RE: java.security.AccessControlException: access denied
i was able to get this fixed by replacing the permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; with permission java.io.FilePermission ALL FILES, read; -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 1:23 PM To: Shilpa Nalgonda Subject: RE: java.security.AccessControlException: access denied That's really curious. I'd try two things: 1) change the file permission to this: permission java.io.FilePermission ALL FILES, read; If that works, then there's a problem with the path in the file permission. If that doesn't work, then... 2) add a java.security.AllPermission permission (for testing only) If that doesn't work, then this is not the policy file in use. If it does, then another permission is missing, and the exception is being misreported. Again, I'd also try writing a JSP that creates a java.io.File at the certs location, and calls File#canRead() in a try{}catch(SecurityException) block to make sure that we're looking at the right problem. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 5:36 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I wrote a jsp file to read the cert file from the C:/certs dir. Initially i got the same error, then i changed the catalina.policy file to include file name permission java.io.FilePermission C:/certs/f73e89fd.0, read; and it worked. But for some reason the verisign authentication still shows the same error. -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:50 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I am using -security option to run TC. I am not quite sure about the syntax of the policy file, i should check that, but can u suggest me what is the correct syntax ? and also i will try to read this file using some test.jsp and let you know. thanks. -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:42 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied You shouldn't need to add it anywhere else: Permissions are cumulative, so if that file permission is in a grant{} block, all the code running under the jvm will have it. You mentioned making the changes to java.policy as well: This should be unnecessary, as the catalina.policy file is the only one in effect if you start TC with the -security option. The situation as you're describing it sounds right, but since I know from experience that the security manager works just fine in 4.1.x, something is getting left out. Are you using the -security option to get the security manager, or are you using some parameters in $JAVA_OPTS? Are you certain about the syntax of your policy file (although that usually fails more dramatically than this)? Can you write a test JSP or servlet that reads a file out of that directory? Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:10 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied No certs is a directory. shall i add it in other place other than the general grant block. -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:09 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied If certs is a file and not a directory, take off the \\- at the end of the permission url. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 2:50 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I added the below line in the general grant{} block. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; I tried placing the certs file in other directory too where there is no whitespace issue. But i still have the problem. can you think of anything else? -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:32 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied Where did you add the permission in the catalina.policy file? In a general grant{} block? If not, it's possible that your code doesn't have
tomcat5: Error java.security.AccessControlException: Access denied (mx4j.server.MBeanTrustPermission register): MBean class org.apache.commons.modeler.BaseModelMBean is not trusted for registration
I get a really strange error when tomcat5 is loading our webapps. I have no clue where does it comes from. Please help Aug 24, 2004 5:57:00 PM org.apache.commons.modeler.Registry registerComponent SEVERE: Error registering Catalina:j2eeType=WebModule,name=//localhost/xclin,J2EEApplication=none, J2EEServer=none java.security.AccessControlException: Access denied (mx4j.server.MBeanTrustPermission register): MBean class org.apache.commons.modeler.BaseModelMBean is not trusted for registration at mx4j.server.interceptor.SecurityMBeanServerInterceptor.checkTrustRegistr ation(SecurityMBeanServerInterceptor.java:156) at mx4j.server.interceptor.SecurityMBeanServerInterceptor.registration(Secu rityMBeanServerInterceptor.java:116) at mx4j.server.interceptor.DefaultMBeanServerInterceptor.registration(Defau ltMBeanServerInterceptor.java:113) at mx4j.server.interceptor.DefaultMBeanServerInterceptor.registration(Defau ltMBeanServerInterceptor.java:113) at mx4j.server.interceptor.ContextClassLoaderMBeanServerInterceptor.registr ation(ContextClassLoaderMBeanServerInterceptor.java:108) at mx4j.server.MBeanServerImpl.registerImpl(MBeanServerImpl.java:1051) at mx4j.server.MBeanServerImpl.registerMBeanImpl(MBeanServerImpl.java:1002) at mx4j.server.MBeanServerImpl.registerMBean(MBeanServerImpl.java:978) at org.apache.commons.modeler.Registry.registerComponent(Registry.java:871) at org.apache.catalina.core.StandardContext.registerJMX(StandardContext.jav a:5361) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4379 ) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083) at org.apache.catalina.core.StandardHost.start(StandardHost.java:789) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478) at org.apache.catalina.core.StandardService.start(StandardService.java:480) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:422) Aug 24, 2004 5:57:00 PM org.apache.catalina.core.StandardContext registerJMX Benoit Marchal Director NovaXon BV Tel: +31 43 356 14 60 Fax: +31 43 356 14 61
java.security.AccessControlException: access denied
I am running Tomcat4.1.30 on windows 2000, with security option turned on. My java application which is using JDK 1.4, connects to the the credit card authorizing company called verisign, and returns the approval authorization code. I have installed the digital certificate on $TOMCAT_HOME\certs directory. There are read permissions on the cert file. But still for some reason the verisign is not able to read the cert file due to the below error. RESULT=-31RESPMSG=The certificate chain did not validate, no local certificate found, java.security.AccessControlException: access denied (java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs read) However when i run Tomcat server without security, everything is file. Somehow tomcat is restricting the permission to read the cert file. Verisign uses Jsse.jar to do the security authentication. I have modofied both java.policy and catalina.policy to grant permission on the cert file as below. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; But this does not help, is there anything else i should do to the server.xml file... How does the security manager runs in Tomcat4.1 Please help... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.security.AccessControlException: access denied
