[jira] Commented: (GERONIMO-3451) "Restricted listeners property file not found" error logged during Tomcat server startup

Fri, 19 Oct 2007 14:59:12 -0700 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-3451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536355
 ] 

Paul McMahan commented on GERONIMO-3451:
----------------------------------------

It's not clear to me that this error message is actually harmless.  Tomcat uses 
RestrictedServlet.properties and RestrictedFilters.properties files as a sort 
of internalized/proprietary security mechanism to limit access to certain types 
of servlets and filters.  The instance manager patch that is applied to 
Geronimo's build of tomcat (see GERONIMO-3010 and GERONIMO-3206) introduced a 
new type of security check in DefaultInstanceManager for restricted Listeners :
{{
    private void checkAccess(Class clazz)
    {
        if(privileged)
            return;
        if(clazz.isAssignableFrom(javax/servlet/Filter))
            checkAccess(clazz, restrictedFilters);
        else
        if(clazz.isAssignableFrom(javax/servlet/Servlet))
            checkAccess(clazz, restrictedServlets);
        else
            checkAccess(clazz, restrictedListeners);
    }
}}

However, that class also has a bug in the place where the 
RestrictedListeners.properties is read in,  adding its contents to the 
restrictedFilters list instead of the restrictedListeners list.
{{
            java.io.InputStream is = 
getClass().getClassLoader().getResourceAsStream("org/apache/catalina/core/RestrictedListeners.properties");
            if(is != null)
                *restrictedFilters.load(is);*
            else
                
catalinaContext.getLogger().error(sm.getString("defaultInstanceManager.restrictedListenersResources"));
}}

So addressing this issue will involve :
# determine if the DefaultInstanceManager really needs to check for restricted 
listeners
# if so, determine which listeners should be restricted (what to put in the 
RestrictedListeners.properties)
# add RestrictedListeners.properties to Geronimo's catalina.jar
# fix the bug in DefaultInstanceManager mentioned above

> "Restricted listeners property file not found" error logged during Tomcat 
> server startup
> ----------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-3451
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3451
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 2.0, 2.0.x
>            Reporter: Kevan Miller
>             Fix For: 2.0.x
>
>
> During Tomcat server startup, the following log error is displayed on the 
> console:
> 12:57:32,559 ERROR [[/]] "Restricted listeners property file not found
> Althgough the log message can be ignored, users assume that something is 
> broken...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to