tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Coty Sutherland <csuth...@redhat.com>
Subject Re: Problem configuring a resource link after Fixed CVE-2016-6797
Date Thu, 22 Dec 2016 20:09:33 GMT
> It's possible that there was an imperfect patch released by Debian.

Yep, they're missing r1763236 in wheezy; it was added to Jessie on
12/8 (commit 49e4e30b8c12ffc28378075545f413b725ad5cd9). Please notify
your maintainer to have it fixed :)

On Thu, Dec 22, 2016 at 1:48 PM, Christopher Schultz
<chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Per,
>
> On 12/22/16 11:45 AM, Per Newgro wrote:
>> no we don't see the same problems with a 7.0.64 installation. But
>> what can we do with our debian version. I think it shall be
>> possible to configure the datasource somehow.
>
> It's possible that there was an imperfect patch released by Debian.
>
> I don't believe I've heard anyone else complain yet, but that may just
> be dumb luck.
>
> - -chris
>
>> On 16 December 2016 09:12:24 GMT+00:00, Per Newgro
>> <per.newgro@gmx.ch> wrote:
>>>> Hello,
>>>>
>>>> i've just updated my debian server with a update for tomcat
>>>> 7.0.28-4+deb7u6 to 7.0.28-4+deb7u7.
>>> Do you see the same problem with the latest 7.0.x obtained
>>> directly from the ASF?
>>>
>>> Mark
>>>
>>>
>>>> In the release notes
>>>> (https://packages.qa.debian.org/t/tomcat7/news/20161201T223017Z.html
> )
>>>> i found
>>>>
>>>>> * Fixed CVE-2016-6797: The ResourceLinkFactory did not limit
>>>>> web
>>>> application
>>>>> access to global JNDI resources to those resources
>>>>> explicitly
>>>> linked to the
>>>>> web application. Therefore, it was possible for a web
>>>>> application
>>>> to access
>>>>> any global JNDI resource whether an explicit ResourceLink
>>>>> had
>>>> been
>>>>> configured or not.
>>>> I configured the the resource and resource link as described in
>>>> the tomcat-howtos. So far it worked. But after the update my
>>>> webapp can not determine the appropriate datasource.
>>>>
>>>> I couldn't find any advice in the web how to configure the
>>>> resource accordingly. Can someone please give me an advice how
>>>> to solve this. Thanks Per
>>>>
>>>> <pre> conf/server.xml <Server...> <!-- Global JNDI resources
>>>> Documentation at /docs/jndi-resources-howto.html -->
>>>> <GlobalNamingResources> <!-- Editable user database that can
>>>> also be used by UserDatabaseRealm to authenticate users -->
>>>> <Resource name="UserDatabase" auth="Container"
>>>> type="org.apache.catalina.UserDatabase" description="User
>>>> database that can be updated and saved"
>>>> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>>>> pathname="conf/tomcat-users.xml" />
>>>>
>>>> <Resource name="jdbc/foo" auth="Container"
>>>> type="javax.sql.DataSource" description="Foo Datasource"
>>>> username="foo" password="bar"
>>>> url="jdbc:sqlserver://11.211.255.3;databaseName=FOO;"
>>>> driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
>>>> intitalSize="5" maxWait="5000" maxActive="120" maxIdle="5"
>>>> validationQuery="select 1" poolPrepareStatements="true" />
>>>> </GlobalNamingResources> </Server>
>>>>
>>>>
>>>> webapps/foo/META-INF/context.xml <Context> <!-- If the
>>>> application has to run on tomcat this context can be used to
>>>> include files outside of the war in the classpath. So these
>>>> files can be configured with a custom war deployment. All
>>>> required resources of the src/test/resources folder have to be
>>>> copied to that folder.
