to any hosts
> due to exception: java.security.AccessControlException: access denied
> (java.net.SocketPermission localhost resolve)
>
> I have read about similar problems in google and tried to modify the
> catalina.policy without success.
>
> I deploy applications via a Plesk
enied
(java.net.SocketPermission localhost resolve)
I have read about similar problems in google and tried to modify the
catalina.policy without success.
I deploy applications via a Plesk web interface which loads my .war
file, sets it in /var/tomcat4/psa-wars/mydomain.com/ creates a symlink
to the war file in
--
>From: Thomas Zumbrunn [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, October 26, 2004 1:48 PM
>To: [EMAIL PROTECTED]
>Subject: SecurityManager and catalina.policy
>
>Hello list
>
>Sorry for coming up with this question again, but I still couldn't find any
>detailed
Hello list
Sorry for coming up with this question again, but I still couldn't find any
detailed documentation about what the entries in conf/catalina.policy
actually do. On line 86 it says:
grant {
// Required for JNDI lookup of named JDBC DataSource's and
// javamail name
I'm running Tomcat 4.1.31 with SecurityManager and tried to understand the
default settings for web applications in conf/catalina.policy.
Lines 83-91:
[...]
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermi
sage -
From: "Andoni List" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Wednesday, September 22, 2004 2:06 PM
Subject: FilePermission's in catalina.policy.
> Hello,
>
> I am trying to run Tomcat with a very strict security cord
Hello,
I am trying to run Tomcat with a very strict security cordon around it. So I
am using catalina.policy to shut down everything except exactly what I need.
I am having one problem with a small bit of this at the moment, I am trying
to find get the following to allow files be read from my
Hi,
How to allow all permissions in catalina.policy? The default policies in the
catalina.policy is too strict and I have difficulties getting my applicatin to work.
I would like to all all permissions to my application so I can debug the problem
Thanks
nyhgan
27;re not right. The two provide different views of security.
> Httpd.conf controls apache, not tomcat, and does nothing to prevent, for
> example, the execution of malicious applets. Catalina.policy or
> whatever you want to call the policy file is used by the JVM security
>
7;re not right. The two provide different views of security.
> Httpd.conf controls apache, not tomcat, and does nothing to prevent, for
> example, the execution of malicious applets. Catalina.policy or
> whatever you want to call the policy file is used by the JVM security
> manager to
Howdy,
No, you're not right. The two provide different views of security.
Httpd.conf controls apache, not tomcat, and does nothing to prevent, for
example, the execution of malicious applets. Catalina.policy or
whatever you want to call the policy file is used by the JVM security
manag
Hi
Please tell me once more.
Am I right in assumng that I don't really need catalina.policy if I use
httpd.conf to control access ?
If t, how do they interact ?
TIA :-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For addit
this the
only way to run Tomcat with a SecurityManager?
2) The %CATALINA_HOME%/conf/catalina.policy file...is this the only security policy
Tomcat will examine? Does it also use the default java security policy in
%JAVA_HOME%/jre/lib/security/java.policy file? Can I specify additional
If myapp is deployed as a war, how do I create a grant entry in
catalina.policy to allow writing to my log file? I tried
grant {
permission java.io.FilePermission
"${catalina.home}/logs/myapp_debug.txt","write" ;
}
But it didn't work.
Caused by: java.securi
running Tomcat 4.03 on Win2k
I have recently started to run it with the -security flag.
I have added the following to my catalina.policy file to test.
grant codeBase
"file:${catalina.home}/webapps/ROOT/WEB-INF/lib/site.jar!/-" {
permission java.security.AllPermission;
};
I have tur
Greetings,
I am running Tomcat 4.03 on Win2k
I have recently started to run it with the -security flag.
I have added the following to my catalina.policy file to test.
grant codeBase
"file:${catalina.home}/webapps/ROOT/WEB-INF/lib/site.jar!/-" {
permission java.security.AllPermiss
Hi everybody,
i have problem with configuration of catalina.policy (Security Manager) for my OpenCms
4.7.7.
