当 tomcat 8 出现 liferay 时,我收到以下严重消息。
SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/bg/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
03-Sep-2015 07:06:00.733 SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/sv/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
03-Sep-2015 07:06:00.733 SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/zh/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
这对服务器启动没有任何影响,但不确定是什么原因造成的?非常感谢任何帮助。
最佳答案
这意味着在 web.xml
中有人已经为模式 /bg/c/portal/protected
上的方法 POST 和 GET 指定了安全约束,可能在与此类似的方式:
<security-constraint>
<web-resource-collection>
<url-pattern>/bg/c/portal/protected</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>...</transport-guarantee>
</user-data-constraint>
</security-constraint>
您应该删除 http-method
括号,以便它匹配此 url-pattern
的所有方法,或者创建第二个,如果您想设置不同的安全约束它没有任何 http-method
括号。
例如,如果您想使用 SSL /bg/c/portal/protected
端点保护 POST
和 GET
方法,但对于其他人你不需要,那么你应该创建一个这样的配置:
<security-constraint>
<web-resource-collection>
<url-pattern>/bg/c/portal/protected</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/bg/c/portal/protected</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
正如您现在看到的,此模式的所有方法都已涵盖,因此不会抛出任何错误。
关于security - 使用 liferay 启动 tomcat 8 时存在严重的安全限制,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32378884/