[jira] Resolved: (JS2-205) Using Tomcat Security Policy breaks RdbmsPolicy

Sat, 24 Sep 2005 05:35:51 -0700 

     [ http://issues.apache.org/jira/browse/JS2-205?page=all ]
     
David Le Strat resolved JS2-205:
--------------------------------

    Fix Version: 2.0-M4
                     (was: 2.0-M2)
     Resolution: Fixed

This should take care of this issue, please validate.

> Using Tomcat Security Policy breaks RdbmsPolicy
> -----------------------------------------------
>
>          Key: JS2-205
>          URL: http://issues.apache.org/jira/browse/JS2-205
>      Project: Jetspeed 2
>         Type: Bug
>   Components: Security
>     Versions: 2.0-M2
>     Reporter: David Sean Taylor
>     Assignee: David Le Strat
>      Fix For: 2.0-M4
>  Attachments: Rdbms.patch
>
> I set my Tomcat Security policy to:
> grant {
>    permission java.security.AllPermission;
> }; 
> Start Tomcat 5.0.31 as:
> catalina run -security
> And it gets a stack overflow from recursive loop in policy setup:
>         at 
> java.security.AccessController.checkPermission(AccessController.java:
> 401)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
>         at javax.security.auth.Subject.getSubject(Subject.java:251)
>         at 
> org.apache.jetspeed.security.impl.RdbmsPolicy.getPermissions(RdbmsPol
> icy.java:90)
>         at java.security.Policy.getPermissions(Policy.java:343)
>         at java.security.Policy.implies(Policy.java:397)
>         at java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
>         at 
> java.security.AccessControlContext.checkPermission(AccessControlConte
> As an interim fix, if you don't need the Rdbms Policy,
> In the jetspeed-spring.xml, comment out:
>   <!-- Security: RDBMS Policy implementation for JAAS -->
>   <!--
>   <bean id="org.apache.jetspeed.security.impl.RdbmsPolicy" 
>          class="org.apache.jetspeed.security.impl.RdbmsPolicy"
>   >      
>          <constructor-arg ><ref 
> bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg>     
>    
>   </bean>
>   -->
>   <!-- Security: Authorization Provider -->
>   <!--
>   <bean id="org.apache.jetspeed.security.AuthorizationProvider" 
>          class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl"
>   >      
>          <constructor-arg ><ref 
> bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg>   
>   </bean>
>   -->

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to