[Bug 509528] Re: Security manager breaks session listing
Fixed in Lucid as of 6.0.24-2 (does not use a securitymanager by default) ** Changed in: tomcat6 (Ubuntu) Status: Triaged = Fix Released -- Security manager breaks session listing https://bugs.launchpad.net/bugs/509528 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 509528] Re: Security manager breaks session listing
Tomcat 6.0.24-2 packaged for Debian now disables the security manager by default. It should solve this bug. -- Security manager breaks session listing https://bugs.launchpad.net/bugs/509528 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 509528] Re: Security manager breaks session listing
The security manager is causing lots of usability issues because it's difficult to get right, for little additional security (since we run as an unprivileged user). Upstream tomcat disables it by default. For Lucid, we are also considering disabling it by default (it will still be an option for those who know what they are doing). For working around your bug, both solutions are valid. I'd suggest adding a policy file if you still want to run with the securitymanager on. -- Security manager breaks session listing https://bugs.launchpad.net/bugs/509528 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 509528] Re: Security manager breaks session listing
tomcat6-admin should ship its own policy file in /etc/tomcat6/policy.d, something like: grant codeBase file:/usr/share/tomcat6-admin/manager/- { permission java.lang.RuntimePermission accessClassInPackage.org.apache.catalina; permission java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.manager; permission java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.manager.util; }; Let's see if getting rid of the securitymanager altogether is not a smarter move. -- Security manager breaks session listing https://bugs.launchpad.net/bugs/509528 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 509528] Re: Security manager breaks session listing
** Changed in: tomcat6 (Ubuntu) Importance: Undecided = Medium ** Changed in: tomcat6 (Ubuntu) Status: New = Triaged -- Security manager breaks session listing https://bugs.launchpad.net/bugs/509528 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 509528] Re: Security manager breaks session listing
** Attachment added: AccessControlException stacktrace when opening the session list http://launchpadlibrarian.net/38076021/sessionlist-stacktrace.txt -- Security manager breaks session listing https://bugs.launchpad.net/bugs/509528 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs