Changelog

Rename $CATALINA_BASE/server/lib/servlets-cgi.renametojar -to $CATALINA_BASE/server/lib/servlets-cgi.jar.

Remove the XML comments from around the CGI servlet and servlet-mapping configuration in $CATALINA_BASE/conf/web.xml.

Only Contexts which are marked as privileged may use the CGI servlet (see the +privileged property of the Context element).

There are several servlet init parameters which can be used to diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index b17a22a34..257d24807 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -9,10 +9,164 @@ Remy Maucherat Yoav Shapira + Filip Hanik Changelog +

+ +

+ + + + 29727: If env-entry values in web.xml are changed then + ensure new values are applied when context is reloaded. (markt) + + + 34956: Ensure request and response objects passed to a + RequestDispatcher meet the requirements of SRV.8.2 and + SRV.14.2.5.1. This is disabled by default. The Java option + -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true + is required to enable this test. (markt) + + + 36274: When including static content with the + DefaultServlet also treat content types ending in xml as text. + (markt) + + + 39724: Removing the last valve from a pipeline did not + return the pipeline to the original state. Patch provided by + David Gagon. (markt) + + + 36976: Don't use CATALINA_OPTS when stopping Tomcat. This + allows options for starting and stopping to be set on JAVA_OPTS and + options for starting only to be set on CATALINA_OPTS. Without this + fix, some startup options (eg the port for remote JMX) would cause + stop to fail. Based on a fix suggested by Michael Vorburger. (markt) + + + 40528: Add missing message localisations as provided by + Ben Clifford. (markt) + + + 40625: Stop CGIServlet swallowing the root cause of an + exception. Patch provided by Takayoshi Kimura. (markt) + + + + + + + 34952: Clarify that the Windows Installer always installs + a Windows service. (markt) + + + 35968: Make environment entry properties input a text area. + Patch provided by Tristan Marly. (markt) + + + 40633: Remove references to the DefaultContext from the + documentation. (markt) + + + +

+ + +

+ + + + Fix logic error in UserDatbaseRealm.getprincipal() that caused user + roles assigned via groups to be ignored. (markt) + + + 40518: Use correct message when a RuntimeException is + thrown from the requestInitialized or requestDestroyed method of + a listener that implements ServletRequestListener. (markt) + + + + + + + 31804: Unnested tags within a tag file are now configured + with the Tag represented by the containing tag file as their parent + tag. (markt) + + + 33356: Tag attributes that contained $ followed by 1 or + more non-special characters and then a { character caused an + exception. (markt) + + + 33407: The string \$ in template text was reduced to $ + when the isELIgnored page directive was set to true. (markt) + + + 34509: Tag names may now use the full range of + characters permitted by xsd:nmtoken. (markt) + + + + + + + 34399: Disable undeploy for applications that have not + been deployed such as those defined in server.xml (markt) + + + +

+ + +

+ + + + Add multi attribute setting to jmx:set JMX remote ant task. + Patch contributed by Didier Donsez (pero) + + + + + + + 30762: Re-fix this bug that was re-introduced by the fix + to 37264. (markt) + + + 37588: Fix JNDI realm creation through JMX. Patch contributed by TerryZhou (fhanik) + + + 39704: The use of custom classloaders failed when the context + was specified in server.xml. Correction of the fault will require setting + the new loader attribute useSystemClassLoaderAsParent to false. (markt) + + + + + + + 40418: APR Endpoint socket evaluation (remm) + + + + + + + 31339: Admin app threw exceptions if a name other than Catalina + was configured for the Engine. Patch based on a suggestion from Amila + Suriarachchi. (markt) + + + +

@@ -1307,7 +1461,7 @@ 18477: Allow symbolic links when precompiling JSPs (markt) - 34727: Allow specifying the Option class used by the Jasper engine, + 34272: Allow specifying the Option class used by the Jasper engine, submitted by Scott Stark (remm) diff --git a/webapps/docs/class-loader-howto.xml b/webapps/docs/class-loader-howto.xml index e8252effc..0cbfa0bee 100644 --- a/webapps/docs/class-loader-howto.xml +++ b/webapps/docs/class-loader-howto.xml @@ -75,8 +75,8 @@ loaders as it is initialized:

$CATALINA_HOME/bin/bootstrap.jar - Contains the main() method that is used to initialize the Tomcat 6 server, and the class loader implementation classes it depends on.

