Solaris, SPARC, Java, the Java Coffee Cup logo, J2EE, J2SE, JavaServer Pages, JSP, Java Naming and Directory Interface, JDBC, and NetBeans are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.