geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul McMahan (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-3451) "Restricted listeners property file not found" error logged during Tomcat server startup
Date Fri, 19 Oct 2007 21:58:50 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-3451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536355
] 

Paul McMahan commented on GERONIMO-3451:
----------------------------------------

It's not clear to me that this error message is actually harmless.  Tomcat uses RestrictedServlet.properties
and RestrictedFilters.properties files as a sort of internalized/proprietary security mechanism
to limit access to certain types of servlets and filters.  The instance manager patch that
is applied to Geronimo's build of tomcat (see GERONIMO-3010 and GERONIMO-3206) introduced
a new type of security check in DefaultInstanceManager for restricted Listeners :
{{
    private void checkAccess(Class clazz)
    {
        if(privileged)
            return;
        if(clazz.isAssignableFrom(javax/servlet/Filter))
            checkAccess(clazz, restrictedFilters);
        else
        if(clazz.isAssignableFrom(javax/servlet/Servlet))
            checkAccess(clazz, restrictedServlets);
        else
            checkAccess(clazz, restrictedListeners);
    }
}}

However, that class also has a bug in the place where the RestrictedListeners.properties is
read in,  adding its contents to the restrictedFilters list instead of the restrictedListeners
list.
{{
            java.io.InputStream is = getClass().getClassLoader().getResourceAsStream("org/apache/catalina/core/RestrictedListeners.properties");
            if(is != null)
                *restrictedFilters.load(is);*
            else
                catalinaContext.getLogger().error(sm.getString("defaultInstanceManager.restrictedListenersResources"));
}}

So addressing this issue will involve :
# determine if the DefaultInstanceManager really needs to check for restricted listeners
# if so, determine which listeners should be restricted (what to put in the RestrictedListeners.properties)
# add RestrictedListeners.properties to Geronimo's catalina.jar
# fix the bug in DefaultInstanceManager mentioned above

> "Restricted listeners property file not found" error logged during Tomcat server startup
> ----------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-3451
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3451
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 2.0, 2.0.x
>            Reporter: Kevan Miller
>             Fix For: 2.0.x
>
>
> During Tomcat server startup, the following log error is displayed on the console:
> 12:57:32,559 ERROR [[/]] "Restricted listeners property file not found
> Althgough the log message can be ignored, users assume that something is broken...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message