With the Security Manager can i not the OpenCms install. Without the policy no problem!
Error message:
[CmsException]: 33 Resourcebroker-init error. Detailed Error: Critical error while
Hi Jeanfrancois Arcand
> >Is this a firewall problem from their end ???
> >
> Yes, It could be a firewall problem. IMO, It is more a privilege issue
> with NT. Have you try with Administrator privilege? Also, double check
> that your usesr have the proper java.security file with their JRE.
>
Sou
Hi Jeanfrancois Arcand
> >Is this a firewall problem from their end ???
> >
> Yes, It could be a firewall problem. IMO, It is more a privilege issue
> with NT. Have you try with Administrator privilege? Also, double check
> that your usesr have the proper java.security file with their JRE.
Sorry
)
[/code]
Is this a firewall problem from their end ???
Yes, It could be a firewall problem. IMO, It is more a privilege issue
with NT. Have you try with Administrator privilege? Also, double check
that your usesr have the proper java.security file with their JRE.
Is this a catalina.policy problem
java.lang.Thread.run(Unknown Source)
[/code]
Is this a firewall problem from their end ???
Is this a catalina.policy problem from my end ???
ntimePermission getClassLoader)
I've noticed that if I put this specific permission in the general grant
structure of catalina.policy, everything works fine:
grant {
// lots of other permissions
java.lang.RuntimePermission "getClassLoader";
};
I'd like to avoid granting all weba
the extra "jar:" and
"!/-" and restarting tomcat... however it still does not work. I tried
removing that extra syntax and it does not work in that case either. (In
fact, when I added the extra syntax to all of the jar files in
catalina.policy, it complained about bootstrap.jar
I am using tomcat version 4.0. I have tried adding the extra "jar:" and
"!/-" and restarting tomcat... however it still does not work. I tried
removing that extra syntax and it does not work in that case either. (In
fact, when I added the extra syntax to all of the jar file
"*.noaa.gov:80", "connect";
> >> };
> >>
> >>-- Jeanfrancois
> >>
> >>
> >
> >
> >Thanks for the quick reply!
> >But I have *already* done this and it still does not work.
> >
> >the file to down
Euh...Can you post your catalina.policy file? Maybe another permissions
is conflicting with the one you try to define. I'm doing some tests here
without any problems...
-- Jeanfrancois
Andrew Cheng wrote:
Sorry, I forgot to mention that a guy on the project decided
to be clever and he pu
Hi,
> That a good sign. That means the jdom jar does not get the proper
> permissions (the StringReader did not throw and exception). Double
> check where the jdom.jar is and how to you define the permission in
> the catalina.policy file. Good luck
I'm having similar problems w
Start Tomcat with the java property -Djava.security.debug=access,failure
defined, then review all the debug output.
More information on how the Tomcat SecurityManager works can be found at:
http://kinetic.more.net/web/javaserver/security.shtml
Regards,
Glenn
Andrew Cheng wrote:
Quick question
ion "*.noaa.gov:80", "connect";
> };
>
> -- Jeanfrancois
Thanks for the quick reply!
But I have *already* done this and it still does not work.
the file to download is http://the.third.machine:8080/my.dtd
and in catalina.policy I have:
grant codeBase "file:${catal
;,
"connect";
permission java.net.SocketPermission "*.noaa.gov:80", "connect";
};
-- Jeanfrancois
Thanks for the quick reply!
But I have *already* done this and it still does not work.
the file to download is http://the.third.machine:8080/my.dtd
and in ca
I corrected the extra "!"... however it still gives the same exception.
Then I tried directly calling builder.build() outside the AccessController.
