You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2012/05/29 00:03:50 UTC

svn commit: r1343405 - in /tomcat/tc6.0.x/trunk: ./ webapps/docs/ webapps/host-manager/ webapps/host-manager/WEB-INF/ webapps/host-manager/WEB-INF/jsp/ webapps/manager/ webapps/manager/WEB-INF/ webapps/manager/WEB-INF/jsp/

Author: kkolinko
Date: Mon May 28 22:03:49 2012
New Revision: 1343405

URL: http://svn.apache.org/viewvc?rev=1343405&view=rev
Log:
Part 2 of fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=52983
Prevent the custom error pages for the Manager and Host Manager
applications from being accessed directly.
It is backport of r1084109

CTR: There was an error in host-manager's web.xml that 401.jsp and 403.jsp were not configured in it.
It is r826294 in trunk and should have been ported to 6.0 in r1030547.
I added <error-page> configuration for those files.

Added:
    tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/jsp/
    tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/jsp/401.jsp
      - copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/host-manager/401.jsp
    tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/jsp/403.jsp
      - copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/host-manager/403.jsp
    tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/401.jsp
      - copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/manager/401.jsp
    tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/403.jsp
      - copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/manager/403.jsp
Removed:
    tomcat/tc6.0.x/trunk/webapps/host-manager/401.jsp
    tomcat/tc6.0.x/trunk/webapps/host-manager/403.jsp
    tomcat/tc6.0.x/trunk/webapps/manager/401.jsp
    tomcat/tc6.0.x/trunk/webapps/manager/403.jsp
Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml
    tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1343405&r1=1343404&r2=1343405&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon May 28 22:03:49 2012
@@ -157,15 +157,6 @@ PATCHES PROPOSED TO BACKPORT:
   +1: kkolinko
   -1:
 
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52983
-  Remove unnecessary code that makes switching to other authentication methods
-  difficult. Also prevent the custom error pages for the Manager and Host
-  Manager applications from being accessed directly.
-  http://svn.apache.org/viewvc?view=revision&revision=1084103
-  http://svn.apache.org/viewvc?view=revision&revision=1084109
-  +1: markt, kkolinko, kfujino
-  -1:
-
 * Fix several trivial HTML markup errors in example servlets
   e.g. duplicate <body> tag preceding <head> and <tr> following </table>
   http://people.apache.org/~kkolinko/patches/2012-05-13_tc6_sampleservlets.patch

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1343405&r1=1343404&r2=1343405&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon May 28 22:03:49 2012
@@ -193,6 +193,12 @@
         uses DataSource.getConnection(username, password) method. Not all
         data source implementations support it. (kkolinko)
       </update>
+      <fix>
+        Prevent the custom error pages for the Manager and Host Manager
+        applications from being accessed directly. Configure custom
+        pages for error codes 401 and 403 in Host Manager application.
+        (markt/kkolinko)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">

Modified: tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml?rev=1343405&r1=1343404&r2=1343405&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml Mon May 28 22:03:49 2012
@@ -151,4 +151,13 @@
     <role-name>admin</role-name>
   </security-role>
 
+  <error-page>
+    <error-code>401</error-code>
+    <location>/WEB-INF/jsp/401.jsp</location>
+  </error-page>
+  <error-page>
+    <error-code>403</error-code>
+    <location>/WEB-INF/jsp/403.jsp</location>
+  </error-page>
+
 </web-app>

Modified: tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml?rev=1343405&r1=1343404&r2=1343405&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml Mon May 28 22:03:49 2012
@@ -286,11 +286,11 @@
 
   <error-page>
     <error-code>401</error-code>
-    <location>/401.jsp</location>
+    <location>/WEB-INF/jsp/401.jsp</location>
   </error-page>
   <error-page>
     <error-code>403</error-code>
-    <location>/403.jsp</location>
+    <location>/WEB-INF/jsp/403.jsp</location>
   </error-page>
 
 </web-app>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org