Summary: | One of the session attributes on the [host-]manager application is disallowed by the Security Manager | ||
---|---|---|---|
Product: | Tomcat 8 | Reporter: | Coty Sutherland <csutherl> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 8.0.x-trunk | ||
Target Milestone: | ---- | ||
Hardware: | PC | ||
OS: | Linux |
Description
Coty Sutherland
2017-06-02 18:50:40 UTC
Switching from no security manager to using a security manager makes this worse (stack trace). If a security manager is in use on shutdown then a warning is logged. I've fixed this by configuring the web applications to permit the (de-)serialization of the CSRFPreventionFilter related attributes. Fixed in: - trunk for 9.0.0.M22 onwards - 8.5.x for 8.5.16 onwards - 8.0.x for 8.0.45 onwards - 7.0.x for 7.0.79 onwards |