[ http://issues.apache.org/jira/browse/JS2-205?page=comments#action_61802 ] weiwei commented on JS2-205: ----------------------------
I also have this problem. In order to execute my program, I need install a SecurityManager on tomcat server; But, when i started tomcat server with security and all permission, jetspeed2 threw many exceptions; I can't understand this problem. Hope this problem can be solved soon. > Using Tomcat Security Policy breaks RdbmsPolicy > ----------------------------------------------- > > Key: JS2-205 > URL: http://issues.apache.org/jira/browse/JS2-205 > Project: Jetspeed 2 > Type: Bug > Components: Security > Versions: 2.0-M2 > Reporter: David Sean Taylor > Assignee: David Sean Taylor > Fix For: 2.0-M2 > > I set my Tomcat Security policy to: > grant { > permission java.security.AllPermission; > }; > Start Tomcat 5.0.31 as: > catalina run -security > And it gets a stack overflow from recursive loop in policy setup: > at > java.security.AccessController.checkPermission(AccessController.java: > 401) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:524) > at javax.security.auth.Subject.getSubject(Subject.java:251) > at > org.apache.jetspeed.security.impl.RdbmsPolicy.getPermissions(RdbmsPol > icy.java:90) > at java.security.Policy.getPermissions(Policy.java:343) > at java.security.Policy.implies(Policy.java:397) > at java.security.ProtectionDomain.implies(ProtectionDomain.java:189) > at > java.security.AccessControlContext.checkPermission(AccessControlConte > As an interim fix, if you don't need the Rdbms Policy, > In the jetspeed-spring.xml, comment out: > <!-- Security: RDBMS Policy implementation for JAAS --> > <!-- > <bean id="org.apache.jetspeed.security.impl.RdbmsPolicy" > class="org.apache.jetspeed.security.impl.RdbmsPolicy" > > > <constructor-arg ><ref > bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg> > > </bean> > --> > <!-- Security: Authorization Provider --> > <!-- > <bean id="org.apache.jetspeed.security.AuthorizationProvider" > class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl" > > > <constructor-arg ><ref > bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg> > </bean> > --> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