Where did you add the permission in the catalina.policy file? In a general grant{} block? If not, it's possible that your code doesn't have the permission. It may also be the case that the whitespace in the filepath causes problems, but someone who actually runs on Windows could tell you better than I. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 1:51 PM To: [EMAIL PROTECTED] Subject: java.security.AccessControlException: access denied I am running Tomcat4.1.30 on windows 2000, with security option turned on. My java application which is using JDK 1.4, connects to the the credit card authorizing company called verisign, and returns the approval authorization code. I have installed the digital certificate on $TOMCAT_HOME\certs directory. There are read permissions on the cert file. But still for some reason the verisign is not able to read the cert file due to the below error. RESULT=-31RESPMSG=The certificate chain did not validate, no local certificate found, java.security.AccessControlException: access denied (java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs read) However when i run Tomcat server without security, everything is file. Somehow tomcat is restricting the permission to read the cert file. Verisign uses Jsse.jar to do the security authentication. I have modofied both java.policy and catalina.policy to grant permission on the cert file as below. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; But this does not help, is there anything else i should do to the server.xml file... How does the security manager runs in Tomcat4.1 Please help... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.security.AccessControlException: access denied
I added the below line in the general grant{} block. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; I tried placing the certs file in other directory too where there is no whitespace issue. But i still have the problem. can you think of anything else? -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:32 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied Where did you add the permission in the catalina.policy file? In a general grant{} block? If not, it's possible that your code doesn't have the permission. It may also be the case that the whitespace in the filepath causes problems, but someone who actually runs on Windows could tell you better than I. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 1:51 PM To: [EMAIL PROTECTED] Subject: java.security.AccessControlException: access denied I am running Tomcat4.1.30 on windows 2000, with security option turned on. My java application which is using JDK 1.4, connects to the the credit card authorizing company called verisign, and returns the approval authorization code. I have installed the digital certificate on $TOMCAT_HOME\certs directory. There are read permissions on the cert file. But still for some reason the verisign is not able to read the cert file due to the below error. RESULT=-31RESPMSG=The certificate chain did not validate, no local certificate found, java.security.AccessControlException: access denied (java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs read) However when i run Tomcat server without security, everything is file. Somehow tomcat is restricting the permission to read the cert file. Verisign uses Jsse.jar to do the security authentication. I have modofied both java.policy and catalina.policy to grant permission on the cert file as below. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; But this does not help, is there anything else i should do to the server.xml file... How does the security manager runs in Tomcat4.1 Please help... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.security.AccessControlException: access denied
If certs is a file and not a directory, take off the \\- at the end of the permission url. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 2:50 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I added the below line in the general grant{} block. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; I tried placing the certs file in other directory too where there is no whitespace issue. But i still have the problem. can you think of anything else? -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:32 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied Where did you add the permission in the catalina.policy file? In a general grant{} block? If not, it's possible that your code doesn't have the permission. It may also be the case that the whitespace in the filepath causes problems, but someone who actually runs on Windows could tell you better than I. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 1:51 PM To: [EMAIL PROTECTED] Subject: java.security.AccessControlException: access denied I am running Tomcat4.1.30 on windows 2000, with security option turned on. My java application which is using JDK 1.4, connects to the the credit card authorizing company called verisign, and returns the approval authorization code. I have installed the digital certificate on $TOMCAT_HOME\certs directory. There are read permissions on the cert file. But still for some reason the verisign is not able to read the cert file due to the below error. RESULT=-31RESPMSG=The certificate chain did not validate, no local certificate found, java.security.AccessControlException: access denied (java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs read) However when i run Tomcat server without security, everything is file. Somehow tomcat is restricting the permission to read the cert file. Verisign uses Jsse.jar to do the security authentication. I have modofied both java.policy and catalina.policy to grant permission on the cert file as below. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; But this does not help, is there anything else i should do to the server.xml file... How does the security manager runs in Tomcat4.1 Please help... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.security.AccessControlException: access denied
