apache
Add validation framework for imposing specific rules for configuration values
This PR implements a proof-of-concept that enhances the configtest command with validation capabilities, focusing on port configuration as a valuable starting point from dev-list discussion. It includes the framework and a single validation class, PortValidator, for community review. It also adds a LifecycleListener that is capable of stopping the startup process when there are validation failures. This minimal/phase 1 implementation includes the listener as I thought it was a valuable addition and was pretty straightforward to implement. Therefore Phase 3 would just be the SPI implementation, if we want to go that route.
Note: The configtest behavior hasn't changed unless you use the --validate-only option to produce validation output instead of the typical server startup attempt. There's also a new command in Catalina for config-validate for ease of use.
Port validation detects:
- Port conflicts (already in use)
- Invalid port numbers (< 0 or > 65535)
- Duplicate port assignments across connectors
- Privileged ports (< 1024) without root access
- Default/insecure shutdown commands
- AJP connectors missing required 'secret' attribute
- AJP connectors listening on all interfaces (0.0.0.0)
Future enhancements may include:
- Additional validators (file resources, JNDI, security, known config issues)
- ServiceLoader plugin architecture for custom validators
- Configurable validator ordering
- Overrides for default validator behavior
@ChristopherSchultz did you have any input about whether or not this addresses the concern you mentioned on the list thread?