Re: Axis2 and Tomcat's SECURITY Flag

Tue, 11 Aug 2009 14:31:59 -0700 

Martin Gainty wrote:

verify ws-addressing-<version>.mar is in
axis2/WEB-INF/modules?


Exists


axis2/WEB-INF/conf/axis2.xml contains
<module ref="addressing"/>


Is there


axis2/web-inf/modules/modules.list contains
addressing-<version>.mar


Is also there.


To be clear:  This exact webapp works fine when the Tomcat security flag 
is set to 'no' (ie, disabled), but fails when set to 'yes'.  The 
application itself should not be the problem...


G


Martin Gainty 
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité


Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.





Date: Tue, 11 Aug 2009 13:19:08 -0600
From: [email protected]
Subject: Axis2 and Tomcat's SECURITY Flag
To: [email protected]

Hi List,


I'm trying to get my Axis2 application to run on a Tomcat 6.0.18 install 
running on an Ubuntu server.  This server runs with the Java 2 Security 
framework in Tomcat turned ON, so solutions involving turning it off 
won't work for this case :P



Unfortunately I keep running into permissions issues, and there does not 
appear to be any definitive (or working!) documentation as to precisely 
what permissions Axis2 needs.  I've tried a number of different 
permissions approaches, but I just can't seem to get the application going.


For example, adding the following to the permissions:

// ================= Axis2 Permissions ========================
//
grant {

   // For some mysterious reason these 2 are required outside the 
Axis-specific permissions

   // No idea what the codebase should be

   permission java.io.FilePermission 
"${catalina.base}/webapps/player/WEB-INF/-", "read";

   permission java.lang.RuntimePermission "getClassLoader";
};

grant codeBase "file:/var/lib/tomcat6/webapps/player/-" {
   permission java.lang.RuntimePermission "createClassLoader";
   permission java.lang.RuntimePermission "setContextClassLoader";
   permission java.lang.RuntimePermission "checkPropertiesAccess";
   permission java.lang.RuntimePermission "getClassLoader";
   permission java.lang.RuntimePermission "getProtectionDomain";

   permission java.lang.RuntimePermission 
"defineClassInPackage.org.apache.jasper.runtime";

   permission java.lang.RuntimePermission "shutdownHooks";
   permission java.lang.RuntimePermission "accessDeclaredMembers";
   permission java.util.PropertyPermission "*", "read,write";
   permission java.net.SocketPermission "ex.com", "resolve, connect";

   permission java.io.FilePermission 
"${catalina.base}/webapps/player/WEB-INF/modules/*", "read,write";
   permission java.io.FilePermission 
"${catalina.base}/webapps/player/WEB-INF/services/*", "read,write";
   permission java.io.FilePermission "${catalina.home}/common/classes", 
"read";
   permission java.io.FilePermission "${catalina.home}/shared/classes", 
"read";
   permission java.io.FilePermission "${catalina.base}/common/classes", 
"read";
   permission java.io.FilePermission "${catalina.base}/shared/classes", 
"read";
   permission java.io.FilePermission "${catalina.home}/common/i18n/*", 
"read";
   permission java.io.FilePermission "${catalina.home}/common/lib/*", 
"read";
   permission java.io.FilePermission 
"${catalina.home}/bin/bootstrap.jar", "read";
   permission java.io.FilePermission 
"${catalina.base}/webapps/player/WEB-INF/scriptServices/*", "read";

   permission java.io.FilePermission "${java.home}/lib/ext/*", "read";
   // Other directories that are in the classpath
   permission java.io.FilePermission "/usr/share/java/*", "read";
};


gets me this result (note that this *exact* deployed war works fine when 
security is off, so the module *is* there):



org.apache.axis2.AxisFault: The system is attempting to engage a module 
that is not available: addressing
         at 
org.apache.axis2.engine.AxisConfiguration.engageModule(AxisConfiguration.java:506)
         at 
org.apache.axis2.engine.AxisConfiguration.engageGlobalModules(AxisConfiguration.java:633)




The app does work when security is turned off, and also works when 
granted java.security.AllPermissions, but that's really not ideal.  Does 
anyone have a working set of permissions for Axis2?


_________________________________________________________________
Get free photo software from Windows Live
http://www.windowslive.com/online/photos?ocid=PID23393::T:WLMTAGL:ON:WL:en-US:SI_PH_software:082009

























					Reply via email to