No certs is a directory. shall i add it in other place other than the general grant block. -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:09 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied If certs is a file and not a directory, take off the \\- at the end of the permission url. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 2:50 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I added the below line in the general grant{} block. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; I tried placing the certs file in other directory too where there is no whitespace issue. But i still have the problem. can you think of anything else? -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:32 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied Where did you add the permission in the catalina.policy file? In a general grant{} block? If not, it's possible that your code doesn't have the permission. It may also be the case that the whitespace in the filepath causes problems, but someone who actually runs on Windows could tell you better than I. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 1:51 PM To: [EMAIL PROTECTED] Subject: java.security.AccessControlException: access denied I am running Tomcat4.1.30 on windows 2000, with security option turned on. My java application which is using JDK 1.4, connects to the the credit card authorizing company called verisign, and returns the approval authorization code. I have installed the digital certificate on $TOMCAT_HOME\certs directory. There are read permissions on the cert file. But still for some reason the verisign is not able to read the cert file due to the below error. RESULT=-31RESPMSG=The certificate chain did not validate, no local certificate found, java.security.AccessControlException: access denied (java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs read) However when i run Tomcat server without security, everything is file. Somehow tomcat is restricting the permission to read the cert file. Verisign uses Jsse.jar to do the security authentication. I have modofied both java.policy and catalina.policy to grant permission on the cert file as below. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; But this does not help, is there anything else i should do to the server.xml file... How does the security manager runs in Tomcat4.1 Please help... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.security.AccessControlException: access denied
You shouldn't need to add it anywhere else: Permissions are cumulative, so if that file permission is in a grant{} block, all the code running under the jvm will have it. You mentioned making the changes to java.policy as well: This should be unnecessary, as the catalina.policy file is the only one in effect if you start TC with the -security option. The situation as you're describing it sounds right, but since I know from experience that the security manager works just fine in 4.1.x, something is getting left out. Are you using the -security option to get the security manager, or are you using some parameters in $JAVA_OPTS? Are you certain about the syntax of your policy file (although that usually fails more dramatically than this)? Can you write a test JSP or servlet that reads a file out of that directory? Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:10 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied No certs is a directory. shall i add it in other place other than the general grant block. -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:09 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied If certs is a file and not a directory, take off the \\- at the end of the permission url. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 2:50 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I added the below line in the general grant{} block. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; I tried placing the certs file in other directory too where there is no whitespace issue. But i still have the problem. can you think of anything else? -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:32 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied Where did you add the permission in the catalina.policy file? In a general grant{} block? If not, it's possible that your code doesn't have the permission. It may also be the case that the whitespace in the filepath causes problems, but someone who actually runs on Windows could tell you better than I. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 1:51 PM To: [EMAIL PROTECTED] Subject: java.security.AccessControlException: access denied I am running Tomcat4.1.30 on windows 2000, with security option turned on. My java application which is using JDK 1.4, connects to the the credit card authorizing company called verisign, and returns the approval authorization code. I have installed the digital certificate on $TOMCAT_HOME\certs directory. There are read permissions on the cert file. But still for some reason the verisign is not able to read the cert file due to the below error. RESULT=-31RESPMSG=The certificate chain did not validate, no local certificate found, java.security.AccessControlException: access denied (java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs read) However when i run Tomcat server without security, everything is file. Somehow tomcat is restricting the permission to read the cert file. Verisign uses Jsse.jar to do the security authentication. I have modofied both java.policy and catalina.policy to grant permission on the cert file as below. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; But this does not help, is there anything else i should do to the server.xml file... How does the security manager runs in Tomcat4.1 Please help... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
RE: java.security.AccessControlException: access denied
