Severe security constraints while tomcat 8 startup with liferay

security tomcat liferay liferay-6 tomcat8
17,807

It means that in web.xml someone has specified a security constraint just for methods POST and GET on pattern /bg/c/portal/protected, possibly in a similar way to this:

<security-constraint>
    <web-resource-collection>
        <url-pattern>/bg/c/portal/protected</url-pattern>
        <http-method>POST</http-method>
        <http-method>GET</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>...</transport-guarantee>
    </user-data-constraint>
</security-constraint>

You should either remove http-method brackets so it will match all methods for this url-pattern or create second one if you would like to set different security constraints on it without any http-method brackets.

For instance if you would like to secure with SSL /bg/c/portal/protected endpoint for the POST and GET methods, but for others you do not need that then you should create a config like this:

<security-constraint>
    <web-resource-collection>
        <url-pattern>/bg/c/portal/protected</url-pattern>
        <http-method>POST</http-method>
        <http-method>GET</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <url-pattern>/bg/c/portal/protected</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

As you see now all methods for this pattern are covered, hence no error will be thrown.

Share:
17,807
abhineet
Author by

abhineet

Updated on June 16, 2022

Comments

  • abhineet
    abhineet almost 2 years

    I am getting the below severe message while the tomcat 8 comes up with liferay.

    SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/bg/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
03-Sep-2015 07:06:00.733 SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/sv/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
03-Sep-2015 07:06:00.733 SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/zh/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.

    This does not have any impact on server start up but not sure what is causing this? Any help would really appreciated.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Liferay changing the default redirect page when a does not have the specific role
How do I disable SSLv3 in tomcat?
build-impl.xml:1045: Deployment error: Starting of Tomcat failed
Failed to start component [StandardEngine[Catalina].StandardHost[localhost]
Getting all users with a Role in Liferay
How to disable Tomcat JARScanner
incompatible version [1.1.34] of the APR based Apache Tomcat Native library
Tomcat8 shutdown randomly with AbstractProtocol.pause
Install Tomcat 8.5 through apt (apt-get)
Can't start Tomcat on Ubuntu