This is an automated email from the ASF dual-hosted git repository. isapir pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push: new 2349a74 BZ-64797 Aligned Host-Manager manager.xml with Manager context.xml 2349a74 is described below commit 2349a74eaad3e93b49464fd3a8c67fa607ca9b6a Author: Igal Sapir <isa...@apache.org> AuthorDate: Sat Oct 24 19:58:39 2020 -0700 BZ-64797 Aligned Host-Manager manager.xml with Manager context.xml --- RUNNING.txt | 3 ++- java/org/apache/catalina/manager/host/HostManagerServlet.java | 2 +- webapps/host-manager/{ => WEB-INF}/manager.xml | 4 +++- webapps/manager/META-INF/context.xml | 6 ------ 4 files changed, 6 insertions(+), 9 deletions(-) diff --git a/RUNNING.txt b/RUNNING.txt index 8e9c8ce..8ca4ed9 100644 --- a/RUNNING.txt +++ b/RUNNING.txt @@ -327,7 +327,8 @@ The file will look like the following: <Context docBase="${catalina.home}/webapps/manager" antiResourceLocking="false" privileged="true" > <Valve className="org.apache.catalina.valves.RemoteAddrValve" - allow="127\.0\.0\.1" /> + allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> + <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> </Context> See Deployer chapter in User Guide and Context and Host chapters in the diff --git a/java/org/apache/catalina/manager/host/HostManagerServlet.java b/java/org/apache/catalina/manager/host/HostManagerServlet.java index 4874ce2..a08aba1 100644 --- a/java/org/apache/catalina/manager/host/HostManagerServlet.java +++ b/java/org/apache/catalina/manager/host/HostManagerServlet.java @@ -406,7 +406,7 @@ public class HostManagerServlet InputStream is = null; OutputStream os = null; try { - is = getServletContext().getResourceAsStream("/manager.xml"); + is = getServletContext().getResourceAsStream("/WEB-INF/manager.xml"); os = new FileOutputStream(new File(configBaseFile, "manager.xml")); byte buffer[] = new byte[512]; int len = buffer.length; diff --git a/webapps/host-manager/manager.xml b/webapps/host-manager/WEB-INF/manager.xml similarity index 76% rename from webapps/host-manager/manager.xml rename to webapps/host-manager/WEB-INF/manager.xml index 250065a..48ac6f8 100644 --- a/webapps/host-manager/manager.xml +++ b/webapps/host-manager/WEB-INF/manager.xml @@ -22,5 +22,7 @@ --> <Context docBase="${catalina.home}/webapps/manager" privileged="true" antiResourceLocking="false" antiJARLocking="false"> - + <Valve className="org.apache.catalina.valves.RemoteAddrValve" + allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> + <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> </Context> diff --git a/webapps/manager/META-INF/context.xml b/webapps/manager/META-INF/context.xml index cddf1d8..0217745 100644 --- a/webapps/manager/META-INF/context.xml +++ b/webapps/manager/META-INF/context.xml @@ -16,13 +16,7 @@ limitations under the License. --> <Context antiResourceLocking="false" privileged="true" > - <!-- - Remove the comment markers from around the Valve below to limit access to - the manager application to clients connecting from localhost - --> - <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> - --> <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> </Context> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org