Author: kkolinko Date: Mon May 28 22:03:49 2012 New Revision: 1343405 URL: http://svn.apache.org/viewvc?rev=1343405&view=rev Log: Part 2 of fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=52983 Prevent the custom error pages for the Manager and Host Manager applications from being accessed directly. It is backport of r1084109
CTR: There was an error in host-manager's web.xml that 401.jsp and 403.jsp were not configured in it. It is r826294 in trunk and should have been ported to 6.0 in r1030547. I added <error-page> configuration for those files. Added: tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/jsp/ tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/jsp/401.jsp - copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/host-manager/401.jsp tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/jsp/403.jsp - copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/host-manager/403.jsp tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/401.jsp - copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/manager/401.jsp tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/jsp/403.jsp - copied unchanged from r1343399, tomcat/tc6.0.x/trunk/webapps/manager/403.jsp Removed: tomcat/tc6.0.x/trunk/webapps/host-manager/401.jsp tomcat/tc6.0.x/trunk/webapps/host-manager/403.jsp tomcat/tc6.0.x/trunk/webapps/manager/401.jsp tomcat/tc6.0.x/trunk/webapps/manager/403.jsp Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1343405&r1=1343404&r2=1343405&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon May 28 22:03:49 2012 @@ -157,15 +157,6 @@ PATCHES PROPOSED TO BACKPORT: +1: kkolinko -1: -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52983 - Remove unnecessary code that makes switching to other authentication methods - difficult. Also prevent the custom error pages for the Manager and Host - Manager applications from being accessed directly. - http://svn.apache.org/viewvc?view=revision&revision=1084103 - http://svn.apache.org/viewvc?view=revision&revision=1084109 - +1: markt, kkolinko, kfujino - -1: - * Fix several trivial HTML markup errors in example servlets e.g. duplicate <body> tag preceding <head> and <tr> following </table> http://people.apache.org/~kkolinko/patches/2012-05-13_tc6_sampleservlets.patch Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1343405&r1=1343404&r2=1343405&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Mon May 28 22:03:49 2012 @@ -193,6 +193,12 @@ uses DataSource.getConnection(username, password) method. Not all data source implementations support it. (kkolinko) </update> + <fix> + Prevent the custom error pages for the Manager and Host Manager + applications from being accessed directly. Configure custom + pages for error codes 401 and 403 in Host Manager application. + (markt/kkolinko) + </fix> </changelog> </subsection> <subsection name="Other"> Modified: tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml?rev=1343405&r1=1343404&r2=1343405&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/host-manager/WEB-INF/web.xml Mon May 28 22:03:49 2012 @@ -151,4 +151,13 @@ <role-name>admin</role-name> </security-role> + <error-page> + <error-code>401</error-code> + <location>/WEB-INF/jsp/401.jsp</location> + </error-page> + <error-page> + <error-code>403</error-code> + <location>/WEB-INF/jsp/403.jsp</location> + </error-page> + </web-app> Modified: tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml?rev=1343405&r1=1343404&r2=1343405&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/manager/WEB-INF/web.xml Mon May 28 22:03:49 2012 @@ -286,11 +286,11 @@ <error-page> <error-code>401</error-code> - <location>/401.jsp</location> + <location>/WEB-INF/jsp/401.jsp</location> </error-page> <error-page> <error-code>403</error-code> - <location>/403.jsp</location> + <location>/WEB-INF/jsp/403.jsp</location> </error-page> </web-app> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org