>>>>
>>>> --> <Loader
>>>> className="org.apache.catalina.loader.VirtualWebappLoader"
>>>> virtualClasspath="${catalina.base}/conf/application/foo" />
>>>>
>>>> <ResourceLink name="jdbc/foo" global="jdbc/foo"
>>>> type="javax.sql.DataSource"/> </Context>
>>>>
>>>> webapps/foo/WEB-INF/web.xml
>>>>
>>>> <resource-ref> <description>DB Connection</description>
>>>> <res-ref-name>jdbc/foo</res-ref-name>
>>>> <res-type>javax.sql.DataSource</res-type> <!-- was: Application
>>>> --> <res-auth>Container</res-auth> </resource-ref>
>>>>
>>>> Spring configuration public @Bean(destroyMethod="") DataSource
>>>> applicationDb( @Value("${database.driver}") String
>>>> driverClassName, @Value("${database.url}") String url,
>>>> @Value("${database.username}") String username,
>>>> @Value("${database.password}") String password) throws
>>>> NamingException { InitialContext ctx = new InitialContext();
>>>> DataSource ds = (DataSource)
>>>> ctx.lookup("java:comp/env/jdbc/foo"); // this logs a
>>>> BasicDataSource instance LOG.debug("Datasource=" + ds); return
>>>> ds == null ? devDataSource(driverClassName, url, username,
>>>> password) : ds; }
>>>>
>>>> Exception stack at
>>>> org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean.c
> reateNativeEntityManagerFactory(LocalContainerEntityManagerFactoryBean.j
> ava:343)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.afterPr
> opertiesSet(AbstractEntityManagerFactoryBean.java:318)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBea
> nFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBea
> nFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
>>>>
>>>>
>>>>
> ... 40 more
>>>> Dez 16, 2016 10:08:06 AM
>>>> org.apache.catalina.core.StandardContext listenerStart
>>>> SCHWERWIEGEND: Exception sending context initialized event to
>>>> listener instance of class
>>>> org.springframework.web.context.ContextLoaderListener
>>>> org.springframework.beans.factory.BeanCreationException: Error
>>>> creating bean with name 'supportedLocaleDao': Injection of
>>>> persistence dependencies failed; nested exception is
>>>> org.springframework.beans.factory.BeanCr eationException: Error
>>>> creating bean with name 'applicationEntityManagerFactory'
>>>> defined in class de.itcompany.config.AppctxJeeHb: Invocation of
>>>> init method failed; nested exception is
>>>> org.hibernate.HibernateExcepti on: Unable to determine
>>>> appropriate DataSource to use at
>>>> org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostPro
> cessor.postProcessPropertyValues(PersistenceAnnotationBeanPostProcessor.
> java:357)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBea
> nFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1214)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBea
> nFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBea
> nFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getO
> bject(AbstractBeanFactory.java:306)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.DefaultSingletonBeanRegist
> ry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory.doGetB
> ean(AbstractBeanFactory.java:302)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBea
> n(AbstractBeanFactory.java:197)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.DefaultListableBeanFactory
> .preInstantiateSingletons(DefaultListableBeanFactory.java:772)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.context.support.AbstractApplicationContext.finis
> hBeanFactoryInitialization(AbstractApplicationContext.java:839)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.context.support.AbstractApplicationContext.refre
> sh(AbstractApplicationContext.java:538)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.web.context.ContextLoader.configureAndRefreshWeb
> ApplicationContext(ContextLoader.java:446)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.web.context.ContextLoader.initWebApplicationCont
> ext(ContextLoader.java:328)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.web.context.ContextLoaderListener.contextInitial
> ized(ContextLoaderListener.java:107)
>>>>
>>>>
>>>>
> at
>>>> org.apache.catalina.core.StandardContext.listenerStart(StandardConte
> xt.java:4827)
>>>>
>>>>
>>>>
> at
>>>> org.apache.catalina.core.StandardContext.startInternal(StandardConte
> xt.java:5321)
>>>>
>>>>
>>>>
> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
>>>> at
>>>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBas
> e.java:899)
>>>>
>>>>
>>>>
> at
>>>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:8
> 75)
>>>>
>>>>
> at
>>>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:618
> )
>>>>
>>>>
> at
>>>> org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:963
> )
>>>>
>>>>
> at
>>>> org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java
> :1600)
>>>>
>>>>
>>>>
> at
>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:5
> 11)
>>>>
>>>>
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>>> at
>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor
> .java:1142)
>>>>
>>>>
>>>>
> at
>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecuto
> r.java:617)
>>>>
>>>>
>>>>
> at java.lang.Thread.run(Thread.java:745)
>>>> Caused by:
>>>> org.springframework.beans.factory.BeanCreationException: Error
>>>> creating bean with name 'applicationEntityManagerFactory'
>>>> defined in class de.itcompany.config.AppctxJeeHb: Invocation of
>>>> init method failed; nested exception is
>>>> org.hibernate.HibernateException: Unable to determine
>>>> appropriate DataSource to use at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBea
> nFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBea
> nFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBea
> nFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getO
> bject(AbstractBeanFactory.java:306)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.DefaultSingletonBeanRegist
> ry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory.doGetB
> ean(AbstractBeanFactory.java:302)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBea
> n(AbstractBeanFactory.java:197)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.orm.jpa.EntityManagerFactoryUtils.findEntityMana
> gerFactory(EntityManagerFactoryUtils.java:130)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostPro
> cessor.findNamedEntityManagerFactory(PersistenceAnnotationBeanPostProces
> sor.java:556)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostPro
> cessor.findEntityManagerFactory(PersistenceAnnotationBeanPostProcessor.j
> ava:538)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostPro
> cessor$PersistenceElement.resolveEntityManager(PersistenceAnnotationBean
> PostProcessor.java:707)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostPro
> cessor$PersistenceElement.getResourceToInject(PersistenceAnnotationBeanP
> ostProcessor.java:680)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.annotation.InjectionMetadata$Injec
> tedElement.inject(InjectionMetadata.java:169)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.annotation.InjectionMetadata.injec
> t(InjectionMetadata.java:88)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostPro
> cessor.postProcessPropertyValues(PersistenceAnnotationBeanPostProcessor.
