Running
Tomcat
setenv.[sh|bat]
Set the following system properties
- -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
- -Dorg.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false
- -Duser.language=en
- -Duser.country=US
context.xml
Make the following changes:
<Context crossContext="true" resourceOnlyServlets="jsp">
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" alwaysAddExpires="true" forwardSlashIsSeparator="false" />
...
</Context>
tomcat-users.xml
Make the following changes:
<user username="CN=CTS, OU=Java Software, O=Sun Microsystems Inc., L=Burlington, ST=MA, C=US" roles="Administrator"/>
<user username="j2ee" password="j2ee" roles="Administrator,Employee" />
<user username="javajoe" password="javajoe" roles="VP,Manager" />
server.xml
Enable h2c on port 8080, and add some trailer headers
<Connector ... allowedTrailerHeaders="myTrailer, myTrailer2">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
</Connector>
Enable TLS on port 8443
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true">
<SSLHostConfig truststoreFile="conf/cacerts.jks">
<Certificate certificateKeystoreFile="conf/clientcert.jks"
certificateKeystorePassword="changeit"
type="RSA" />
</SSLHostConfig>
</Connector>
Remove the lock-out realm
Client certificate tests: see below
Test Suite
Download latest nightly build
https://download.eclipse.org/ee4j/jakartaee-tck/8.0.1/nightly/servlettck-4.0_latest.zip
Extract to SERVLET_TCK_HOME
Import bin/cts_cert to a truststore doing: "keytool -import -alias cts -file cts_cert -storetype JKS -keystore cacerts.jks" password should be "changeit"
Create the truststore using "keytool -import -alias cts -file cts_cert -storetype JKS -keystore cacerts.jks" password should be "changeit"
Place cacerts.jks truststore in $SERVLET_TCK_HOME/bin/certificates
Add $SERVLET_TCK_HOME/bin/certificates/cacerts.jks and $SERVLET_TCK_HOME/bin/certificates/clientcert.jks in the Tomcat conf folder
Edit $SERVLET_TCK_HOME/bin/ts.jte
You'll need to set the following properties (adjust the paths and values for your environment)
web.home=/path/to/tomcat
servlet.classes=${web.home}/lib/servlet-api.jar:${web.home}/lib/annotations-api.jarwebServerHost=localhost
webServerPort=8080
securedWebServicePort=8443
command.testExecute += -Djava.endorsed.dirs=${ts.home}/endorsedlib -Djavax.net.ssl.trustStore=${ts.home}/bin/certificates/cacerts.jksset JAVA_HOME
cd $SERVLET_TCK_HOME/bin
ant gui
Accept the defaults and then run the tests
Expected results
A default 9.0.x build with the above configuration triggers 10 test failures
2 Expected failures
- 1 x signature test as Tomcat has added a missing \@Deprecated annotation
- 1 x default context path test as Tomcat configuration always overrides this
6 TCK bugs
- 1 x case sensitive HTTP header checks
- 5 * com/sun/ts/tests/servlet/spec/security/denyUncovered/* use URLs which don't match the WAR name; it needs to be renamed from servlet_sec_denyUncovered_web.war to servlet_sec_denyUncovered.war (there is a proprietary descriptor to rectify the mapping on deployment for Glassfish, but it is not portable)
2 TBD
- 2 * com/sun/ts/tests/servlet/spec/security/secbasic/client.java#test7[_anno]
- Assertion is explained in the common class: https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/common/jspservletsec/SecBasicClient.java#L340
- I am not aware of this special behavior being mentioned anywhere
Note the configuration above also works around 3 additional TCK bugs
- 2 x cookie tests assume server is running in en_US locale (fixed by setenv.sh changes that start Tomcat in that locale)
- 1 x missing endorsedLib configuration (fixed by command.testExecute change above)
1 Tomcat bug has also been fixed as a result of running the TCK
- 1 x Enable a PushBuilder to manipluate cookies via HTTP headers