$CATALINA_HOME/bin/commons-logging-api.jar - Jakarta commons - logging API.

$CATALINA_HOME/bin/tomcat-juli.jar - Package renamed Jakarta commons + logging API, and java.util.logging LogManager.

Common - This class loader contains additional classes that are made visible to both Tomcat internal classes and to all web diff --git a/webapps/docs/cluster-howto.xml b/webapps/docs/cluster-howto.xml index 5ba844094..3ae54b2b1 100644 --- a/webapps/docs/cluster-howto.xml +++ b/webapps/docs/cluster-howto.xml @@ -15,10 +15,13 @@ -

This document is pending an update to the latest implementation.
- You can also check the configuration reference documentation. +

This document is pending an update to the latest implementation.
+ You can also check the configuration reference documentation.

+ +

To run session replication in your Tomcat 5.5 container, the following steps should be completed:

diff --git a/webapps/docs/default-servlet.xml b/webapps/docs/default-servlet.xml index 84fbd24bd..536bdecdd 100644 --- a/webapps/docs/default-servlet.xml +++ b/webapps/docs/default-servlet.xml @@ -249,7 +249,7 @@ The following is a sample xsl file which mimics the default tomcat behavior: </table> <xsl:apply-templates select="readme"/> <hr size="1" /> - <h3>Apache Tomcat/5.0</h3> + <h3>Apache Tomcat/6.0</h3> </body> </html> </xsl:template> diff --git a/webapps/docs/deployer-howto.xml b/webapps/docs/deployer-howto.xml index 7933338e8..d0380ecd3 100644 --- a/webapps/docs/deployer-howto.xml +++ b/webapps/docs/deployer-howto.xml @@ -67,7 +67,7 @@ The TCD is not packaged with the Tomcat core distribution, and must therefore be downloaded separately from the Downloads area. The download is usually labelled - jakarta-tomcat-5.5.x-deployer. + apache-tomcat-6.0.x-deployer.

TCD has prerequisites of Apache Ant 1.6.2+ and a Java installation. diff --git a/webapps/docs/introduction.xml b/webapps/docs/introduction.xml index c8b022110..3c9b7bb7e 100644 --- a/webapps/docs/introduction.xml +++ b/webapps/docs/introduction.xml @@ -87,10 +87,10 @@ meaning that any change to the files necessitates a restart of the container. written and easy to understand, we may have missed something. Provided below are various web sites and mailing lists in case you get stuck.

As Tomcat 5 is a new release of Tomcat, keep in mind that some of the +

As Tomcat 6 is a new release of Tomcat, keep in mind that some of the issues and solutions vary between the major versions of Tomcat (4.x versus 5). As you search around the web, there will be some documentation that -is not relevant to Tomcat 5, but 3.x and 4.x. Doing 3.x or 4.x things to 5 +is not relevant to Tomcat 6, but 3.x, 4.x and 5.x. Doing 3.x or 4.x things to 6 will probably not work in most cases as the server.xml files are very different.

diff --git a/webapps/docs/jasper-howto.xml b/webapps/docs/jasper-howto.xml index 6826746fb..fb8a8a396 100644 --- a/webapps/docs/jasper-howto.xml +++ b/webapps/docs/jasper-howto.xml @@ -151,7 +151,7 @@ On fast servers, this will allow sub-second recompilation cycles for even large pages.

Apache Ant, which was used in previous Tomcat releases, can be used instead instead of -the new compiler by simply removing the common/lib/jasper-jdt.jar file, +the new compiler by simply removing the lib/jasper-jdt.jar file, and placing the ant.jar file from the latest Ant distribution in the lib folder. If you do this, you also need to use the "javac" argument to catalina.sh.