However it still gives the same exception, just from a different line number
which corresponds to the invocation of builder.build()
Below is an exce
Well, then let go back and do something simple. First, set:
grant codeBase "file:${catalina.home}/myApplication/WEB-INF/lib/jdom.jar"
{
permission java.net.SocketPermission "the.third.machine:8080", "accept,
connect, listen, resolve";
permission java.security.AllPermission;
};
Then in your code,
That a good sign. That means the jdom jar does not get the proper
permissions (the StringReader did not throw and exception). Double check
where the jdom.jar is and how to you define the permission in the
catalina.policy file. Good luck
-- Jeanfrancois
Andrew Cheng wrote:
this had the
> Everything seems fine...What is the exact error? I will try to setup my
> environment similar to you and see if I can reproduce the problemThe
> socket exception is from which component exactly?
>
> -- Jeanfrancois
1/3 inside myServlet... see marked line in the middle
--
Have you try to directly invoke builder.build outside the
AccessController? Also, I think you have an extra ! at the end of the
jdom jar file:
grant codeBase
"file:${catalina.home}/myApplication/WEB-INF/lib/jdom.jar!/-"
{
permission java.net.SocketPermission "the.third.machine:8080", "accept,
c
Quick question:
I have an applet that communicates with a servlet. The servlet tries to
download a DTD file from a third machine. It gets a socket permission
access denied exception.
I have wrapped the line of code in the servlet that downloads the file with
a privileged block.
The line of cod
Everything seems fine...What is the exact error? I will try to setup my
environment similar to you and see if I can reproduce the problemThe
socket exception is from which component exactly?
-- Jeanfrancois
Andrew Cheng wrote:
Euh...Can you post your catalina.policy file? Maybe another
ideas,
please let me know. I definitely appreciate it!
> -Original Message-
> From: Jean-Francois Arcand [mailto:jfarcand@;apache.org]
> Sent: Thursday, October 17, 2002 4:08 PM
> To: Tomcat Users List
> Subject: Re: socket permission catalina.policy question
>
>
>
You need to add the something like that:
grant codeBase "file:${catalina.home}/webapps/<<>/-" {
permission java.net.SocketPermission "dbhost.mycompany.com:5432",
"connect";
permission java.net.SocketPermission "*.noaa.gov:80", "connect";
};
-- Jeanfrancois
Andrew Cheng wrote:
Quick q
> Euh...Can you post your catalina.policy file? Maybe another permissions
> is conflicting with the one you try to define. I'm doing some tests here
> without any problems...
>
> -- Jeanfrancois
Below is my policy file. (myApplication contains several servlets. Insid
Hi,
I use the Security Manager in my Webapps. Everythink works fine, until I
write the codeBase parameter to the grant in my catalina.policy. Then I get
some security Exceptions, which are not when I use only "grant" standalone.
I use this entry in my catalina.policy:
grant code
Hi,
I use the Security Manager in my Webapps. Everythink works fine, until I
write the codeBase parameter to the grant in my catalina.policy. Then I get
some security Exceptions, which are not when I use only "grant" standalone.
I use this entry in my catalina.policy:
grant code
Hi,
I am running Tomcat 4.0.4 with mod_jkk and apache1.3 with security manager.
I want to be able to let users to load their own jar files in their own
WEB-INF/lib but my current (standard) security configuration will not allow
this.
In the catalina.policy file it describes how to allow
I realize I can use a "-" or "*" at the end of my pathname. Can I use
one in the middle?
I have approximately 1,200 user webs that I'd like to enable for JSPs
with Jakarta Tomcat. I'd like each user to have write access to a
/webdata folder withing their web:
permission java.io.FilePermission
"d
Can I use a relative path with java.io.FilePermission? If I replace
"jtest\\-" with the absolute path of
"d:\\inetpub\\wwwroot\\dev\\jtest\\-" then it works fine?
Here's a snippet of my policy file:
grant codeBase "file:D:/Inetpub/Wwwroot/dev/-" {
permission java.io.FilePermission "jtest
I'm using Novell's eCommerce beans for LDAP authentication, and my JSP
works fine until I start tomcat with security manager. I've resolved
several errors by modifying catalina.policy, but I can't seem to get
past this one:
com.novell.ecb.CommandException: access denied (ja
Hi,
i want to start tomcat with the "-security" option. But have some
trouble to set up the policy right.
