Re: problems start cyclos in Tomcat with secutrity manager
awarnier wrote:
stefan-b wrote:
Hello,
I hope you can help.
I've installed cyclos (http://project.cyclos.org) on my tomcat5.5 running
on
debian lenny on amd64Bit Machine.
A Mail to the Cyclos Team itself gets no answer since a week and the
Cyclos
Forum is nearly dead :(
With an disabled security manager all works fine.
The Manager was disabled in /etc/init.d/tomcat5.5
To make a long story short, I do not think that there is any problem in
disabling the
security manager, if you trust the webapps that you install on your
server.
It is another matter entirely if you are going to allow other people to
load and install
webapps on it.
Finding out which specific permissions you need to grant to an application
which you do
not entirely know, can be a long and frustrating experience, and may well
come to the same
thing anyway in the end, given a complex application.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Very thanks for your quik answer.
I now understand the sense of the security manager. It should save users
from other users if there are more then one User has access to create
webapps.
I seems that there is no chance to get cyclos working with enabled security
manager.
However...
I found some help here:
http://publib.boulder.ibm.com/infocenter/wasinfo/v4r0/index.jsp?topic=/com.ibm.websphere.v4.doc/wasa_content/050107.html
and added this lines to /etc/tomcat5.5/policy.d/50user.policy:
-
grant {
permission java.lang.RuntimePermission createClassLoader;
permission java.lang.RuntimePermission getClassLoader;
permission java.lang.RuntimePermission setContextClassLoader;
permission java.lang.RuntimePermission shutdownHooks;
permission java.lang.RuntimePermission setFactory;
permission java.lang.RuntimePermission setIO;
permission java.lang.RuntimePermission modifyThread;
permission java.lang.RuntimePermission stopThread;
permission java.lang.RuntimePermission modifyThreadGroup;
permission java.lang.RuntimePermission getProtectionDomain;
permission java.lang.RuntimePermission readFileDescriptor;
permission java.lang.RuntimePermission writeFileDescriptor;
permission java.lang.RuntimePermission loadLibrary.*;
permission java.lang.RuntimePermission accessClassInPackage.*;
permission java.lang.RuntimePermission defineClassInPackage.*;
permission java.lang.RuntimePermission accessDeclaredMembers;
permission java.lang.RuntimePermission queuePrintJob;
permission java.io.FilePermission ALL FILES,
read,write,execute,delete;
permission java.lang.reflect.ReflectPermission suppressAccessChecks;
permission java.net.SocketPermission *, connect;
permission javax.xml.ws.WebServicePermission publishEndpoint;
permission java.util.PropertyPermission *, read,write;
};
-
... and enabled nearly everything free that is possible or in fact disabled
the security manager.
The end of the Story is at final a nullPointerException on
LifecycleListener.contextInitialized():
-
ERROR LifecycleListener - Error on
LifecycleListener.contextInitialized()#012java.lang.NullPointerException#012#011at
nl.strohalm.cyclos.utils.SettingsHelper.storeLocalSettings(SettingsHelper.java:125)#012#011at
nl.strohalm.cyclos.http.lifecycle.SettingsInitialization.init(SettingsInitialization.java:47)#012#011at
nl.strohalm.cyclos.http.LifecycleListener$2.doInTransactionWithoutResult(LifecycleListener.java:199)#012#011at
org.springframework.transaction.support.TransactionCallbackWithoutResult.doInTransaction(TransactionCallbackWithoutResult.java:33)#012#011at
org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.run(LifecycleListener.java:194)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.runAll(LifecycleListener.java:217)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.contextInitialized(LifecycleListener.java:138)#012#011at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)#012#011at
org.apache.catalina.core.StandardCo
Jul 15 16:45:07 srv097 jsvc.exec[17567]:
ntext.start(StandardContext.java:4216)#012#011at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)#012#011at
org.apache.catalina.core.ContainerBase.access$0(ContainerBase.java:744)#012#011at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:144)#012#011at
java.security.AccessController.doPrivileged(Native Method)#012#011at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:738)#012#011at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)#012#011at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)#012#011at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)#012#011at
Re: problems start cyclos in Tomcat with secutrity manager (Solved)
org.apache.catalina.storeconfig.StoreLoader load#012INFO: Find registry server-registry.xml at classpath resource Jul 15 20:03:17 srv097 jsvc.exec[3323]: Jul 15, 2010 8:03:17 PM org.apache.catalina.startup.Catalina start#012INFO: Server startup in 58874 ms - Thanks for all and have a nice Day! :D Stefan B -- View this message in context: http://old.nabble.com/problems-start-cyclos-in-Tomcat-with-secutrity-manager-tp29166853p29171906.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
problems start cyclos in Tomcat with secutrity manager
Hello,
I hope you can help.
