Aller au contenu principal
Jahia Store
FR

Tomcat Log Provider

community
Télécharger 2.0.5

Informations

Identifiant du module
tomcat-log-provider
Identifiant de groupe
org.jahia.community
Statut
community
Catégorie
Admin Features
Auteur
Florent BOURASSE
Site web du développeur
http://www.jahia.com
Nécessite Jahia
8.2.1.0
Mis à jour
2026-07-09
Source
scm:git:git@github.com:Jahia/tomcat-log-provider.git
Étiquettes
  • log
  • cloud

A Jahia community module (not officially supported by Jahia) that mounts the Tomcat log directory into the JCR content tree, making log files accessible in read-only mode through the document manager.

Captures d'écran

Versions

Bug Fixes

Fix RepositoryException: Invalid path for log files with colons in their name (SUPPORT-608)

Tomcat produces log files whose names can contain the colon character :
(e.g. localhost_access_log.2026-01-22T14:15:28.log). The colon is the JCR
namespace separator and is illegal in unqualified JCR node names, causing
Jackrabbit to throw a MalformedPathException whenever the external content
store provider tried to look up extension nodes for those files:

javax.jcr.RepositoryException: Invalid path: … ':' not valid name character
    at org.jahia.modules.external.ExternalNodeImpl.getExtensionNode(…)

Root cause: JCRContentUtils.escapeNodePath() (used to build JCR paths from
VFS2 file names) deliberately preserves : because it is valid in
namespace-qualified JCR names like jcr:content. Bare file names that happen to
contain : were therefore passed through unescaped.
JCRContentUtils.escapeLocalNodeName() would have caught the colon, but it also
escapes % → %25. Because VFS2 returns file paths in percent-encoded URI form, a
file named …T08:44:34… was already represented as …T08%3A44%3A34… by the time
the escape function was applied — causing % to be re-encoded to %25
(double-encoding), which then confounded extension-node path resolution.

Fix: Introduced a package-private Escaping utility class whose
escapeIllegalJcrChars method encodes only the characters that are genuinely illegal
in JCR unqualified names ([ ] * | :), deliberately leaving % untouched. This
prevents double-encoding of paths that VFS2 has already percent-encoded. A new
toJcrPath() helper in TomcatLogDataSource applies escapeIllegalJcrChars
per path segment when building ExternalData identifiers. VFS2's resolveFile()
uses URI semantics and decodes %3A back to : transparently when accessing the
local filesystem, so path resolution is correct regardless of whether the input
carries a bare colon or an encoded one.

Improvements

Privilege check migrated to JCRSessionFactory

The admin-access check in TomcatLogDataSource.getPrivilegesNames() was
rewritten to use JCRSessionFactory.getInstance().getCurrentUserSession() +
hasPermission("admin") instead of the deprecated
ServicesRegistry → JahiaGroupManagerService.isAdminMember() call.

Nécessite Jahia 8.2.1.0Mis à jour 2026-05-21

Highlights

  • Security hardening: defense-in-depth path-traversal rejection in the JCR external data source backing the Tomcat log VFS.
  • Full WCAG 2.1 AA remediation of the admin UI, plus push to WCAG 2 AAA (SC 1.4.6) enhanced contrast on read-only log content.
  • Dependency vulnerability fixes (Dependabot/CVE) on systeminformation@babel/plugin-transform-modules-systemjsfast-uriaxiosip-address.
  • Project guidance docs (AGENTS.md / CLAUDE.md) added for AI-assisted development.

Fixes

Security (76585b2)

  • TomcatLogDataSource.getFile: after VFS resolution, verifies the resolved FileObject path is equal to, or strictly under, the configured Tomcat log root (rootPath + SEPARATOR). Otherwise logs a warning and throws FileSystemException — preventing JCR paths containing .. segments from escaping the allow-listed log directory.

Accessibility — WCAG 2.1 AA (80b81df2c978e8)

  • Admin UI (TomcatLogProvider.jsx / .scssTomcatLogViewer.jsx) reworked to resolve all CRIT-01..CRIT-03, MAJ-01..MAJ-07, MIN-02..MIN-05 and MIN-07 audit findings.
  • Locale en.json updated with new accessibility-related strings.

Accessibility — WCAG 2 AAA enhanced contrast (5d416b9)

  • .tlp_readOnly contrast tuned to meet SC 1.4.6 (7:1 enhanced contrast) for the read-only log viewer surface.

Dependency / CVE

  • 32def10 — upgrade systeminformation 5.31.5 → 5.31.6 via Yarn resolution override (CVE fix).
  • 2e2e303 — upgrade @babel/plugin-transform-modules-systemjsfast-uriaxiosip-address (Dependabot alerts).

Refactoring

  • Minor restructuring of TomcatLogProvider.jsx and TomcatLogViewer.jsx around the accessibility fixes (ARIA semantics, live regions, focus handling).

Tests

  • tests/package.json and tests/yarn.lock dependency bumps only; no new Cypress test commits in range.

Docs / Tooling

  • 7a5fb83 — add Claude basic context.
  • 7f3d17e — rename CLAUDE.md to AGENTS.md, add CLAUDE.md reference shim.
  • .github/dependabot.yml already in place from 2_0_3; this cycle consumes its alerts.

Full Changelog2_0_3...2_0_4

Nécessite Jahia 8.2.1.0Mis à jour 2026-05-19