Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-73278

Permission error accessing velocity.log on SAML startup

    Details

      Description

      Steps to reproduce (linux):

      1. Open terminal, go to root directory (/), or any other directory where current user does not have permissions to create new files
      2. Run /opt/liferay.git/bundles-ee-7.0.x/tomcat-8.0.32/bin/start.sh (exchange with your path to liferay.home)

      Expected result: No error related to velocity.log in log files
      Actual result: Stacktrace saml_error.txt can be found in the logs


      On starting up a DXP instance with SAML deployed, the following error is thrown:

      Caused by: java.io.FileNotFoundException: velocity.log (Permission denied)
      	at java.io.FileOutputStream.open0(Native Method)
      	at java.io.FileOutputStream.open(FileOutputStream.java:270)
      	at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
      	at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
      	at org.apache.log4j.FileAppender.setFile(FileAppender.java:294)
      	at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:207)
      	at org.apache.log4j.FileAppender.<init>(FileAppender.java:110)
      	at org.apache.log4j.RollingFileAppender.<init>(RollingFileAppender.java:79)
      	at org.apache.velocity.runtime.log.Log4JLogChute.initAppender(Log4JLogChute.java:118)
      

      The full stacktrace is attached. This prevents SAML modules from registering correctly. The SAML Admin element shows up in Control Panel, but the page is blank; and even though we already have SAML settings in the database, it does not seem to be enabled.

      This stems from com.liferay.saml.opensaml.integration.internal.velocity.VelocityEngineFactory.getVelocityEngine(ClassLoader), which hard-codes velocity configuration settings:

      velocityEngine.setProperty(
      	RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
      	Log4JLogChute.class.getName())
      

      This was a problem in core, fixed several years ago by LPS-17329. Solutions to similar issues found online (e.g. here) tend to revolve around changing the velocity configurations, but these configurations are hard-coded and thus not editable.

      Core velocity configurations are editable in Control Panel at System Settings > Foundation > Velocity Engine. Ideally SAML would respect these same settings (which, by the way, default the log class to org.apache.velocity.runtime.log.SimpleLog4JLogSystem, which would also avoid this issue).

      This is a blocker for us using SAML.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  2 years, 22 weeks, 1 day ago

                  Packages

                  Version Package
                  7.0.X EE
                  Master