[ https://issues.apache.org/jira/browse/GERONIMO-3451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536355 ]
pmcmahan edited comment on GERONIMO-3451 at 10/22/07 8:18 AM: ------------------------------------------------------------------ It's not clear to me that this error message is actually harmless. Tomcat uses RestrictedServlet.properties and RestrictedFilters.properties files as a sort of internalized/proprietary security mechanism to limit access to certain types of servlets and filters. The instance manager patch that is applied to Geronimo's build of tomcat (see GERONIMO-3010 and GERONIMO-3206) introduced a new type of security check in DefaultInstanceManager for restricted Listeners : {code:title=DefaultInstanceManager.java|borderStyle=solid} private void checkAccess(Class clazz) { if(privileged) return; if(clazz.isAssignableFrom(javax/servlet/Filter)) checkAccess(clazz, restrictedFilters); else if(clazz.isAssignableFrom(javax/servlet/Servlet)) checkAccess(clazz, restrictedServlets); else checkAccess(clazz, restrictedListeners); } {code} However, that class also has a bug in the place where the RestrictedListeners.properties is read in, adding its contents to the restrictedFilters list instead of the restrictedListeners list : {code:title=DefaultInstanceManager.java|borderStyle=solid} java.io.InputStream is = getClass().getClassLoader().getResourceAsStream("org/apache/catalina/core/RestrictedListeners.properties"); if(is != null) *restrictedFilters.load(is);* // <---- should be restrictedListeners.load(is) else catalinaContext.getLogger().error(sm.getString("defaultInstanceManager.restrictedListenersResources")); {code} So addressing this issue will involve : # determine if the DefaultInstanceManager really needs to check for restricted listeners # if so, determine which listeners should be restricted (what to put in the RestrictedListeners.properties) # add RestrictedListeners.properties to Geronimo's catalina.jar # fix the bug in DefaultInstanceManager mentioned above was (Author: pmcmahan): It's not clear to me that this error message is actually harmless. Tomcat uses RestrictedServlet.properties and RestrictedFilters.properties files as a sort of internalized/proprietary security mechanism to limit access to certain types of servlets and filters. The instance manager patch that is applied to Geronimo's build of tomcat (see GERONIMO-3010 and GERONIMO-3206) introduced a new type of security check in DefaultInstanceManager for restricted Listeners : {{ private void checkAccess(Class clazz) { if(privileged) return; if(clazz.isAssignableFrom(javax/servlet/Filter)) checkAccess(clazz, restrictedFilters); else if(clazz.isAssignableFrom(javax/servlet/Servlet)) checkAccess(clazz, restrictedServlets); else checkAccess(clazz, restrictedListeners); } }} However, that class also has a bug in the place where the RestrictedListeners.properties is read in, adding its contents to the restrictedFilters list instead of the restrictedListeners list. {{ java.io.InputStream is = getClass().getClassLoader().getResourceAsStream("org/apache/catalina/core/RestrictedListeners.properties"); if(is != null) *restrictedFilters.load(is);* else catalinaContext.getLogger().error(sm.getString("defaultInstanceManager.restrictedListenersResources")); }} So addressing this issue will involve : # determine if the DefaultInstanceManager really needs to check for restricted listeners # if so, determine which listeners should be restricted (what to put in the RestrictedListeners.properties) # add RestrictedListeners.properties to Geronimo's catalina.jar # fix the bug in DefaultInstanceManager mentioned above > "Restricted listeners property file not found" error logged during Tomcat > server startup > ---------------------------------------------------------------------------------------- > > Key: GERONIMO-3451 > URL: https://issues.apache.org/jira/browse/GERONIMO-3451 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: Tomcat > Affects Versions: 2.0, 2.0.x > Reporter: Kevan Miller > Fix For: 2.0.x > > > During Tomcat server startup, the following log error is displayed on the > console: > 12:57:32,559 ERROR [[/]] "Restricted listeners property file not found > Althgough the log message can be ignored, users assume that something is > broken... -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.