csutherl opened a new pull request, #928: URL: https://github.com/apache/tomcat/pull/928
This PR implements a proof-of-concept that enhances the `configtest` command with validation capabilities, focusing on port configuration as a valuable starting point from [dev-list discussion](https://lists.apache.org/thread/pxccvg8kkckrc1c6pqoz5tvp7cvrgwpg ). It includes the framework and a single validation class, `PortValidator`, for community review. It also adds a `LifecycleListener` that is capable of stopping the startup process when there are validation failures. This minimal/phase 1 implementation includes the listener as I thought it was a valuable addition and was pretty straightforward to implement. Therefore Phase 3 would just be the SPI implementation, if we want to go that route. **Note:** The `configtest` behavior hasn't changed unless you use the `--validate-only` option to produce validation output instead of the typical server startup attempt. There's also a new command in `Catalina` for `config-validate` for ease of use. Port validation detects: - Port conflicts (already in use) - Invalid port numbers (< 0 or > 65535) - Duplicate port assignments across connectors - Privileged ports (< 1024) without root access - Default/insecure shutdown commands - AJP connectors missing required 'secret' attribute - AJP connectors listening on all interfaces (0.0.0.0) Future enhancements may include: * Additional validators (file resources, JNDI, security, known config issues) * ServiceLoader plugin architecture for custom validators * Configurable validator ordering * Overrides for default validator behavior -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
