Re: problems start cyclos in Tomcat with secutrity manager
awarnier wrote: stefan-b wrote: Hello, I hope you can help. I've installed cyclos (http://project.cyclos.org) on my tomcat5.5 running on debian lenny on amd64Bit Machine. A Mail to the Cyclos Team itself gets no answer since a week and the Cyclos Forum is nearly dead :( With an disabled security manager all works fine. The Manager was disabled in /etc/init.d/tomcat5.5 To make a long story short, I do not think that there is any problem in disabling the security manager, if you trust the webapps that you install on your server. It is another matter entirely if you are going to allow other people to load and install webapps on it. Finding out which specific permissions you need to grant to an application which you do not entirely know, can be a long and frustrating experience, and may well come to the same thing anyway in the end, given a complex application. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Very thanks for your quik answer. I now understand the sense of the security manager. It should save users from other users if there are more then one User has access to create webapps. I seems that there is no chance to get cyclos working with enabled security manager. However... I found some help here: http://publib.boulder.ibm.com/infocenter/wasinfo/v4r0/index.jsp?topic=/com.ibm.websphere.v4.doc/wasa_content/050107.html and added this lines to /etc/tomcat5.5/policy.d/50user.policy: - grant { permission java.lang.RuntimePermission createClassLoader; permission java.lang.RuntimePermission getClassLoader; permission java.lang.RuntimePermission setContextClassLoader; permission java.lang.RuntimePermission shutdownHooks; permission java.lang.RuntimePermission setFactory; permission java.lang.RuntimePermission setIO; permission java.lang.RuntimePermission modifyThread; permission java.lang.RuntimePermission stopThread; permission java.lang.RuntimePermission modifyThreadGroup; permission java.lang.RuntimePermission getProtectionDomain; permission java.lang.RuntimePermission readFileDescriptor; permission java.lang.RuntimePermission writeFileDescriptor; permission java.lang.RuntimePermission loadLibrary.*; permission java.lang.RuntimePermission accessClassInPackage.*; permission java.lang.RuntimePermission defineClassInPackage.*; permission java.lang.RuntimePermission accessDeclaredMembers; permission java.lang.RuntimePermission queuePrintJob; permission java.io.FilePermission ALL FILES, read,write,execute,delete; permission java.lang.reflect.ReflectPermission suppressAccessChecks; permission java.net.SocketPermission *, connect; permission javax.xml.ws.WebServicePermission publishEndpoint; permission java.util.PropertyPermission *, read,write; }; - ... and enabled nearly everything free that is possible or in fact disabled the security manager. The end of the Story is at final a nullPointerException on LifecycleListener.contextInitialized(): - ERROR LifecycleListener - Error on LifecycleListener.contextInitialized()#012java.lang.NullPointerException#012#011at nl.strohalm.cyclos.utils.SettingsHelper.storeLocalSettings(SettingsHelper.java:125)#012#011at nl.strohalm.cyclos.http.lifecycle.SettingsInitialization.init(SettingsInitialization.java:47)#012#011at nl.strohalm.cyclos.http.LifecycleListener$2.doInTransactionWithoutResult(LifecycleListener.java:199)#012#011at org.springframework.transaction.support.TransactionCallbackWithoutResult.doInTransaction(TransactionCallbackWithoutResult.java:33)#012#011at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)#012#011at nl.strohalm.cyclos.http.LifecycleListener.run(LifecycleListener.java:194)#012#011at nl.strohalm.cyclos.http.LifecycleListener.runAll(LifecycleListener.java:217)#012#011at nl.strohalm.cyclos.http.LifecycleListener.contextInitialized(LifecycleListener.java:138)#012#011at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)#012#011at org.apache.catalina.core.StandardCo Jul 15 16:45:07 srv097 jsvc.exec[17567]: ntext.start(StandardContext.java:4216)#012#011at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)#012#011at org.apache.catalina.core.ContainerBase.access$0(ContainerBase.java:744)#012#011at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:144)#012#011at java.security.AccessController.doPrivileged(Native Method)#012#011at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:738)#012#011at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)#012#011at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)#012#011at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)#012#011at
Re: problems start cyclos in Tomcat with secutrity manager (Solved)
