The addPattern method of SecurityCollection looks for suspicious URL patterns and reports them as warnings if in debug mode. The second if, the one checking for second to last '/' is broken. Instead of: if (pattern.charAt(pattern.length()-1) != '/') it probably should be: if (pattern.charAt(pattern.length()-2) != '/') The code makes reference to bug 34805, this is where this code was proposed as a patch to RealmBase originally. This issue was reported there in comment #4 (and approved).
Created attachment 20640 [details] Patch to SecurityCollection.java to fix the Suspicious warning messages I tested this on tc5.5x without and there were decent number of errant warnings for any '/*' patterns. This patch removed them.
Also, if possible, in the log message you may want to point to the servlet 2.4 documentation, since this is what tomcat 5.5 supports. Currently it is pointing to a servlet 2.3 pdf document.
Comment on attachment 20640 [details] Patch to SecurityCollection.java to fix the Suspicious warning messages old patch
Created attachment 20820 [details] Modified patch to SecurityCollection w/ better link Added a slightly better link to the documentation. referenced this bug.
Created attachment 20821 [details] Patch: fixed possible indexOutOfBounds Exception for url-patterns which are just '*' Found a bug in the original patch. It didn't check if the length was < 2. This is a bad url, so we also print the error under these conditions.
Thanks for the patch. This has been fixed in trunk and proposed for 6.0.x and 5.5.x
This has been fixed in 6.0.x and will be included in 6.0.17 onwards.
This has been fixed in 5.5.x and will be included in 5.5.27 onwards.