|Summary:||Suspicious url pattern warning logged to wrong webapp|
|Product:||Tomcat 5||Reporter:||Marius Scurtescu <marius.scurtescu>|
|Component:||Catalina||Assignee:||Tomcat Developers Mailing List <dev>|
Description Marius Scurtescu 2007-08-09 15:18:42 UTC
"Suspicious url pattern" warnings are logged to the wrong webapp, not the one actually using them. These log events are coming from SecurityCollection.java.
Comment 1 Remy Maucherat 2007-08-10 00:18:52 UTC
This class is using a static logger, and has no efficient way to access the webapp logger.
Comment 2 Marius Scurtescu 2007-08-10 00:31:40 UTC
If it cannot get the logger for the proper webapp then why does it log into some other webapp? At least it should log into catalina.out. This is a serious issue. If proper logging is impossible then the whole verification should be removed, it is useless like this IMHO. (Not to mention that it is broken -- that's a different bug report. But that shows that no one really used this information ever.)
Comment 3 Ryan Sweet 2007-08-10 10:30:11 UTC
Marius, do you have a test case that easily generates these log messages?
Comment 4 Marius Scurtescu 2007-08-10 10:43:50 UTC
AFAIK you only need: - URL patterns like "/foo/*" in you web.xml - debug level logging If you have several web apps the log events may show up in the wrong web app log file, don't know how to trigger that. See also bug 43079
Comment 5 Mark Thomas 2008-05-04 03:43:40 UTC
This has been fixed in trunk and proposed for 6.0.x and 5.5.x
Comment 6 Mark Thomas 2008-05-15 12:57:44 UTC
This has been fixed in 6.0.x and will be included in 6.0.17 onwards.
Comment 7 Mark Thomas 2008-07-30 13:38:49 UTC
This has been fixed in 5.5.x and will be included in 5.5.27 onwards.