使用Liferay启动Tomcat 8时存在严重的安全约束

  • Z时代
  • 2024-01-10
  • 分类:问答

tomcat 8带有liferay时,我收到以下严重消息。

SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/bg/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
03-Sep-2015 07:06:00.733 SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/sv/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
03-Sep-2015 07:06:00.733 SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/zh/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.

回答:

这意味着web.xml某人仅针对pattern上的POST和GET方法指定了安全性约束/bg/c/portal/protected,可能与此类似:

<security-constraint>
    <web-resource-collection>
        <url-pattern>/bg/c/portal/protected</url-pattern>
        <http-method>POST</http-method>
        <http-method>GET</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>...</transport-guarantee>
    </user-data-constraint>
</security-constraint>

您应该删除http-method方括号以使其匹配此方法的所有方法,url-pattern或者如果您想为其设置不同的安全性约束而没有任何http-

method方括号,则创建第二个方括号。

例如,如果您想/bg/c/portal/protectedPOSTGET方法使用SSL

端点进行安全保护,而对于其他方法则不需要,则应创建如下配置:

<security-constraint>
    <web-resource-collection>
        <url-pattern>/bg/c/portal/protected</url-pattern>
        <http-method>POST</http-method>
        <http-method>GET</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <url-pattern>/bg/c/portal/protected</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

如您现在所见,该模式的所有方法均已涵盖,因此不会引发任何错误。

以上是 使用Liferay启动Tomcat 8时存在严重的安全约束 的全部内容, 来源链接: utcz.com/qa/432777.html

回到顶部