@@ -200,10 +200,7 @@ download) to precompile a webapp: <fileset dir="${tomcat.home}/bin"> <include name="*.jar"/> </fileset> - <fileset dir="${tomcat.home}/server/lib"> - <include name="*.jar"/> - </fileset> - <fileset dir="${tomcat.home}/common/lib"> + <fileset dir="${tomcat.home}/lib"> <include name="*.jar"/> </fileset> </classpath> @@ -232,14 +229,10 @@ download) to precompile a webapp: <fileset dir="${webapp.path}/WEB-INF/lib"> <include name="*.jar"/> </fileset> - <pathelement location="${tomcat.home}/common/classes"/> + <pathelement location="${tomcat.home}/lib"/> <fileset dir="${tomcat.home}/common/lib"> <include name="*.jar"/> </fileset> - <pathelement location="${tomcat.home}/shared/classes"/> - <fileset dir="${tomcat.home}/shared/lib"> - <include name="*.jar"/> - </fileset> <fileset dir="${tomcat.home}/bin"> <include name="*.jar"/> </fileset> @@ -323,7 +316,7 @@ Jikes to compile JSP pages:

From your Ant installation, copy ant.jar and (if it's available: Ant 1.5 and later) ant-launcher.jar to -$CATALINA_BASE/common/lib.

$CATALINA_BASE/lib

Download and install jikes. jikes must support the -encoding option. Execute jikes -help to verify that it was built with support for -encoding.
Jakarta-Commons Pool

These libraries are located in a single JAR at -$CATALINA_HOME/common/lib/naming-factory-dbcp.jar. However, +$CATALINA_HOME/lib/tomcat-dbcp.jar. However, only the classes needed for connection pooling have been included, and the packages have been renamed to avoid interfering with applications.

@@ -149,7 +149,7 @@ The default is false.

Before you proceed, don't forget to copy the JDBC Driver's jar into $CATALINA_HOME/common/lib.

Before you proceed, don't forget to copy the JDBC Driver's jar into $CATALINA_HOME/lib.

1. MySQL configuration

@@ -311,7 +311,7 @@ your hard work.

usual gotchas :-)

Drivers for older Oracle versions may be distributed as *.zip files rather than *.jar files. Tomcat will only use *.jar files installed in -$CATALINA_HOME/common/lib. Therefore classes111.zip +$CATALINA_HOME/lib. Therefore classes111.zip or classes12.zip will need to be renamed with a .jar extension. Since jarfiles are zipfiles, there is no need to unzip and jar these files - a simple rename will suffice.

@@ -373,7 +373,7 @@ Connection conn = ds.getConnection();

1. Required files

-Copy the Postgres JDBC jar to $CATALINA_HOME/common/lib. As with Oracle, the +Copy the Postgres JDBC jar to $CATALINA_HOME/lib. As with Oracle, the jars need to be in this directory in order for DBCP's Classloader to find them. This has to be done regardless of which configuration step you take next.

@@ -479,7 +479,7 @@ driver(Oracle8i 8.1.7.1 JDBC/OCI Driver) from o

After renaming classes12.zip file to classes12.jar -for Tomcat, copy it into $CATALINA_HOME/common/lib. +for Tomcat, copy it into $CATALINA_HOME/lib. You may also have to remove the javax.sql.* classes from this file depending upon the version of Tomcat and JDK you are using.

diff --git a/webapps/docs/jndi-resources-howto.xml b/webapps/docs/jndi-resources-howto.xml index 8c6308f3b..bbb21a7e3 100644 --- a/webapps/docs/jndi-resources-howto.xml +++ b/webapps/docs/jndi-resources-howto.xml @@ -17,7 +17,7 @@

Tomcat 5 provides a JNDI InitialContext implementation +

Tomcat 6 provides a JNDI InitialContext implementation instance for each web application running under it, in a manner that is compatible with those provided by a Java2 Enterprise Edition application @@ -28,14 +28,14 @@ the /WEB-INF/web.xml file to reference resources; resources referenced in these elements must be defined in an application-server-specific configuration.

For Tomcat 5, these entries in per-web-application +

For Tomcat 6, these entries in per-web-application InitialContext are configured in the <Context> elements that can be specified in either $CATALINA_HOME/conf/server.xml or, preferably, the per-web-application context XML file (either META-INF/context.xml).

