Re: Catalina.policy java.security.AllPermission
Alejandro Garcia wrote: Hi, I have a problem with the Catalina’s security manager. We are using Tomcat 6, with JDK 6 and JSF 2.1 with Spring, JPA and ICEFaces. My app works very well when I run my app with the security manager disable. The problem presents when I enable the security manager of Tomcat. My app fails when Tomcat start giving me the next log: INFO: Checking whether login URL '/security/login.jsf' is accessible with your configuration 8/05/2013 12:29:11 PM org.springframework.web.context.ContextLoader initWebApplicationContext INFO: Root WebApplicationContext: initialization completed in 1969 ms 8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start SEVERE: Error listenerStart 8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start SEVERE: Falló en arranque del Contexto [/WebRed] debido a errores previos 8/05/2013 12:29:11 PM com.sun.faces.config.ConfigureListener contextDestroyed SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime java.lang.NullPointerException at com.sun.faces.config.ConfigureListener.getInitFacesContext(ConfigureListener.java:740) at com.sun.faces.config.ConfigureListener.contextDestroyed(ConfigureListener.java:300) at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4245) at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4886) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4750) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:146) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:777) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:943) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:563) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1399) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:762) at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1500) at org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:252) at javax.servlet.http.HttpServlet.service(HttpServlet.java:643) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185) at org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:194) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:250) at
Re: Catalina.policy java.security.AllPermission
Maybe the first question should be : why do you want to run this with the Security Manager ? As far as I understand this, the SM only really helps, if otherwise unsecure applications can be deployed within your JVM. Is that the case, or do you know and control all the applications from the start ? Isn't it more like a dog and a muzzle? In theory if you know the dog and it is always friendly, there is no need to use one. However if all dogs wore muzzles, there would be less dog attacks. IMHO security in depth is about making things harder for the bad guys. Adding a security manager should do this, if it is configured correctly. BTW I am not saying that I actually do this, just that I think that everyone should to make it harder for when the bad guys break into your app Chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Catalina.policy java.security.AllPermission
Thanks! It is because I am run my app in a Web Hosting that runs with SM enable. --- Mensaje Original --- Desde: André Warnier a...@ice-sa.com Enviado: 9 de mayo de 2013 04:46 Para: Tomcat Users List users@tomcat.apache.org Asunto: Re: Catalina.policy java.security.AllPermission Alejandro Garcia wrote: Hi, I have a problem with the Catalina’s security manager. We are using Tomcat 6, with JDK 6 and JSF 2.1 with Spring, JPA and ICEFaces. My app works very well when I run my app with the security manager disable. The problem presents when I enable the security manager of Tomcat. My app fails when Tomcat start giving me the next log: INFO: Checking whether login URL '/security/login.jsf' is accessible with your configuration 8/05/2013 12:29:11 PM org.springframework.web.context.ContextLoader initWebApplicationContext INFO: Root WebApplicationContext: initialization completed in 1969 ms 8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start SEVERE: Error listenerStart 8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start SEVERE: Falló en arranque del Contexto [/WebRed] debido a errores previos 8/05/2013 12:29:11 PM com.sun.faces.config.ConfigureListener contextDestroyed SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime java.lang.NullPointerException at com.sun.faces.config.ConfigureListener.getInitFacesContext(ConfigureListener.java:740) at com.sun.faces.config.ConfigureListener.contextDestroyed(ConfigureListener.java:300) at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4245) at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4886) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4750) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:146) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:777) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:943) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:563) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1399) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:762) at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1500) at org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:252) at javax.servlet.http.HttpServlet.service(HttpServlet.java:643) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185) at org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:194) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277
Re: Catalina.policy java.security.AllPermission
chris derham wrote: Maybe the first question should be : why do you want to run this with the Security Manager ? As far as I understand this, the SM only really helps, if otherwise unsecure applications can be deployed within your JVM. Is that the case, or do you know and control all the applications from the start ? Isn't it more like a dog and a muzzle? In theory if you know the dog and it is always friendly, there is no need to use one. However if all dogs wore muzzles, there would be less dog attacks. IMHO security in depth is about making things harder for the bad guys. Adding a security manager should do this, if it is configured correctly. BTW I am not saying that I actually do this, just that I think that everyone should to make it harder for when the bad guys break into your app I agree in the principle. It's just that - as the OP's problem illustrates - running with SM enabled is a p.i.t.a., because 1) it certainly must have an overhead and 2) to do it right, it forces one to really know what every application is doing that matters to the SM. (There isn't really any point in enabling the SM, and then giving every application the AllPermissions permission.) Security-wise, that is not a bad thing certainly. At least it forces you to know what these things are really doing. But it is time-consuming, to say the least. Anyway, it looks like the OP doesn't really have a choice. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Catalina.policy java.security.AllPermission
