[LPS-73278] Permission error accessing velocity.log on SAML startup - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 7.0.X EE
Fix Version/s: 7.0.X EE, Master
Component/s: Application Security > SAML
Labels:
- ee-ts
- liferay-saml-2.0-provider-3.1.0

Branch Version/s:

7.0.x
Backported to Branch:

Committed
Story Points:
1
Fix Priority:
2
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal-ee/pull/17620

Description

Steps to reproduce (linux):

Open terminal, go to root directory (/), or any other directory where current user does not have permissions to create new files
Run /opt/liferay.git/bundles-ee-7.0.x/tomcat-8.0.32/bin/start.sh (exchange with your path to liferay.home)

Expected result: No error related to velocity.log in log files
Actual result: Stacktrace saml_error.txt can be found in the logs

On starting up a DXP instance with SAML deployed, the following error is thrown:

Caused by: java.io.FileNotFoundException: velocity.log (Permission denied)
	at java.io.FileOutputStream.open0(Native Method)
	at java.io.FileOutputStream.open(FileOutputStream.java:270)
	at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
	at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
	at org.apache.log4j.FileAppender.setFile(FileAppender.java:294)
	at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:207)
	at org.apache.log4j.FileAppender.<init>(FileAppender.java:110)
	at org.apache.log4j.RollingFileAppender.<init>(RollingFileAppender.java:79)
	at org.apache.velocity.runtime.log.Log4JLogChute.initAppender(Log4JLogChute.java:118)

The full stacktrace is attached. This prevents SAML modules from registering correctly. The SAML Admin element shows up in Control Panel, but the page is blank; and even though we already have SAML settings in the database, it does not seem to be enabled.

This stems from com.liferay.saml.opensaml.integration.internal.velocity.VelocityEngineFactory.getVelocityEngine(ClassLoader), which hard-codes velocity configuration settings:

velocityEngine.setProperty(
	RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
	Log4JLogChute.class.getName())

This was a problem in core, fixed several years ago by ~~LPS-17329~~. Solutions to similar issues found online (e.g. here) tend to revolve around changing the velocity configurations, but these configurations are hard-coded and thus not editable.

Core velocity configurations are editable in Control Panel at System Settings > Foundation > Velocity Engine. Ideally SAML would respect these same settings (which, by the way, default the log class to org.apache.velocity.runtime.log.SimpleLog4JLogSystem, which would also avoid this issue).

This is a blocker for us using SAML.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

saml_error.txt
11 kB
23/Jun/17 12:58 PM
SAML Admin.png
69 kB
26/Jun/17 2:14 AM

Issue Links

is caused by

LPS-65518 Move saml-portlet to "modules"

Closed

is related to

LPS-17329 VelocityUtil.evaluate() creates velocity.log in tomcat bin directory

Closed

Activity

People

Assignee:: Summer Zhang

Reporter:: Ethan Bustad (Inactive)

Participants of an Issue:: Ethan Bustad, Summer Zhang, Tomáš Polešovský

Recent user:: Kiyoshi Lee

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 23/Jun/17 1:06 PM

Updated:: 23/Apr/20 12:01 PM

Resolved:: 03/Jul/17 3:17 PM

Days since last comment:: 5 years, 47 weeks, 6 days ago

Packages

Version	Package
7.0.X EE
Master