Tomcat 5 maintains a separate namespace of global resources for the +

Tomcat 6 maintains a separate namespace of global resources for the entire server. These are configured in the <GlobalNameingResources> element of @@ -54,7 +54,7 @@ descriptor (/WEB-INF/web.xml) of your web application:

<resource-ref> - Resource reference, which is typically to an object factory for resources such as a JDBC DataSource, a JavaMail Session, or custom - object factories configured into Tomcat 5.

+ object factories configured into Tomcat 6.

<resource-env-ref> - Resource environment reference, a new variation of resource-ref added in Servlet 2.4 that is simpler to configure for resources @@ -152,7 +152,7 @@ include it in the per-web-application context.

Tomcat 5 includes a series of standard resource factories that can +

Tomcat 6 includes a series of standard resource factories that can provide services to your web applications, but give you configuration flexibility (in $CATALINA_HOME/conf/server.xml) without modifying the web application or the deployment descriptor. Each @@ -162,7 +162,7 @@ include it in the per-web-application context.

See Adding Custom Resource Factories for information about how to create, install, configure, and use your own custom resource factory classes with - Tomcat 5.

+ Tomcat 6.

NOTE - Of the standard resource factories, only the "JDBC Data Source" and "User Transaction" factories are mandated to @@ -300,7 +300,7 @@ writer.println("foo = " + bean.getFoo() + ", bar = " + configuration details that the client application must be aware of (including the name of the SMTP host to be used for message sending).

Tomcat 5 includes a standard resource factory that will create +

Tomcat 6 includes a standard resource factory that will create javax.mail.Session session instances for you, already connected to the SMTP server that is configured in server.xml. In this way, the application is totally insulated from changes in the @@ -397,11 +397,11 @@ Transport.send(message);

This download includes 2 vital libraries for the configuration; activation.jar and mail.jar. Unpackage both distributions and place - them into $CATALINA_HOME/common/lib so that they are available to + them into $CATALINA_HOME/lib so that they are available to Tomcat during the initialization of the mail Session Resource. Note: placing these jars in both common/lib and a web application's lib folder will cause an error, so ensure you have - them in the $CATALINA_HOME/common/lib location only. + them in the $CATALINA_HOME/lib location only.

Example Application

@@ -429,7 +429,7 @@ Transport.send(message); to support the functionality required by that application. The J2EE Platform Specification requires J2EE Application Servers to make available a DataSource implementation (that is, a connection - pool for JDBC connections) for this purpose. Tomcat 5 offers exactly + pool for JDBC connections) for this purpose. Tomcat 6 offers exactly the same support, so that database-based applications you develop on Tomcat using this service will run unchanged on any J2EE server.

@@ -462,7 +462,7 @@ Transport.send(message); that you make an appropriate JDBC driver available to both Tomcat internal classes and to your web application. This is most easily accomplished by installing the driver's JAR file(s) into the - $CATALINA_HOME/common/lib directory, which makes the driver + $CATALINA_HOME/lib directory, which makes the driver available both to the resource factory and to your application.

2. Declare Your Resource Requirements

@@ -577,7 +577,7 @@ conn.close();

If none of the standard resource factories meet your needs, you can - write your own factory and integrate it into Tomcat 5, and then configure + write your own factory and integrate it into Tomcat 6, and then configure the use of this factory in the conf/server.xml configuration file. In the example below, we will create a factory that only knows how to create com.mycompany.MyBean beans, from the @@ -674,11 +674,10 @@ public class MyBeanFactory implements ObjectFactory { Provider Interface (SPI) Specification.

You will need to compile this class against a class path that includes - all of the JAR files in the $CATALINA_HOME/common/lib and - $CATALINA_HOME/server/lib directories. When you are through, + all of the JAR files in the $CATALINA_HOME/lib directory. When you are through, place the factory class (and the corresponding bean class) unpacked under - $CATALINA_HOME/common/classes, or in a JAR file inside - $CATALINA_HOME/common/lib. In this way, the required class + $CATALINA_HOME/lib, or in a JAR file inside + $CATALINA_HOME/lib. In this way, the required class files are visible to both Catalina internal resources and your web application.

diff --git a/webapps/docs/proxy-howto.xml b/webapps/docs/proxy-howto.xml index 0def1c958..d3ee611c2 100644 --- a/webapps/docs/proxy-howto.xml +++ b/webapps/docs/proxy-howto.xml @@ -48,7 +48,7 @@ proxy configurations for several common cases.

