You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Paul McMahan (JIRA)" <ji...@apache.org> on 2007/10/22 17:19:50 UTC
[jira] Issue Comment Edited: (GERONIMO-3451) "Restricted listeners
property file not found" error logged during Tomcat server startup
[ https://issues.apache.org/jira/browse/GERONIMO-3451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536355 ]
pmcmahan edited comment on GERONIMO-3451 at 10/22/07 8:18 AM:
------------------------------------------------------------------
It's not clear to me that this error message is actually harmless. Tomcat uses RestrictedServlet.properties and RestrictedFilters.properties files as a sort of internalized/proprietary security mechanism to limit access to certain types of servlets and filters. The instance manager patch that is applied to Geronimo's build of tomcat (see GERONIMO-3010 and GERONIMO-3206) introduced a new type of security check in DefaultInstanceManager for restricted Listeners :
{code:title=DefaultInstanceManager.java|borderStyle=solid}
private void checkAccess(Class clazz)
{
if(privileged)
return;
if(clazz.isAssignableFrom(javax/servlet/Filter))
checkAccess(clazz, restrictedFilters);
else
if(clazz.isAssignableFrom(javax/servlet/Servlet))
checkAccess(clazz, restrictedServlets);
else
checkAccess(clazz, restrictedListeners);
}
{code}
However, that class also has a bug in the place where the RestrictedListeners.properties is read in, adding its contents to the restrictedFilters list instead of the restrictedListeners list :
{code:title=DefaultInstanceManager.java|borderStyle=solid}
java.io.InputStream is = getClass().getClassLoader().getResourceAsStream("org/apache/catalina/core/RestrictedListeners.properties");
if(is != null)
*restrictedFilters.load(is);* // <---- should be restrictedListeners.load(is)
else
catalinaContext.getLogger().error(sm.getString("defaultInstanceManager.restrictedListenersResources"));
{code}
So addressing this issue will involve :
# determine if the DefaultInstanceManager really needs to check for restricted listeners
# if so, determine which listeners should be restricted (what to put in the RestrictedListeners.properties)
# add RestrictedListeners.properties to Geronimo's catalina.jar
# fix the bug in DefaultInstanceManager mentioned above
was (Author: pmcmahan):
It's not clear to me that this error message is actually harmless. Tomcat uses RestrictedServlet.properties and RestrictedFilters.properties files as a sort of internalized/proprietary security mechanism to limit access to certain types of servlets and filters. The instance manager patch that is applied to Geronimo's build of tomcat (see GERONIMO-3010 and GERONIMO-3206) introduced a new type of security check in DefaultInstanceManager for restricted Listeners :
{{
private void checkAccess(Class clazz)
{
if(privileged)
return;
if(clazz.isAssignableFrom(javax/servlet/Filter))
checkAccess(clazz, restrictedFilters);
else
if(clazz.isAssignableFrom(javax/servlet/Servlet))
checkAccess(clazz, restrictedServlets);
else
checkAccess(clazz, restrictedListeners);
}
}}
However, that class also has a bug in the place where the RestrictedListeners.properties is read in, adding its contents to the restrictedFilters list instead of the restrictedListeners list.
{{
java.io.InputStream is = getClass().getClassLoader().getResourceAsStream("org/apache/catalina/core/RestrictedListeners.properties");
if(is != null)
*restrictedFilters.load(is);*
else
catalinaContext.getLogger().error(sm.getString("defaultInstanceManager.restrictedListenersResources"));
}}
So addressing this issue will involve :
# determine if the DefaultInstanceManager really needs to check for restricted listeners
# if so, determine which listeners should be restricted (what to put in the RestrictedListeners.properties)
# add RestrictedListeners.properties to Geronimo's catalina.jar
# fix the bug in DefaultInstanceManager mentioned above
> "Restricted listeners property file not found" error logged during Tomcat server startup
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-3451
> URL: https://issues.apache.org/jira/browse/GERONIMO-3451
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.0, 2.0.x
> Reporter: Kevan Miller
> Fix For: 2.0.x
>
>
> During Tomcat server startup, the following log error is displayed on the console:
> 12:57:32,559 ERROR [[/]] "Restricted listeners property file not found
> Althgough the log message can be ignored, users assume that something is broken...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.