You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2012/05/29 00:03:50 UTC
svn commit: r1343405 - in /tomcat/tc6.0.x/trunk: ./ webapps/docs/
webapps/host-manager/ webapps/host-manager/WEB-INF/
webapps/host-manager/WEB-INF/jsp/ webapps/manager/ webapps/manager/WEB-INF/
webapps/manager/WEB-INF/jsp/
Author: kkolinko
Date: Mon May 28 22:03:49 2012
New Revision: 1343405
URL: http://svn.apache.org/viewvc?rev=1343405&view=rev
Log:
Part 2 of fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=52983
Prevent the custom error pages for the Manager and Host Manager
applications from being accessed directly.
It is backport of r1084109
CTR: There was an error in host-manager's web.xml that 401.jsp and 403.jsp were not configured in it.
It is r826294 in trunk and should have been ported to 6.0 in r1030547.
I added <error-page> configuration for those files.
Added:
tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/jsp/
tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/jsp/401.jsp
- copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/host-manager/401.jsp
tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/jsp/403.jsp
- copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/host-manager/403.jsp
tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/401.jsp
- copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/manager/401.jsp
tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/403.jsp
- copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/manager/403.jsp
Removed:
tomcat/tc6.0.x/trunk/webapps/host-manager/401.jsp
tomcat/tc6.0.x/trunk/webapps/host-manager/403.jsp
tomcat/tc6.0.x/trunk/webapps/manager/401.jsp
tomcat/tc6.0.x/trunk/webapps/manager/403.jsp
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml
tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1343405&r1=1343404&r2=1343405&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon May 28 22:03:49 2012
@@ -157,15 +157,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: kkolinko
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52983
- Remove unnecessary code that makes switching to other authentication methods
- difficult. Also prevent the custom error pages for the Manager and Host
- Manager applications from being accessed directly.
- http://svn.apache.org/viewvc?view=revision&revision=1084103
- http://svn.apache.org/viewvc?view=revision&revision=1084109
- +1: markt, kkolinko, kfujino
- -1:
-
* Fix several trivial HTML markup errors in example servlets
e.g. duplicate <body> tag preceding <head> and <tr> following </table>
http://people.apache.org/~kkolinko/patches/2012-05-13_tc6_sampleservlets.patch
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1343405&r1=1343404&r2=1343405&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon May 28 22:03:49 2012
@@ -193,6 +193,12 @@
uses DataSource.getConnection(username, password) method. Not all
data source implementations support it. (kkolinko)
</update>
+ <fix>
+ Prevent the custom error pages for the Manager and Host Manager
+ applications from being accessed directly. Configure custom
+ pages for error codes 401 and 403 in Host Manager application.
+ (markt/kkolinko)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
Modified: tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml?rev=1343405&r1=1343404&r2=1343405&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml Mon May 28 22:03:49 2012
@@ -151,4 +151,13 @@
<role-name>admin</role-name>
</security-role>
+ <error-page>
+ <error-code>401</error-code>
+ <location>/WEB-INF/jsp/401.jsp</location>
+ </error-page>
+ <error-page>
+ <error-code>403</error-code>
+ <location>/WEB-INF/jsp/403.jsp</location>
+ </error-page>
+
</web-app>
Modified: tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml?rev=1343405&r1=1343404&r2=1343405&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml Mon May 28 22:03:49 2012
@@ -286,11 +286,11 @@
<error-page>
<error-code>401</error-code>
- <location>/401.jsp</location>
+ <location>/WEB-INF/jsp/401.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
- <location>/403.jsp</location>
+ <location>/WEB-INF/jsp/403.jsp</location>
</error-page>
</web-app>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org