Author: markt
Date: Mon Nov 25 14:06:06 2013
New Revision: 1545288
URL: http://svn.apache.org/r1545288
Log:
Prevent a web application from deploying if it contains a context.xml,
deployXML is false and there is no explicit descriptor as the descriptor may
contain necessary security information.
Modified:
tomcat/trunk/java/org/apache/catalina/startup/HostConfig.java
tomcat/trunk/java/org/apache/catalina/startup/LocalStrings.properties
Modified: tomcat/trunk/java/org/apache/catalina/startup/HostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/HostConfig.java?rev=1545288&r1=1545287&r2=1545288&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/HostConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/HostConfig.java Mon Nov 25
14:06:06 2013
@@ -766,26 +766,24 @@ public class HostConfig
cn.getBaseName() + "/META-INF/context.xml");
boolean xmlInWar = false;
- if (deployXML) {
- JarEntry entry = null;
- try {
- jar = new JarFile(war);
- entry = jar.getJarEntry(Constants.ApplicationContextXml);
- if (entry != null) {
- xmlInWar = true;
- }
- } catch (IOException e) {
- /* Ignore */
- } finally {
- entry = null;
- if (jar != null) {
- try {
- jar.close();
- } catch (IOException ioe) {
- // Ignore;
- }
- jar = null;
+ JarEntry entry = null;
+ try {
+ jar = new JarFile(war);
+ entry = jar.getJarEntry(Constants.ApplicationContextXml);
+ if (entry != null) {
+ xmlInWar = true;
+ }
+ } catch (IOException e) {
+ /* Ignore */
+ } finally {
+ entry = null;
+ if (jar != null) {
+ try {
+ jar.close();
+ } catch (IOException ioe) {
+ // Ignore;
}
+ jar = null;
}
}
@@ -809,7 +807,6 @@ public class HostConfig
context.setConfigFile(xml.toURI().toURL());
} else if (deployXML && xmlInWar) {
synchronized (digester) {
- JarEntry entry = null;
try {
jar = new JarFile(war);
entry =
@@ -847,6 +844,12 @@ public class HostConfig
digester.reset();
}
}
+ } else if (!deployXML && xmlInWar) {
+ // Block deployment as META-INF/context.xml may contain
security
+ // configuration necessary for a secure deployment.
+ log.error(sm.getString("hostConfig.deployDescriptor.blocked",
+ cn.getPath(), Constants.ApplicationContextXml,
+ new File(host.getConfigBaseFile(), cn.getBaseName() +
".xml")));
} else {
context = (Context) Class.forName(contextClass).newInstance();
}
@@ -875,7 +878,7 @@ public class HostConfig
// Change location of XML file to config base
xml = new File(host.getConfigBaseFile(),
cn.getBaseName() + ".xml");
- JarEntry entry = null;
+ entry = null;
try {
jar = new JarFile(war);
entry =
@@ -1103,6 +1106,12 @@ public class HostConfig
} else {
context.setConfigFile(xml.toURI().toURL());
}
+ } else if (!deployXML && xml.exists()) {
+ // Block deployment as META-INF/context.xml may contain
security
+ // configuration necessary for a secure deployment.
+ log.error(sm.getString("hostConfig.deployDescriptor.blocked",
+ cn.getPath(), xml, xmlCopy));
+ context = new FailedContext();
} else {
context = (Context) Class.forName(contextClass).newInstance();
}
Modified: tomcat/trunk/java/org/apache/catalina/startup/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/LocalStrings.properties?rev=1545288&r1=1545287&r2=1545288&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/startup/LocalStrings.properties Mon
Nov 25 14:06:06 2013
@@ -86,6 +86,7 @@ hostConfig.context.remove=Error while re
hostConfig.context.restart=Error during context [{0}] restart
hostConfig.createDirs=Unable to create directory for deployment: {0}
hostConfig.deployDescriptor=Deploying configuration descriptor {0}
+hostConfig.deployDescriptor.blocked=The web application with context path
[{0}] was not deployed because it contained a deployment descriptor [{1}] which
may include configuration necessary for the secure deployment of the
application but processing of deployment descriptors is prevented by the
deloyXML setting of this host. An appropriate descriptor should be created at
[{2}] to deploy this application.
hostConfig.deployDescriptor.error=Error deploying configuration descriptor {0}
hostConfig.deployDescriptor.threaded.error=Error waiting for multi-thread
deployment of context descriptors to complete
hostConfig.deployDescriptor.localDocBaseSpecified=A docBase {0} inside the
host appBase has been specified, and will be ignored
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
