All geek questions in one place

Severe security restrictions when starting tomcat 8 with a lifetime

I get the message below strict, while tomcat 8 comes with a lifetime.

SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/bg/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
03-Sep-2015 07:06:00.733 SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/sv/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
03-Sep-2015 07:06:00.733 SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/zh/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.

This does not affect server startup, but not sure what causes it? Any help would be really appreciated.

+4
source share
1 answer

This means that web.xmlsomeone pointed out a security restriction only for the POST and GET methods on the template /bg/c/portal/protected, perhaps similarly to this:

<security-constraint>
    <web-resource-collection>
        <url-pattern>/bg/c/portal/protected</url-pattern>
        <http-method>POST</http-method>
        <http-method>GET</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>...</transport-guarantee>
    </user-data-constraint>
</security-constraint>

http-method, url-pattern, , - http-method.

, SSL /bg/c/portal/protected POST GET, , ​​:

<security-constraint>
    <web-resource-collection>
        <url-pattern>/bg/c/portal/protected</url-pattern>
        <http-method>POST</http-method>
        <http-method>GET</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <url-pattern>/bg/c/portal/protected</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

, , .

+15

Source: https://habr.com/ru/post/1605760/

More articles:


All Articles