Hi Larry,
Thank you very much!
That was it. I'm not sure I understand well what the context of a
checkPermission is made of... hum... Is it that it uses the context from the
web apps to "checkPermission"...? But then why is checkPermission for my jar in
common/endorsed succeed for "getClassLoader" but fail for SocketPermission? I
did not find anything for that in Tomcat's policies files.
Thanks again for your help!
Hugues
Larry Isaacs <[EMAIL PROTECTED]> wrote: It is likely that some other class in
your webapp is on the
stack when the permission check occurs and it causing the
check to fail. You could try ".../WEB-INF/-" to expand
the grant to the entire webapp and see what happens.
To diagnose this kind of exception, you can add the following
system property to your Tomcat startup:
-Djava.security.debug=access,failure
In the volumes of log output created, search for "access
denied". A little beyond where you find this, look for
"domain that failed". That will tell you what is missing
the required permission. Note that some permission failures
are normal and won't cause a problem.
Cheers,
Larry
> -----Original Message-----
> From: Hugues Ferland [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 06, 2007 5:30 PM
> To: users@tomcat.apache.org
> Subject: Tomcat policy file, advice and clarification please
>
> Hi,
>
> I have a Tomcat 5.5 installation on Debian Linux with Java 1.6.
>
> I have a web application that create its own connection to an
> Oracle database. The ojdbc14.jar is included in the
> WEB-INF/lib directory of the web application.
>
> Now with the default configuration with security enabled, a
> SecurityException "java.lang.RuntimePermission
> getClassLoader" is thrown.
>
> I tried to apply a security policy to ojdbc14.jar with grant
> AllPermission, but without success. This is what I added to
> /etc/tomcat5.5/policy.d/50user.policy:
>
> grant codeBase "file:/
> application>/WEB-INF/lib/ojdbc.jar" {
> permission java.security.AllPermission; }
>
> This did not work. One particularity of the web application
> is that I do not deploy it with a war file. I created it
> using a context xml file in
> ${catalina.home}/conf/Catalina/localhost/.xml.
>
> Also the docBase point outside the ${catalina.home}.
>
> Of course, I'd like to know what I'm doing wrong... I looked
> on google, tomcat-docs, and other places without any luck...
> Maybe somebody could point me in the right direction? Or
> better yet tell me what is wrong :)
>
> Thanks,
>
> Hugues
>
>
> ---------------------------------
> All new Yahoo! Mail
> ---------------------------------
> Get news delivered. Enjoy RSS feeds right on your Mail page.
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
All new Yahoo! Mail
---------------------------------
Get news delivered. Enjoy RSS feeds right on your Mail page.
