Summary: | The "roles" command doesn't work | ||
---|---|---|---|
Product: | Tomcat 7 | Reporter: | Eiji Takahashi <mashmk02> |
Component: | Manager | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | P2 | ||
Version: | trunk | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: | patch for context.xml of the Manager application |
The more I consider this issue, the more I am inclinded to remove the roles command from the manager in Tomcat 7. My reasoning is follows: - The manager can be used with any realm - Most realms do not expose a role list - It is not practical to list all roles for some realms (e.g. JNDI) - I don't see what the use case is for this feature The "Cannot resolve user database reference" message and the necessity to create a <ResourceLink> are already documented, [1] [1] http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#List_Available_Security_Roles I see nothing to fix here. Though the doc can be improved a bit: 1) This is "Cannot resolve user database reference" message, though the solution for it is listed with the "No user database is available" message. 2) IIRC, there is no "<ResourceParams>" element in modern Tomcat versions. Regardless of that, I agree with Mark that I do not see much reason in keeping this command around. Especially I miss a plausible use case. Maybe it was used for some demos? Note, that besides this command being present inside manager webapp, there is also RolesTask ANT task. Thanks for comments. I encountered this issue when I used the Tomcat maven plugin's "tomcat:roles" command that uses the "roles" command of the Manager app. The "tomcat:roles" command can display the available security roles. But I can't think of a case where it's necessary. And I have no objection to remove the "roles" command. Best regards. The roles command has been removed from Tomcat 7 trunk. This will take affect from 7.0.9 onwards. |
Created attachment 26601 [details] patch for context.xml of the Manager application The Manager application has the "roles" command that list the security role names. But now this command doesn't work correctly. The "roles" command returns following message: FAIL - Cannot resolve user database reference And gets Exception: SEVERE: Manager: java:comp/env/users javax.naming.NamingException: Cannot create resource instance at org.apache.naming.factory.ResourceEnvFactory.getObjectInstance(ResourceEnvFactory.java:117) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304) at org.apache.naming.NamingContext.lookup(NamingContext.java:826) at org.apache.naming.NamingContext.lookup(NamingContext.java:145) at org.apache.naming.NamingContext.lookup(NamingContext.java:814) at org.apache.naming.NamingContext.lookup(NamingContext.java:145) at org.apache.naming.NamingContext.lookup(NamingContext.java:814) at org.apache.naming.NamingContext.lookup(NamingContext.java:159) at org.apache.naming.SelectorContext.lookup(SelectorContext.java:158) at javax.naming.InitialContext.lookup(InitialContext.java:392) at org.apache.catalina.manager.ManagerServlet.roles(ManagerServlet.java:1055) at org.apache.catalina.manager.ManagerServlet.doGet(ManagerServlet.java:366) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:306) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:589) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:382) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:288) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) Tomcat 6.x contains same issue. The workaround for this issue is to add <ResourceLink> to context.xml of the Manager application. And I made the patch for this issue. regards.