漏洞
Unable to deploy the Token Service Authentication when including ‘log4j-1.2.8.jar’ jar file in '<arcgis_home>\java\manager\config\security\lib' folder while extending the Security Store API.
| 漏洞 ID 编号 | NIM044713 |
|---|---|
| 已提交 | April 27, 2009 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | ArcGIS Server (Java) |
| 找到的版本 | 9.3 |
| 编程语言 | Java |
| 操作系统 | Red Hat Enterprise Linux |
| 操作系统版本 | 4 |
| 状态 | Will Not Be Addressed |
附加信息
No Public Explanation解决办法
Two options to choose for workaround:a. Remove the ‘log4j-1.2.8.jar’ jar in the location '<arcgis_home>\java\manager\config\security\lib’. Use the 'java.util.logging' package instead of ‘org.apache.log4j.Logger’. This package is present with the installed JDK.b. If using the ‘log4j-1.2.8.jar’ jar present in the location '<arcgis_home>\java\manager\config\security\lib’. User can follow all the implementation steps and instead of using the internal tomcat, they can export the token service WAR file to an external tomcat or any other web service container. i.e. in the step where they would have to click ‘Save’ button to enable the token service, instead of that step they can go to ‘Security > Export token service’.User can recreate all functionality of the token service. They would have to go to ‘Services > ‘Configure Services Handler’ > ‘Export tab > ’ and export the war file for ‘web service’ and ‘rest service’ to the external tomcat server.重现步骤
漏洞 ID: NIM044713
软件:
- ArcGIS Server (Java)
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序