> java:354)
>>>>
>>>>
>>>>
> ... 26 more
>>>> Caused by: org.hibernate.HibernateException: Unable to
>>>> determine appropriate DataSource to use at
>>>> org.hibernate.engine.jdbc.connections.internal.DatasourceConnectionP
> roviderImpl.configure(DatasourceConnectionProviderImpl.java:119)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.boot.registry.internal.StandardServiceRegistryImpl.con
> figureService(StandardServiceRegistryImpl.java:111)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.service.internal.AbstractServiceRegistryImpl.initializ
> eService(AbstractServiceRegistryImpl.java:234)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.service.internal.AbstractServiceRegistryImpl.getServic
> e(AbstractServiceRegistryImpl.java:206)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.engine.jdbc.internal.JdbcServicesImpl.buildJdbcConnect
> ionAccess(JdbcServicesImpl.java:260)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.engine.jdbc.internal.JdbcServicesImpl.configure(JdbcSe
> rvicesImpl.java:94)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.boot.registry.internal.StandardServiceRegistryImpl.con
> figureService(StandardServiceRegistryImpl.java:111)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.service.internal.AbstractServiceRegistryImpl.initializ
> eService(AbstractServiceRegistryImpl.java:234)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.service.internal.AbstractServiceRegistryImpl.getServic
> e(AbstractServiceRegistryImpl.java:206)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.cfg.Configuration.buildTypeRegistrations(Configuration
> .java:1887)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.ja
> va:1845)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl$4.pe
> rform(EntityManagerFactoryBuilderImpl.java:857)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl$4.pe
> rform(EntityManagerFactoryBuilderImpl.java:850)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.boot.registry.classloading.internal.ClassLoaderService
> Impl.withTccl(ClassLoaderServiceImpl.java:425)
>>>>
>>>>
>>>>
> at
>>>> org.hibernate.jpa.boot.internal.EntityManagerFactoryBuilderImpl.buil
> d(EntityManagerFactoryBuilderImpl.java:849)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.orm.jpa.vendor.SpringHibernateJpaPersistenceProv
> ider.createContainerEntityManagerFactory(SpringHibernateJpaPersistencePr
> ovider.java:60)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean.c
> reateNativeEntityManagerFactory(LocalContainerEntityManagerFactoryBean.j
> ava:343)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.orm.jpa.AbstractEntityManagerFactoryBean.afterPr
> opertiesSet(AbstractEntityManagerFactoryBean.java:318)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBea
> nFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637)
>>>>
>>>>
>>>>
> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBea
> nFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
>>>>
>>>>
>>>>
> ... 40 more
>>>>
>>>> </pre>
>>>>
>>>> --------------------------------------------------------------------
> - -
>>>>
>>>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>> ---------------------------------------------------------------------
>>>
>>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>>
>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYXCAVAAoJEBzwKT+lPKRY2SoP/3Uy2b/VfLPr+pvmFsDqMmXt
> a86P2Xdg2t+qtjEIjpL5luIac4YvkxdLGTvV92ZmAo36VzTYbdIxMsOB1EtSa3Fy
> K5LFE3QPYdmVKiFcPh6cZadndzg0vjOg4ShCze8Z2b5OM96ky0KuUxoQyYTQUTrb
> P9H2dvzTk7hGmtNL/h8CyttBTgYZNdJP1wLJCZzItjMFQBQrUYss+Czb3qQqvgsL
> EeQgo57B5+sw1gidHMtwgO64uFYt2nekD4OxD1vLzWPTELBkHzOtmuR+iu1So7KY
> kXdIIQQeHrbRKOmdFWbibxtFXubnqOMCVpIwLAHIH5OeaRLgciUKLAsX+RUM0gka
> Z0O11bIaWyUicWJ1wXqeZKyqt2DejjZZfKdJzAHK3eeK3RBn0C966ANuxYw3I3Zv
> IDN9b6Q3fSuWa0BWHFYuZYxYqjFvpEwCBrhA1p6XBJcpycbYL9wacMF/9EGMj9uv
> fy7InbS2KEvXUnP3dqoHIQMUPpMXVuf4GWKexN0Q0kyEfKS4OZsLPsMIduN1RTDq
> JWpS4GRfrhaabwZDS1iILsIBUcNbKX0dE1og478xgpzZ2nQZy/37T6wvwhdssST0
> iCnzNNvbqduMmCiDYMMTpwYXdVp+YrfTDt97ab818N8BVDoBFBfVg7P0pDh62MEx
> 09j7l84otjldK9wMbonJ
> =mxOI
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message