Apache 1.3 supports an optional module (mod_proxy) that configures the web server to act as a proxy server. This can be used to -forward requests for a particular web application to a Tomcat 5 instance, +forward requests for a particular web application to a Tomcat 6 instance, without having to configure a web connector such as mod_jk. To accomplish this, you need to perform the following tasks:

Servlet Specification (Version 2.4)

For information about utilizing the Single Sign On feature of -Tomcat 5 (allowing a user to authenticate themselves once across the entire +Tomcat 6 (allowing a user to authenticate themselves once across the entire set of web applications associated with a virtual host), see here.

declare

org.apache.catalina.Realm

testUser:localhost:8080:testPassword

To use either of the above techniques, the -$CATALINA_HOME/server/lib/catalina.jar file will need to be -on your class path to make the RealmBase class available. In -addition, you will need the JMX jar and the commons-logging jar (either -commons-logging-api.jar or commons-logging.jar). Both of these are included -with the Tomcat distribution. +$CATALINA_HOME/lib/catalina.jar and +$CATALINA_HOME/bin/tomcat-juli.jar files will need to be +on your class path to make the RealmBase class available.

Non-ASCII usernames and/or passwords are supported using @@ -240,7 +238,7 @@ corrupted in the return, the digest will be invalid.

The example application shipped with Tomcat 5 includes an area that is +

The example application shipped with Tomcat 6 includes an area that is protected by a security constraint, utilizing form-based login. To access it, point your browser at http://localhost:8080/jsp-examples/security/protected/ @@ -253,7 +251,7 @@ and log on with one of the usernames and passwords described for the default

If you wish to use the Manager Application -to deploy and undeploy applications in a running Tomcat 5 installation, you +to deploy and undeploy applications in a running Tomcat 6 installation, you MUST add the "manager" role to at least one username in your selected Realm implementation. This is because the manager web application itself uses a security constraint that requires role "manager" to access ANY request URI @@ -285,7 +283,7 @@ Tomcat administrator specifically assigns this role to one or more users.

Introduction

JDBCRealm is an implementation of the Tomcat 5 +

JDBCRealm is an implementation of the Tomcat 6 Realm interface that looks up users in a relational database accessed via a JDBC driver. There is substantial configuration flexibility that lets you adapt to existing table and column names, as long as your @@ -325,13 +323,11 @@ database structure conforms to the following requirements:

at least read only access to the tables described above. (Tomcat will never attempt to write to these tables.)

Place a copy of the JDBC driver you will be using inside the - $CATALINA_HOME/server/lib directory (if you do not need it - visible to web applications) or $CATALINA_HOME/common/lib - (if it will be used both by Tomcat 5 and by your apps). + $CATALINA_HOME/lib directory. Note that only JAR files are recognized!

Set up a <Realm> element, as described below, in your $CATALINA_HOME/conf/server.xml file.

Restart Tomcat 5 if it is already running.

Restart Tomcat 6 if it is already running.

Realm Element Attributes

@@ -441,7 +437,7 @@ described above, and accessed with username "dbuser" and password "dbpass":

JDBCRealm operates according to the following rules:

When a user attempts to access a protected resource for the first time, - Tomcat 5 will call the authenticate() method of this + Tomcat 6 will call the authenticate() method of this Realm. Thus, any changes you have made to the database directly (new users, changed passwords or roles, etc.) will be immediately reflected.

Introduction

DataSourceRealm is an implementation of the Tomcat 5 +

DataSourceRealm is an implementation of the Tomcat 6 Realm interface that looks up users in a relational database accessed via a JNDI named JDBC DataSource. There is substantial configuration flexibility that lets you adapt to existing table and column names, as long @@ -509,7 +505,7 @@ as your database structure conforms to the following requirements:

Set up a <Realm> element, as described below, in your $CATALINA_HOME/conf/server.xml file.
Restart Tomcat 5 if it is already running.
Restart Tomcat 6 if it is already running.

