Hello everyone.
I'm currently working on upgrading our environment to Tomcat 6.0.14 from
5.0.27. This is run on Apache 1.3.33 with mod_jk 1.2.25 (which is being
upgraded from jk2).
I'm able to get the basic sites working fine, however, there are a few
applications that are still causing issues, and was hoping someone here could
at least point me in the right direction on how to determine the exact cause of
the issue.
Running Tomcat with debug logging (java.security.debug=access,failure) enabled,
I get the following output regarding the error. Now, based off this output, it
sounds like the error is occurring when the taglib.tld file from the jspsql.jar
file attempts to make a call to an external website.
Also, this error only occurs when we have -security enabled on startup of
Tomcat (which it needs to be for our environment).
If anyone can offer some advice on what the cause and/or resolution of this may
be, I would be most grateful.
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/classes/org/apache/xerces/util/XMLChar.class
read)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read)
access: access denied (java.io.FilePermission /web/tomcat/lib/jsp-api.jar read)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1206)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:313)
at
java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.util.zip.ZipFile.<init>(ZipFile.java:109)
at java.util.jar.JarFile.<init>(JarFile.java:133)
at java.util.jar.JarFile.<init>(JarFile.java:70)
at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:72)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:48)
at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:53)
at
sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:104)
at
sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:132)
at java.net.URL.openStream(URL.java:1009)
at
org.apache.xerces.impl.XMLEntityManager.startEntity(XMLEntityManager.java:740)
at
org.apache.xerces.impl.XMLEntityManager.startDTDEntity(XMLEntityManager.java:700)
at
org.apache.xerces.impl.XMLDTDScannerImpl.setInputSource(XMLDTDScannerImpl.java:258)
at
org.apache.xerces.impl.XMLDocumentScannerImpl$DTDDispatcher.dispatch(XMLDocumentScannerImpl.java:811)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:333)
at
org.apache.xerces.parsers.StandardParserConfiguration.parse(StandardParserConfiguration.java:525)
at
org.apache.xerces.parsers.StandardParserConfiguration.parse(StandardParserConfiguration.java:581)
at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:147)
at
org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1157)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562)
at
org.apache.catalina.startup.TldConfig.tldScanStream(TldConfig.java:518)
at org.apache.catalina.startup.TldConfig.tldScanJar(TldConfig.java:476)
at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:301)
at
org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4428)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4235)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at
org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:516)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:566)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
access: access allowed (java.security.SecurityPermission getPolicy)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read)
access: domain that failed ProtectionDomain
(file:/path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar <no signer
certificates>
)
WebappClassLoader
delegate: false
repositories:
/WEB-INF/classes/
----------> Parent Classloader:
[EMAIL PROTECTED]
<no principals>
[EMAIL PROTECTED] (
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission java.home read)
(java.util.PropertyPermission
org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER read)
(java.util.PropertyPermission jaxp.debug read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission java.naming.* read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.specification.vendor read)
(java.util.PropertyPermission file.encoding read)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission javax.sql.* read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission * read,write)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime.*)
(java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime)
(java.lang.RuntimePermission getAttribute)
(java.io.FilePermission /tmp/- read,write)
(java.io.FilePermission /tmp/ read,write)
(java.io.FilePermission /tmp/* read,write)
(java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/- read)
(java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib read)
(java.io.FilePermission /path/to/home/dir/html/app_name/- read)
(java.io.FilePermission /path/to/home/dir/html/app_name read)
(java.io.FilePermission /web/tomcat/work/hosting/www.website.com/app_name/-
read,write,delete)
(java.io.FilePermission /web/tomcat/work/hosting/www.website.com/app_name
read,write)
(java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read)
(org.apache.naming.JndiPermission jndi:/www.website.com/app_name/WEB-INF/lib/*)
(org.apache.naming.JndiPermission jndi:/www.website.com/app_name/*)
(org.apache.naming.JndiPermission
jndi:/www.website.com/app_name/WEB-INF/classes/*)
(java.net.SocketPermission 5.6.7.8:3128 connect,resolve)
(java.net.SocketPermission 1.2.3.4:3128 connect,resolve)
(java.net.SocketPermission mail.server.com:25 connect,resolve)
(java.net.SocketPermission *:3306 connect,resolve)
)
access: access allowed (java.util.PropertyPermission line.separator read)
access: access allowed (java.util.PropertyPermission line.separator read)
Jan 3, 2008 5:10:33 PM org.apache.catalina.startup.TldConfig tldScanJar
SEVERE: Exception processing TLD META-INF/taglib.tld in JAR at resource path
/path/to/home/dir/html/app_name/WEB-INF/lib/jspsql.jar in
context /app_name
java.security.AccessControlException: access denied (java.io.FilePermission
/web/tomcat/lib/jsp-api.jar read)
at
org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1193)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562)
at
org.apache.catalina.startup.TldConfig.tldScanStream(TldConfig.java:518)
at org.apache.catalina.startup.TldConfig.tldScanJar(TldConfig.java:476)
at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:301)
at
org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4428)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4235)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at
org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:516)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:566)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/jstl.jar read)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/jstl.jar read)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/dom.jar read)
access: access allowed (java.io.FilePermission
/path/to/home/dir/html/app_name/WEB-INF/lib/dom.jar read)
TIA,
Dan.
