Greg,
My guess is that Axis2 doesn't have the right permissions to list the
content of the WEB-INF/modules directory. I had a quick look at the
Axis2 code and it seems to handle an I/O error in the same way as an
empty directory. On the other hand, the documentation of
FilePermission says that "A pathname that ends in "/*" [...] indicates
all the files and directories contained in that directory." The would
suggest that you only granted permissions to the files in the
WEB-INF/modules directory, but not the permission to read (list) the
directory itself. Probably you need to add the following permission as
well:
permission java.io.FilePermission
"${catalina.base}/webapps/player/WEB-INF/modules", "read";
If that is confirmed, could you please open a JIRA report about the
fact that Axis2 doesn't warn the user about an unreadable modules (and
services) directory?
Andreas
On Tue, Aug 11, 2009 at 21:19, Greg Logan<[email protected]> wrote:
> Hi List,
>
> I'm trying to get my Axis2 application to run on a Tomcat 6.0.18 install
> running on an Ubuntu server. This server runs with the Java 2 Security
> framework in Tomcat turned ON, so solutions involving turning it off won't
> work for this case :P
>
> Unfortunately I keep running into permissions issues, and there does not
> appear to be any definitive (or working!) documentation as to precisely what
> permissions Axis2 needs. I've tried a number of different permissions
> approaches, but I just can't seem to get the application going.
>
> For example, adding the following to the permissions:
>
> // ================= Axis2 Permissions ========================
> //
> grant {
> // For some mysterious reason these 2 are required outside the
> Axis-specific permissions
> // No idea what the codebase should be
> permission java.io.FilePermission
> "${catalina.base}/webapps/player/WEB-INF/-", "read";
> permission java.lang.RuntimePermission "getClassLoader";
> };
>
> grant codeBase "file:/var/lib/tomcat6/webapps/player/-" {
> permission java.lang.RuntimePermission "createClassLoader";
> permission java.lang.RuntimePermission "setContextClassLoader";
> permission java.lang.RuntimePermission "checkPropertiesAccess";
> permission java.lang.RuntimePermission "getClassLoader";
> permission java.lang.RuntimePermission "getProtectionDomain";
> permission java.lang.RuntimePermission
> "defineClassInPackage.org.apache.jasper.runtime";
> permission java.lang.RuntimePermission "shutdownHooks";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> permission java.util.PropertyPermission "*", "read,write";
> permission java.net.SocketPermission "ex.com", "resolve, connect";
> permission java.io.FilePermission
> "${catalina.base}/webapps/player/WEB-INF/modules/*", "read,write";
> permission java.io.FilePermission
> "${catalina.base}/webapps/player/WEB-INF/services/*", "read,write";
> permission java.io.FilePermission "${catalina.home}/common/classes",
> "read";
> permission java.io.FilePermission "${catalina.home}/shared/classes",
> "read";
> permission java.io.FilePermission "${catalina.base}/common/classes",
> "read";
> permission java.io.FilePermission "${catalina.base}/shared/classes",
> "read";
> permission java.io.FilePermission "${catalina.home}/common/i18n/*", "read";
> permission java.io.FilePermission "${catalina.home}/common/lib/*", "read";
> permission java.io.FilePermission "${catalina.home}/bin/bootstrap.jar",
> "read";
> permission java.io.FilePermission
> "${catalina.base}/webapps/player/WEB-INF/scriptServices/*", "read";
> permission java.io.FilePermission "${java.home}/lib/ext/*", "read";
> // Other directories that are in the classpath
> permission java.io.FilePermission "/usr/share/java/*", "read";
> };
>
> gets me this result (note that this *exact* deployed war works fine when
> security is off, so the module *is* there):
>
> org.apache.axis2.AxisFault: The system is attempting to engage a module that
> is not available: addressing
> at
> org.apache.axis2.engine.AxisConfiguration.engageModule(AxisConfiguration.java:506)
> at
> org.apache.axis2.engine.AxisConfiguration.engageGlobalModules(AxisConfiguration.java:633)
>
>
> The app does work when security is turned off, and also works when granted
> java.security.AllPermissions, but that's really not ideal. Does anyone have
> a working set of permissions for Axis2?
>