I've installed cyclos (http://project.cyclos.org) on my tomcat5.5 running on
debian lenny on amd64Bit Machine.
A Mail to the Cyclos Team itself gets no answer since a week and the Cyclos
Forum is nearly dead :(
With an disabled security manager all works fine.
The Manager was disabled in /etc/init.d/tomcat5.5
With an enabled Security Manager and this code in 50user.policy all works
fine too:
grant {
permission java.security.AllPermission;
};
But otherwise I get thousand lines of Errors. Here some first lines they are
specific (I think)
Jul 15 05:57:33 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:33 AM
org.apache.coyote.http11.Http11BaseProtocol init#012INFO: Initializing
Coyote HTTP/1.1 on http-8080
Jul 15 05:57:35 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:35 AM
org.apache.coyote.http11.Http11BaseProtocol init#012INFO: Initializing
Coyote HTTP/1.1 on http-8443
Jul 15 05:57:35 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:35 AM
org.apache.catalina.startup.Catalina load#012INFO: Initialization processed
in 2966 ms
Jul 15 05:57:35 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:35 AM
org.apache.catalina.core.StandardService start#012INFO: Starting service
Catalina
Jul 15 05:57:35 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:35 AM
org.apache.catalina.core.StandardEngine start#012INFO: Starting Servlet
Engine: Apache Tomcat/5.5
Jul 15 05:57:35 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:35 AM
org.apache.catalina.core.StandardHost start#012INFO: XML validation disabled
Jul 15 05:57:38 srv097 jsvc.exec[14351]: Jul 15, 2010 5:57:38 AM
org.apache.commons.modeler.Registry registerComponent#012SEVERE: Error
registering
Catalina:type=Valve,name=StandardContextValve,path=/banks-of-community,host=localhost#012javax.management.MBeanException:
Cannot instantiate ModelMBean of class
org.apache.commons.modeler.BaseModelMBean#012#011at
org.apache.commons.modeler.ManagedBean.createMBean(ManagedBean.java:385)#012#011at
org.apache.commons.modeler.Registry.registerComponent(Registry.java:835)#012#011at
org.apache.catalina.core.StandardPipeline.registerValve(StandardPipeline.java:302)#012#011at
org.apache.catalina.core.StandardPipeline.start(StandardPipeline.java:234)#012#011at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4140)#012#011at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)#012#011at
org.apache.catalina.core.ContainerBase.access$0(ContainerBase.java:744)#012#011at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:144)#012#011at
java.security.AccessController.doPrivileged(Native Method)#012#011at org.
...
Jul 15 05:57:39 srv097 jsvc.exec[14351]: [INFO] banks-of-community] -
Initializing Spring root WebApplicationContext
Jul 15 05:57:39 srv097 jsvc.exec[14351]: [INFO] ContextLoader - Root
WebApplicationContext: initialization started
Jul 15 05:57:39 srv097 jsvc.exec[14351]: [INFO] CustomWebApplicationContext
- Refreshing nl.strohalm.cyclos.spring.customwebapplicationcont...@ec0a9f9:
display name [Root WebApplicationContext]; startup date [Thu Jul 15 05:57:39
UTC 2010]; root of context hierarchy
Jul 15 05:57:40 srv097 jsvc.exec[14351]: [INFO] XmlBeanDefinitionReader -
Loading XML bean definitions from class path resource
[nl/strohalm/cyclos/spring/persistence.xml]
Jul 15 05:57:40 srv097 jsvc.exec[14351]: [WARN]
DefaultNamespaceHandlerResolver - Ignoring namespace handler
[org.apache.cxf.transport.http_jetty.spring.NamespaceHandler]: problem with
handler class file or dependent class
java.lang.ExceptionInInitializerErrorjava.lang.ExceptionInInitializerError#012#011at
org.apache.cxf.transport.http_jetty.spring.NamespaceHandler.init(NamespaceHandler.java:25)#012#011at
org.springframework.beans.factory.xml.DefaultNamespaceHandlerResolver.initHandlerMappings(DefaultNamespaceHandlerResolver.java:123)#012#011at
org.springframework.beans.factory.xml.DefaultNamespaceHandlerResolver.init(DefaultNamespaceHandlerResolver.java:96)#012#011at
org.springframework.beans.factory.xml.DefaultNamespaceHandlerResolver.init(DefaultNamespaceHandlerResolver.java:83)#012#011at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.createDefaultNamespaceHandlerResolver(XmlBeanDefinitionReader.java:498)#012#011at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.createReaderContext(XmlBeanDefinitionReader.java:487)#012#011at
org.springframework.beans.f
...
Jul 15 05:57:42 srv097 jsvc.exec[14351]: Jul