Realm Element Attributes

DataSourceRealm operates according to the following rules:

When a user attempts to access a protected resource for the first time, - Tomcat 5 will call the authenticate() method of this + Tomcat 6 will call the authenticate() method of this Realm. Thus, any changes you have made to the database directly (new users, changed passwords or roles, etc.) will be immediately reflected.

Introduction

JNDIRealm is an implementation of the Tomcat 5 +

JNDIRealm is an implementation of the Tomcat 6 Realm interface that looks up users in an LDAP directory server accessed by a JNDI provider (typically, the standard LDAP provider that is available with the JNDI API classes). The realm @@ -815,12 +811,10 @@ the name of this attribute.

Place a copy of the JNDI driver you will be using (typically ldap.jar available with JNDI) inside the - $CATALINA_HOME/server/lib directory (if you do not need it - visible to web applications) or $CATALINA_HOME/common/lib - (if it will be used both by Tomcat 5 and by your apps).

$CATALINA_HOME/lib

Set up a <Realm> element, as described below, in your $CATALINA_HOME/conf/server.xml file.
Restart Tomcat 5 if it is already running.
Restart Tomcat 6 if it is already running.

Realm Element Attributes

JNDIRealm operates according to the following rules:

When a user attempts to access a protected resource for the first time, - Tomcat 5 will call the authenticate() method of this + Tomcat 6 will call the authenticate() method of this Realm. Thus, any changes you have made to the directory (new users, changed passwords or roles, etc.) will be immediately reflected.

Introduction

MemoryRealm is a simple demonstration implementation of the -Tomcat 5 Realm interface. It is not designed for production use. +Tomcat 6 Realm interface. It is not designed for production use. At startup time, MemoryRealm loads information about all users, and their corresponding roles, from an XML document (by default, this document is loaded from $CATALINA_HOME/conf/tomcat-users.xml). Changes to the data in this file are not recognized until Tomcat is restarted.

Example

The default installation of Tomcat 5 is configured with a MemoryRealm +

The default installation of Tomcat 6 is configured with a MemoryRealm nested inside the <Engine> element, so that it applies to all virtual hosts and web applications. The default contents of the conf/tomcat-users.xml file is:

not

When a user attempts to access a protected resource for the first time, - Tomcat 5 will call the authenticate() method of this + Tomcat 6 will call the authenticate() method of this Realm.
Once a user has been authenticated, the user (and his or her associated roles) are cached within Tomcat for the duration of the user's login. @@ -1322,7 +1316,7 @@ variable: JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config==$CATALI
Configure your security-constraints in your web.xml for the resources you want to protect


           Configure the JAASRealm module in your server.xml 
-          Restart Tomcat 5 if it is already running.
+          Restart Tomcat 6 if it is already running.
         
         Realm Element Attributes
         To configure JAASRealm as for step 6 above, you create
@@ -1395,7 +1389,7 @@ and restarting the server, without any code changes to your application.
         
Additional Notes
         
           When a user attempts to access a protected resource for
-              the first time, Tomcat 5 will call the authenticate()
+              the first time, Tomcat 6 will call the authenticate()
               method of this Realm.  Thus, any changes you have made in
               the security mechanism directly (new users, changed passwords or
               roles, etc.) will be immediately reflected.
diff --git a/webapps/docs/security-manager-howto.xml b/webapps/docs/security-manager-howto.xml
index d8eadec90..6447b5738 100644
--- a/webapps/docs/security-manager-howto.xml
+++ b/webapps/docs/security-manager-howto.xml
@@ -53,7 +53,7 @@
   by Tomcat will have.  There are a number of Permission classes that are
   a standard part of the JDK, and you can create your own Permission class
   for use in your own web applications.  Both techniques are used in
-  Tomcat 5.
+  Tomcat 6.
 