Alejandro Garcia wrote: Thanks! It is because I am run my app in a Web Hosting that runs with SM enable. Please do not top-post (http://en.wikipedia.org/wiki/Posting_style). On this list, use bottom-posting or inline posting. It makes it much easier to follow the conversation without having to scroll up and down all the time. Anyway, what I wanted to add here is that the Security Manager and the associated permissions are a Java thing, not a Tomcat thing. So for the error messages which you are getting, and the appropriate permissions to grant to avoid them, you should look for the Security Manager on some Java forum rather than here. This doesn't mean that nobody here wants to help, but we do not know the details of your applications or tools either, so we are even more clueless than you are. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Catalina.policy java.security.AllPermission
2013/5/9 Alejandro Garcia alexander00...@msn.com: Thanks! It is because I am run my app in a Web Hosting that runs with SM enable. (...) SM can protect you from running webapps that you do not know or do not trust. It cannot protect a web hoster from you (or from someone else who uses a password that was stolen from you). It cannot be the only line of defense. If they run with SM, but allow you to edit conf/catalina.policy file, then this is just a feature they provide and it is up to you to use it or not. If you want to use it, you need some knowledge. If you do not, assign AllPermission to the whole codebase and be done with it. grant codeBase file:${catalina.home}/ webapps/WebRed/- { Web applications are in ${catalina.base}, not ${catalina.home}, unless both are the same. permission java.io.FilePermission ${catalina.home}/webapps/ WebRed, read,write; permission java.io.FilePermission ${catalina.home}/webapps/WebRed/-, read,write,delete; Your webapp updates its own files at runtime? It should not. (Thus you do not need write or delete permissions here). permission java.util.PropertyPermission org.apache.catalina.manager. util, read; permission java.util.PropertyPermission org.apache.catalina.manager, read; permission java.util.PropertyPermission org.apache.catalina, read; permission java.util.PropertyPermission org.apache.catalina.core, read; Why? There are no such system properties. permission java.lang.RuntimePermission accessClassInPackage.org. apache.catalina; permission java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.manager; permission java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.manager.util; permission java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.core; Why? Do you need reflective access to Tomcat internal classes? (And if you give such permissions, you can as well assign AllPermissions to that code, as these permissions alone could be abused). permission java.lang.RuntimePermission accessClassInPackage.org. springframework.web.context; permission java.lang.RuntimePermission accessClassInPackage.org.springframework.web.context.request; permission java.lang.RuntimePermission accessClassInPackage.org.springframework.web.filter; permission java.lang.RuntimePermission accessClassInPackage.org. icefaces.util; Why? Access to these packages is not restricted by Tomcat. (They are not in package.access property in conf/catalina.properties). The way to debug security permission issues is described here: http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html#Troubleshooting - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Catalina.policy java.security.AllPermission
Hi, I have a problem with the Catalina’s security manager. We are using Tomcat 6, with JDK 6 and JSF 2.1 with Spring, JPA and ICEFaces. My app works very well when I run my app with the security manager disable. The problem presents when I enable the security manager of Tomcat. My app fails when Tomcat start giving me the next log: INFO: Checking whether login URL '/security/login.jsf' is accessible with your configuration 8/05/2013 12:29:11 PM org.springframework.web.context.ContextLoader initWebApplicationContext INFO: Root WebApplicationContext: initialization completed in 1969 ms 8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start SEVERE: Error listenerStart 8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start SEVERE: Falló en arranque del Contexto [/WebRed] debido a errores previos 8/05/2013 12:29:11 PM com.sun.faces.config.ConfigureListener contextDestroyed SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime java.lang.NullPointerException at com.sun.faces.config.ConfigureListener.getInitFacesContext(ConfigureListener.java:740) at com.sun.faces.config.ConfigureListener.contextDestroyed(ConfigureListener.java:300) at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4245) at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4886) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4750) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:146) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:777) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:943) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:563) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1399) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:762) at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1500) at org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:252) at javax.servlet.http.HttpServlet.service(HttpServlet.java:643) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185) at org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:194) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:250) at