Bug 55404

Summary: ContextConfig#validateSecurityRoles emits three info log messages which contain a warning
Product: Tomcat 6 Reporter: Michael Osipov <michaelo>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 6.0.37   
Target Milestone: default   
Hardware: All   
OS: All   

Description Michael Osipov 2013-08-12 13:09:52 UTC
ContextConfig#validateSecurityRoles emits three info log messages but the messages start with 'WARNING:'. This is quite irrtating.

> contextConfig.role.auth=WARNING: Security role name {0} used in an <auth-constraint> without being defined in a <security-role>
> contextConfig.role.link=WARNING: Security role name {0} used in a <role-link> without being defined in a <security-role>
> contextConfig.role.runas=WARNING: Security role name {0} used in a <run-as> without being defined in a <security-role>

Remove the warning and set the log level from info to warning.
Comment 1 Michael Osipov 2013-08-12 13:10:36 UTC
Same applies for Tomcat 7 and 8.
Comment 2 Mark Thomas 2013-08-12 13:36:55 UTC
Using a security role that is not defined in the web.xml is indicative of an error (e.g. a typo in a role name) and therefore the warnings are appropriate.
Comment 3 Michael Osipov 2013-08-12 14:03:31 UTC
(In reply to Mark Thomas from comment #2)
> Using a security role that is not defined in the web.xml is indicative of an
> error (e.g. a typo in a role name) and therefore the warnings are
> appropriate.

But not with INFO log level. That's the point.
Comment 4 Mark Thomas 2013-08-12 14:18:17 UTC
Sorry, juggling too many things and read the report too fast.

Yes, I agree with the proposed change.
Comment 5 Mark Thomas 2013-08-12 14:34:55 UTC
This has been fixed in trunk for 8.0.0-RC2 and 7.0.x for 7.0.43.

It has been proposed for 6.0.x.
Comment 6 Mark Thomas 2013-11-07 10:06:19 UTC
Fixed in 6.0.x for 6.0.38 onwards.