I have an web application within a .war file, which is not unpacked.
In this .war file i have a property file (ResourceBundle) and other
configuration files which i want to access.
I am usi
prüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Gesendet: Freitag, 22. Februar 2002 19:21
An: Tomcat Users List
Betreff: Re: catalina.policy
Try running tomcat with
CATALINA_OPTS=-Djava.security.debug=access,failure
It should help pinpoint which class is trying to ac
Please respond to "Tomcat Users List" <[EMAIL PROTECTED]>
To: "Tomcat-User@Jakarta. Apache. Org (E-Mail)"
<[EMAIL PROTECTED]>
cc:
Subject: catalina.policy
Hello,
I run catalina (TC 4.0.2-b2) with the security manager. After starting I
get
a java.security.A
Hello,
I run catalina (TC 4.0.2-b2) with the security manager. After starting I get
a java.security.AccessControlException. I have extended the catalina.policy
with:
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read
Hi list,
I'm using -security option when I' starting my tomcat 4.0 server.
I'd like to allow a web application to access files from another web application. So I
have added those lines in my catalina.policy file :
grant codeBase "myApp1" {
permission java.secur
Hello Roshan,
first of all thank you very much for your engagement.
> If you could post your policy file and a decent chunk of your log output,
> it might help :-)
My policy file is the standard-file from the distribution with just two changes:
// These Permissions are in the default-grant-sec
our policy file and a decent chunk of your log output,
it might help :-)
Hope this helps.
Thanks.
RS
Laura Reising <[EMAIL PROTECTED]> on 01/09/2002 05:05:16 AM
Please respond to "Tomcat Users List" <[EMAIL PROTECTED]>
To: Tomcat Users List <[EMAIL PROTECTED]&
Hello Roshan,
> So the grant in the snippet below uses a "file" URL to give classes from
> the ${work.dir} read access to all files under ${doc.root} directory and
> read, write, delete access to files under ${work.dir} directory. The "-"
> following the "/" refers to all files in a directory an
: pic11942.pcx)
01/08/2002 08:32 AM
To: "Tomcat Users List" <[EMAIL PROTECTED]>
cc:
Subject: Re: catalina.policy: "file:"?
Laura Reising <[EMAIL PROTECTED]> on 01/08/2002 05:24:58 AM
Please respond to "Tomcat Users List" <[EMAIL PROTECTED]>
Laura Reising <[EMAIL PROTECTED]> on 01/08/2002 05:24:58 AM
Please respond to "Tomcat Users List" <[EMAIL PROTECTED]>
To: tomcat <[EMAIL PROTECTED]>
cc:
Subject: catalina.policy: "file:"?
Hello list,
I'm still busy with my policy-Problem fr
Hello list,
I'm still busy with my policy-Problem from yesterday ("Give webapps
FilePermissions in catalina.policy").
I didn't find any solution yet, but I have a question about "file:".
This code I found under
"http:[EMAIL PROTECTED]%3E":
<
ina.home}/webapps/myApp/-" {
> permission java.security.AllPermission;
> };
thank you very much for the code!
When I modify my catalina.policy to:
<---snip--->
grant codeBase "file:${catalina.home}/webapps/jspMyAdmin/-" {
permission java.security.AllPer
I believe the syntax is a bit different for web apps
as indicated by the example in the file. Here is
my spec for AllPermission for myApp. You should be able
to modify it for your purposes:
grant codeBase "file:${catalina.home}/webapps/myApp/-" {
permission java.securi
Hello list,
I'm using Tomcat4.0.1 with the "-security"-option.
Now I want every webapp to have the read- and write--FilePermission to
the files in it's own Doc-Root.
I tried the following in "catalina.policy":
<---snip--->
// These permissions are grante
60 matches
Mail list logo