 
   
@@ -154,7 +154,7 @@ grant [signedBy <signer>,] [codeBase <code source>] {
   looks like this:
 
 // ============================================================================
-// catalina.corepolicy - Security Policy Permissions for Tomcat 5
+// catalina.corepolicy - Security Policy Permissions for Tomcat 6
 //
 // This file contains a default set of security policies to be enforced (by the
 // JVM) when Catalina is executed with the "-security" option.  In addition
@@ -163,7 +163,7 @@ grant [signedBy <signer>,] [codeBase <code source>] {
 //
 // * Read access to the document root directory
 //
-// $Id: security-manager-howto.xml 301460 2003-01-15 03:40:45Z glenn $
+// $Id: catalina.policy 393732 2006-04-13 06:32:25Z pero $
 // ============================================================================
 
 
@@ -195,8 +195,13 @@ grant codeBase "file:${java.home}/lib/ext/-" {
 // ========== CATALINA CODE PERMISSIONS =======================================
 
 
-// These permissions apply to the launcher code
-grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" {
+// These permissions apply to the daemon code
+grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the logging API
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
         permission java.security.AllPermission;
 };
 
@@ -207,17 +212,18 @@ grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
 
 // These permissions apply to the servlet API classes
 // and those that are shared across all class loaders
-// located in the "common" directory
-grant codeBase "file:${catalina.home}/common/-" {
+// located in the "lib" directory
+grant codeBase "file:${catalina.home}/lib/-" {
         permission java.security.AllPermission;
 };
 
-// These permissions apply to the container's core code, plus any additional
-// libraries installed in the "server" directory
-grant codeBase "file:${catalina.home}/server/-" {
-        permission java.security.AllPermission;
+// The permissions granted to the balancer WEB-INF/classes and WEB-INF/lib directory
+grant codeBase "file:${catalina.home}/webapps/balancer/-" {
+        permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.digester";
+        permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.digester.*";
 };
 
+
 // ========== WEB APPLICATION PERMISSIONS =====================================
 
 
@@ -225,25 +231,25 @@ grant codeBase "file:${catalina.home}/server/-" {
 // In addition, a web application will be given a read FilePermission
 // and JndiPermission for all files and directories in its document root.
 grant { 
-        // Required for JNDI lookup of named JDBC DataSource's and
-        // javamail named MimePart DataSource used to send mail
-        permission java.util.PropertyPermission "java.home", "read";
-        permission java.util.PropertyPermission "java.naming.*", "read";
-        permission java.util.PropertyPermission "javax.sql.*", "read";
-
-        // OS Specific properties to allow read access
-	permission java.util.PropertyPermission "os.name", "read";
-	permission java.util.PropertyPermission "os.version", "read";
-	permission java.util.PropertyPermission "os.arch", "read";
-	permission java.util.PropertyPermission "file.separator", "read";
-	permission java.util.PropertyPermission "path.separator", "read";
-	permission java.util.PropertyPermission "line.separator", "read";
-
-        // JVM properties to allow read access
-        permission java.util.PropertyPermission "java.version", "read";
-        permission java.util.PropertyPermission "java.vendor", "read";
-        permission java.util.PropertyPermission "java.vendor.url", "read";
-        permission java.util.PropertyPermission "java.class.version", "read";
+    // Required for JNDI lookup of named JDBC DataSource's and
+    // javamail named MimePart DataSource used to send mail
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.naming.*", "read";
+    permission java.util.PropertyPermission "javax.sql.*", "read";
+
+    // OS Specific properties to allow read access
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.version", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "line.separator", "read";
+
+    // JVM properties to allow read access
+    permission java.util.PropertyPermission "java.version", "read";
+    permission java.util.PropertyPermission "java.vendor", "read";
+    permission java.util.PropertyPermission "java.vendor.url", "read";
+    permission java.util.PropertyPermission "java.class.version", "read";
 	permission java.util.PropertyPermission "java.specification.version", "read";
 	permission java.util.PropertyPermission "java.specification.vendor", "read";
 	permission java.util.PropertyPermission "java.specification.name", "read";
@@ -255,14 +261,16 @@ grant {
 	permission java.util.PropertyPermission "java.vm.vendor", "read";
 	permission java.util.PropertyPermission "java.vm.name", "read";
 