org.apache.catalina.storeconfig.StoreLoader load#012INFO: Find registry server-registry.xml at classpath resource Jul 15 20:03:17 srv097 jsvc.exec[3323]: Jul 15, 2010 8:03:17 PM org.apache.catalina.startup.Catalina start#012INFO: Server startup in 58874 ms - Thanks for all and have a nice Day! :D Stefan B -- View this message in context: http://old.nabble.com/problems-start-cyclos-in-Tomcat-with-secutrity-manager-tp29166853p29171906.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
problems start cyclos in Tomcat with secutrity manager
Hello, I hope you can help. I've installed cyclos (http://project.cyclos.org) on my tomcat5.5 running on debian lenny on amd64Bit Machine. A Mail to the Cyclos Team itself gets no answer since a week and the Cyclos Forum is nearly dead :( With an disabled security manager all works fine. The Manager was disabled in /etc/init.d/tomcat5.5 With an enabled Security Manager and this code in 50user.policy all works fine too: grant { permission java.security.AllPermission; }; But otherwise I get thousand lines of Errors. Here some first lines they are specific (I think) Jul 15 05:57:33 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:33 AM org.apache.coyote.http11.Http11BaseProtocol init#012INFO: Initializing Coyote HTTP/1.1 on http-8080 Jul 15 05:57:35 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:35 AM org.apache.coyote.http11.Http11BaseProtocol init#012INFO: Initializing Coyote HTTP/1.1 on http-8443 Jul 15 05:57:35 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:35 AM org.apache.catalina.startup.Catalina load#012INFO: Initialization processed in 2966 ms Jul 15 05:57:35 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:35 AM org.apache.catalina.core.StandardService start#012INFO: Starting service Catalina Jul 15 05:57:35 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:35 AM org.apache.catalina.core.StandardEngine start#012INFO: Starting Servlet Engine: Apache Tomcat/5.5 Jul 15 05:57:35 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:35 AM org.apache.catalina.core.StandardHost start#012INFO: XML validation disabled Jul 15 05:57:38 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:38 AM org.apache.commons.modeler.Registry registerComponent#012SEVERE: Error registering Catalina:type=Valve,name=StandardContextValve,path=/banks-of-community,host=localhost#012javax.management.MBeanException: Cannot instantiate ModelMBean of class org.apache.commons.modeler.BaseModelMBean#012#011at org.apache.commons.modeler.ManagedBean.createMBean(ManagedBean.java:385)#012#011at org.apache.commons.modeler.Registry.registerComponent(Registry.java:835)#012#011at org.apache.catalina.core.StandardPipeline.registerValve(StandardPipeline.java:302)#012#011at org.apache.catalina.core.StandardPipeline.start(StandardPipeline.java:234)#012#011at org.apache.catalina.core.StandardContext.start(StandardContext.java:4140)#012#011at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)#012#011at org.apache.catalina.core.ContainerBase.access$0(ContainerBase.java:744)#012#011at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:144)#012#011at java.security.AccessController.doPrivileged(Native Method)#012#011at org. ... Jul 15 05:57:39 srv097 jsvc.exec[14351]: [INFO] banks-of-community] - Initializing Spring root WebApplicationContext Jul 15 05:57:39 srv097 jsvc.exec[14351]: [INFO] ContextLoader - Root WebApplicationContext: initialization started Jul 15 05:57:39 srv097 jsvc.exec[14351]: [INFO] CustomWebApplicationContext - Refreshing nl.strohalm.cyclos.spring.customwebapplicationcont...@ec0a9f9: display name [Root WebApplicationContext]; startup date [Thu Jul 15 05:57:39 UTC 2010]; root of context hierarchy Jul 15 05:57:40 srv097 jsvc.exec[14351]: [INFO] XmlBeanDefinitionReader - Loading XML bean definitions from class path resource [nl/strohalm/cyclos/spring/persistence.xml] Jul 15 05:57:40 srv097 jsvc.exec[14351]: [WARN] DefaultNamespaceHandlerResolver - Ignoring namespace handler [org.apache.cxf.transport.http_jetty.spring.NamespaceHandler]: problem with handler class file or dependent class java.lang.ExceptionInInitializerErrorjava.lang.ExceptionInInitializerError#012#011at org.apache.cxf.transport.http_jetty.spring.NamespaceHandler.init(NamespaceHandler.java:25)#012#011at org.springframework.beans.factory.xml.DefaultNamespaceHandlerResolver.initHandlerMappings(DefaultNamespaceHandlerResolver.java:123)#012#011at org.springframework.beans.factory.xml.DefaultNamespaceHandlerResolver.init(DefaultNamespaceHandlerResolver.java:96)#012#011at org.springframework.beans.factory.xml.DefaultNamespaceHandlerResolver.init(DefaultNamespaceHandlerResolver.java:83)#012#011at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.createDefaultNamespaceHandlerResolver(XmlBeanDefinitionReader.java:498)#012#011at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.createReaderContext(XmlBeanDefinitionReader.java:487)#012#011at org.springframework.beans.f ... Jul 15 05:57:42 srv097 jsvc.exec[14351]: Jul