On Thu, Aug 14, 2014 at 6:39 AM, Utkarsh Dave <utkarshkd...@gmail.com> wrote:
> We upgraded from Tomcat 7.0.41 to tomcat 7.0.53. > We are starting the Tomcat as "-security" so as to enable security manager. > I also see the changelog of 7.0.48 mentioning about this change > "When running under a security manager, change the default value of the > Host's deployXML attribute to false. > add If a Host is configured with a value of false for deployXML, a web > application has an embedded descriptor at META-INF/context.xml and no > explicit descriptor has been defined for this application, do not allow the > application to start. The reason for this is that the embedded descriptor > may contain configuration necessary for secure operation such as a > RemoteAddrValve. > " > > As a result many of the applications are not starting in my project. > How can we fix this? > Don't rely on the contents of your application's META-INF/context.xml files. As the note you quoted mentions, when you set "-security" it is going to set "deployXML" to "false". This is explained a bit more in the docs for "deployXML". "Set to false if you want to disable parsing the context XML descriptor embedded inside the application (located at /META-INF/context.xml). Security conscious environments should set this to false to prevent applications from interacting with the container's configuration. The administrator will then be responsible for providing an external context configuration file, and putting it in the location defined by the xmlBase attribute. If this flag is false, a descriptor is located at /META-INF/context.xml and no descriptor is present in xmlBase then the context will fail to start in case the descriptor contains necessary configuration for secure deployment (such as a RemoteAddrValve) which should not be ignored. The flag's value defaults to true unless a security manager is enabled when the default is false." To work around this just move all the necessary configuration that was in /META-INF/context.xml into "conf/Catalina/localhost/<app>.xml" (i.e. conf/<service>/<host>/<app>.xml). Dan > > -Thanks > Utkarsh >