I am using -security option to run TC. I am not quite sure about the syntax of the policy file, i should check that, but can u suggest me what is the correct syntax ? and also i will try to read this file using some test.jsp and let you know. thanks. -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:42 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied You shouldn't need to add it anywhere else: Permissions are cumulative, so if that file permission is in a grant{} block, all the code running under the jvm will have it. You mentioned making the changes to java.policy as well: This should be unnecessary, as the catalina.policy file is the only one in effect if you start TC with the -security option. The situation as you're describing it sounds right, but since I know from experience that the security manager works just fine in 4.1.x, something is getting left out. Are you using the -security option to get the security manager, or are you using some parameters in $JAVA_OPTS? Are you certain about the syntax of your policy file (although that usually fails more dramatically than this)? Can you write a test JSP or servlet that reads a file out of that directory? Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:10 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied No certs is a directory. shall i add it in other place other than the general grant block. -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:09 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied If certs is a file and not a directory, take off the \\- at the end of the permission url. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 2:50 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I added the below line in the general grant{} block. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; I tried placing the certs file in other directory too where there is no whitespace issue. But i still have the problem. can you think of anything else? -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:32 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied Where did you add the permission in the catalina.policy file? In a general grant{} block? If not, it's possible that your code doesn't have the permission. It may also be the case that the whitespace in the filepath causes problems, but someone who actually runs on Windows could tell you better than I. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 1:51 PM To: [EMAIL PROTECTED] Subject: java.security.AccessControlException: access denied I am running Tomcat4.1.30 on windows 2000, with security option turned on. My java application which is using JDK 1.4, connects to the the credit card authorizing company called verisign, and returns the approval authorization code. I have installed the digital certificate on $TOMCAT_HOME\certs directory. There are read permissions on the cert file. But still for some reason the verisign is not able to read the cert file due to the below error. RESULT=-31RESPMSG=The certificate chain did not validate, no local certificate found, java.security.AccessControlException: access denied (java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs read) However when i run Tomcat server without security, everything is file. Somehow tomcat is restricting the permission to read the cert file. Verisign uses Jsse.jar to do the security authentication. I have modofied both java.policy and catalina.policy to grant permission on the cert file as below. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; But this does not help, is there anything else i should do to the server.xml file... How does the security manager runs in Tomcat4.1 Please help... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
RE: java.security.AccessControlException: access denied
I wrote a jsp file to read the cert file from the C:/certs dir. Initially i got the same error, then i changed the catalina.policy file to include file name permission java.io.FilePermission C:/certs/f73e89fd.0, read; and it worked. But for some reason the verisign authentication still shows the same error. -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:50 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I am using -security option to run TC. I am not quite sure about the syntax of the policy file, i should check that, but can u suggest me what is the correct syntax ? and also i will try to read this file using some test.jsp and let you know. thanks. -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:42 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied You shouldn't need to add it anywhere else: Permissions are cumulative, so if that file permission is in a grant{} block, all the code running under the jvm will have it. You mentioned making the changes to java.policy as well: This should be unnecessary, as the catalina.policy file is the only one in effect if you start TC with the -security option. The situation as you're describing it sounds right, but since I know from experience that the security manager works just fine in 4.1.x, something is getting left out. Are you using the -security option to get the security manager, or are you using some parameters in $JAVA_OPTS? Are you certain about the syntax of your policy file (although that usually fails more dramatically than this)? Can you write a test JSP or servlet that reads a file out of that directory? Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:10 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied No certs is a directory. shall i add it in other place other than the general grant block. -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:09 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied If certs is a file and not a directory, take off the \\- at the end of the permission url. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 2:50 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I added the below line in the general grant{} block. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; I tried placing the certs file in other directory too where there is no whitespace issue. But i still have the problem. can you think of anything else? -Original Message- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:32 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied Where did you add the permission in the catalina.policy file? In a general grant{} block? If not, it's possible that your code doesn't have the permission. It may also be the case that the whitespace in the filepath causes problems, but someone who actually runs on Windows could tell you better than I. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 1:51 PM To: [EMAIL PROTECTED] Subject: java.security.AccessControlException: access denied I am running Tomcat4.1.30 on windows 2000, with security option turned on. My java application which is using JDK 1.4, connects to the the credit card authorizing company called verisign, and returns the approval authorization code. I have installed the digital certificate on $TOMCAT_HOME\certs directory. There are read permissions on the cert file. But still for some reason the verisign is not able to read the cert file due to the below error. RESULT=-31RESPMSG=The certificate chain did not validate, no local certificate found, java.security.AccessControlException: access denied (java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs read) However when i run Tomcat server without security, everything is file. Somehow tomcat is restricting the permission to read the cert file. Verisign uses Jsse.jar to do the security authentication. I have modofied both java.policy