Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-37483

web.xml listener elements should only be consolidated into portalListenerClasses context-param if security-manager-enabled=true

    Details

      Description

      For security purposes related to LPS-26321, web.xml listener elements like the following:

      <listener>
          <listener-class&gt;com.sun.faces.config.ConfigureListener</listener-class&gt;
      </listener>
      <listener>
          <listener-class&gt;com.liferay.faces.bridge.servlet.BridgeSessionListener</listener-class&gt;
      </listener>
      

      ... will get consolidated into a context-param like the following:

      <context-param>
          <param-name>portalListenerClasses</param-name>
          <param-value>com.liferay.portal.kernel.servlet.SerializableSessionAttributeListener,com.sun.faces.config.ConfigureListener,com.liferay.faces.bridge.servlet.BridgeSessionListener</param-value>
      </context-param>
      

      But this should only happen if security-manager-enabled=true in the WEB-INF/liferay-plugin-package.properties file.

      Steps To Reproduce:

      1. Install one of the following:

      Liferay Portal 6.1.20 EE GA2 and then apply liferay-fix-pack-plugin-deployment-1-6120

      – OR –

      Build Liferay Portal 6.2.0-SNAPSHOT from the master branch.

      2. Download the latest 3.2.x-SNAPSHOT version of the jsf2-portlet demo WAR

      3. Copy the jsf2-portlet.war artifact to the /deploy folder

      4. Examine the tomcat/webapps/jsf2-portlet/WEB-INF/web.xml file

      If the bug still exists, then there will be no <listener> elements and they will have been replaced by the portalListenerClasses context-param.

      If the bug is fixed, then the <listener> elements will remain, and there will not be a portalListenerClasses context-param.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  6 years, 25 weeks ago

                  Packages

                  Version Package
                  6.2.0 CE B1