-        // Required for getting BeanInfo
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.*";
-
-        // Required for OpenJMX
-        permission java.lang.RuntimePermission "getAttribute";
+    // Required for OpenJMX
+    permission java.lang.RuntimePermission "getAttribute";
 
 	// Allow read of JAXP compliant XML parser debug
 	permission java.util.PropertyPermission "jaxp.debug", "read";
+
+    // Precompiled JSPs need access to this package.
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
+    
 };
 
 
diff --git a/webapps/docs/setup.xml b/webapps/docs/setup.xml
index a833b7edd..51d9928c0 100644
--- a/webapps/docs/setup.xml
+++ b/webapps/docs/setup.xml
@@ -61,9 +61,6 @@
        Tomcat. It is important to note that the Tomcat administration web 
        application can only be used when Tomcat is running.
 
-    If using a J2SE 1.4 JRE, the compatibility package must be downloaded and
-       expanded inside the folder where Tomcat was installed.
-


 
   
@@ -88,6 +85,9 @@
     Please note that you should use the GNU make (gmake) instead of
        the native BSD make on FreeBSD systems.
 
+    Download a commons-daemon binary from the Jakarta Commons download page, 
+       and place jsvc.tar.gz and commons-daemon.jar in the 
+       $CATALINA_HOME/bin folder.
 
 
     cd $CATALINA_HOME/bin
@@ -104,7 +104,7 @@
 
 
     cd $CATALINA_HOME
-    ./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp ./bin/bootstrap.jar \
+    ./bin/jsvc -cp ./bin/bootstrap.jar \
         -outfile ./logs/catalina.out -errfile ./logs/catalina.err \
         org.apache.catalina.startup.Bootstrap
 
diff --git a/webapps/docs/ssi-howto.xml b/webapps/docs/ssi-howto.xml
index d60d74769..9f8ccf3d5 100644
--- a/webapps/docs/ssi-howto.xml
+++ b/webapps/docs/ssi-howto.xml
@@ -52,9 +52,6 @@ external to the Tomcat JVM. If you are using the Java SecurityManager this
 will bypass your security policy configuration in catalina.policy.
 
 
-Rename $CATALINA_BASE/server/lib/servlets-ssi.renametojar
-to $CATALINA_BASE/server/lib/servlets-ssi.jar.
-
 To use the SSI servlet, remove the XML comments from around the SSI servlet
 and servlet-mapping configuration in
 $CATALINA_BASE/conf/web.xml.
@@ -63,6 +60,9 @@ and servlet-mapping configuration in
 and filter-mapping configuration in
 $CATALINA_BASE/conf/web.xml.
 
+Only Contexts which are marked as privileged may use SSI features (see the
+privileged property of the Context element).
+
 
 
 
diff --git a/webapps/docs/ssl-howto.xml b/webapps/docs/ssl-howto.xml
index 188c06988..39d268494 100644
--- a/webapps/docs/ssl-howto.xml
+++ b/webapps/docs/ssl-howto.xml
@@ -22,15 +22,15 @@
 
     
     The description below uses the variable name $CATALINA_HOME
-    to refer to the directory into which you have installed Tomcat 5,
+    to refer to the directory into which you have installed Tomcat 6,
     and is the base directory against which most relative paths are
-    resolved.  However, if you have configured Tomcat 5 for multiple
+    resolved.  However, if you have configured Tomcat 6 for multiple
     instances by setting a CATALINA_BASE directory, you should use
     $CATALINA_BASE instead of $CATALINA_HOME for each of these
     references.
     
 
-To install and configure SSL support on Tomcat 5, you need to follow
+
To install and configure SSL support on Tomcat 6, you need to follow
 these simple steps.  For more information, read the rest of this HOW-TO.
 
 If you are running a 1.3 JVM, download JSSE 1.0.3 (or later) from
@@ -290,7 +290,7 @@ which contains further references for this issue.
 The final step is to configure your secure socket in the
 $CATALINA_HOME/conf/server.xml file, where
 $CATALINA_HOME represents the directory into which you
-installed Tomcat 5.  An example <Connector> element
+installed Tomcat 6.  An example <Connector> element
 for an SSL connector is included in the default server.xml
 file installed with Tomcat.  It will look something like this:
 
-- 
2.11.0