问题
I am getting the below severe message while the tomcat 8 comes up with liferay.
SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/bg/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
03-Sep-2015 07:06:00.733 SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/sv/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
03-Sep-2015 07:06:00.733 SEVERE [localhost-startStop-1] org.apache.tomcat.util.descriptor.web.SecurityConstraint.findUncoveredHttpMethods For security constraints with URL pattern [/zh/c/portal/protected] only the HTTP methods [POST GET] are covered. All other methods are uncovered.
This does not have any impact on server start up but not sure what is causing this? Any help would really appreciated.
回答1:
It means that in web.xml someone has specified a security constraint just for methods POST and GET on pattern /bg/c/portal/protected, possibly in a similar way to this:
<security-constraint>
<web-resource-collection>
<url-pattern>/bg/c/portal/protected</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>...</transport-guarantee>
</user-data-constraint>
</security-constraint>
You should either remove http-method brackets so it will match all methods for this url-pattern or create second one if you would like to set different security constraints on it without any http-method brackets.
For instance if you would like to secure with SSL /bg/c/portal/protected endpoint for the POST and GET methods, but for others you do not need that then you should create a config like this:
<security-constraint>
<web-resource-collection>
<url-pattern>/bg/c/portal/protected</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/bg/c/portal/protected</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
As you see now all methods for this pattern are covered, hence no error will be thrown.
来源:https://stackoverflow.com/questions/32378884/severe-security-constraints-while-tomcat-8-startup-with-liferay