Accessibility

TechNote (Archived)

Duplicate CFIDE and WEB-INF sandboxes created when enabling ColdFusion Security in ColdFusion MX 7

Issue

After enabling ColdFusion Security in a new instance in ColdFusion MX 7 Multiserver configuration, duplicate system sandboxes (CFIDE and WEB-INF) are created. Since these are system sandboxes, the ColdFusion MX 7 Administrator Sandbox Security screen does not provide a delete option.

Reason

ColdFusion MX 7 uses the security settings of the Enterprise Manager instance (the default instance created during the Multiserver configuration install) when creating a new instance in the Administrator's Instance Manager screen, or when creating a EAR/WAR file for deployment in the J2EE Archive screen. If the Enterprise Manager instance has any sandboxes configured, they are copied into the new instances and/or EAR/WAR files, including the default CFIDE and WEB-INF sandboxes for the Enterprise Manager instance. These sandboxes are immediately viewable once the new instance is deployed.

When ColdFusion Security is enabled (or disabled, then re-enabled) on the new instance, ColdFusion will create the system sandboxes for the instance. The ColdFusion Sandbox Security screen will now show two sets of CFIDE and WEB-INF sandboxes:

  • One set for the Enterprise Manager instance (for example,jrun_root/servers/cfusion/cfusion-ear/cfusion-war/CFIDE andjrun_root/servers/cfusion/cfusion-ear/cfusion-war/WEB-INF)
  • One set for the new server instance (for example,jrun_root/servers/Test/cfusion.ear/cfusion.war/CFIDE andjrun_root/servers/Test/cfusion.ear/cfusion.war/WEB-INF

The differences in the sandboxes are not immediately discernable. You will need to edit the sandboxes to see the directories they are securing.

Solution

The solution is to not enable sandboxes in the Enterprise Manager instance unless you want them copied into newly created instances.

If you have existing instances with duplicate system sandboxes, you can edit the neo-security.xml file for each instance to remove the Enterprise Manager's CFIDE and WEB-INF entries:

  1. Stop the ColdFusion instance.
  2. Back upcf_web_root/WEB-INF/cfusion/lib/neo-security.xml.
  3. In an XML (or text) editor, open the neo-security.xml file.
  4. Find the var node containing the CFIDE for the Enterprise Manager instance. For example, if the directory root for the Enterprise Manager instance is C:\JRun4\servers\Test\cfusion.ear\cfusion.war\CFIDE, then find this var node:
    <var name='C:\JRun4\servers\Test\cfusion.ear\cfusion.war\CFIDE\'>
  5. Delete the entire node and its children.
  6. Repeat steps 4 and 5 for the var node containing the WEB-INF for the Enterprise Manager instance. For example, if the directory root for the Enterprise Manager instance is C:\JRun4\servers\Test\cfusion.ear\cfusion.war\WEB-INF, then find this var node:
    <var name='C:\JRun4\servers\Test\cfusion.ear\cfusion.war\WEB-INF\'>
  7. Save the neo-security.xml file.
  8. Restart the ColdFusion instance.

Note: Validate the neo-security.xml file after your edits. If there are any typing errors, incomplete nodes, or any other syntax errors, the Security service for the ColdFusion instance will not start.

AlertThis content requires Flash

To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.

Download the free Flash Player now!

Get Adobe Flash Player

Creative Commons License

Search Support

Document Details

ID:bdc3c34d
OS:HP-UX
Linux
Mac OS (All)
Solaris
UNIX
Windows (All)
AIX

Products Affected:

coldfusion