Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
ja...@mobilewebexpert.co.uk wrote:
Basically, I've created a webapp which runs fine on my development
machine, but our actual hosting is shared (and uses a Security Manager)
and some new libraries we're using throws up loads of exceptions which
we need to replicate locally, hence the need for me to activate the
Security Manager.
If it makes things any simpler, the webapp runs as the root context. Any
chance you could help me out with the code I need for catalina.policy?
This is a long and tedious process, if you want to do it right. And it would require an
in-depth knowledge of the application, which nobody else but you has.
Basically, the Security Manager provides a kind of sandbox around the applications,
German-like : everything which is not specifically allowed, is forbidden.
So you have to know what all the various permissions are, and then know what your
application requires specifically.
There are examples at the end of the standard catalina.policy file, and I'm sure that by
googling a bit on the names which you see there, you'll find what you need.
Of course, a shortcut would be :
grant codeBase file:${catalina.home}/webapps/yourapp/- { (*)
permission java.security.AllPermission;
};
but then one could wonder why bothering to use a Security Manager at all..
(*) yourapp here being ROOT
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
On Tue, 2012-01-10 at 22:06 +, ja...@mobilewebexpert.co.uk wrote: Basically, I've created a webapp which runs fine on my development machine, but our actual hosting is shared (and uses a Security Manager) and some new libraries we're using throws up loads of exceptions which we need to replicate locally, hence the need for me to activate the Security Manager. If it makes things any simpler, the webapp runs as the root context. Any chance you could help me out with the code I need for catalina.policy? Sounds like your host provider is prescribing the security constraints and you want to replicate that to see what adjustments need to be made to the app and/or the policy file. Why not grab the policy file on your target host and start with that? - Original Message - From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, January 10, 2012 7:47 PM Subject: Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: This is a digitally signed message part
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
On 09/01/2012 19:22, ja...@mobilewebexpert.co.uk wrote: Hiya, I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now having a problem running my webapp. I know I probably need to specify some security privileges somewhere, but not sure where - possibly catalina.policy? Can anyone help?? Yes, in catalina.policy. Have fun. p Here's the error from the log file: 09-Jan-2012 17:33:34 org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet [Manager] in context with path [/manager] threw exception [Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags] with root cause java.lang.NoClassDefFoundError: Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags at org.netbeans.modules.schema2beans.DOMBinding.register(DOMBinding.java:166) at org.netbeans.modules.schema2beans.BeanProp.registerDomNode(BeanProp.java:1809) at org.netbeans.modules.schema2beans.GraphManager.createRootBinding(GraphManager.java:232) at org.netbeans.modules.schema2beans.BaseBean.createRoot(BaseBean.java:288) at org.netbeans.modules.web.monitor.data.MonitorData.init(MonitorData.java:98) at org.netbeans.modules.web.monitor.data.MonitorData.init(MonitorData.java:75) at org.netbeans.modules.web.monitor.data.MonitorData.init(MonitorData.java:71) at org.netbeans.modules.web.monitor.server.MonitorFilter.setupDataRecord(MonitorFilter.java:484) at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:331) at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:245) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108) at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:245) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515) at
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
Thanks for the reply. Afraid I'm very new to Tomcat - please could you explain to me what changes I need to make to catalina.policy? Thanks, James - Original Message - From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, January 10, 2012 9:19 AM Subject: Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
On 10/01/2012 15:51, ja...@mobilewebexpert.co.uk wrote: Thanks for the reply. Afraid I'm very new to Tomcat - please could you explain to me what changes I need to make to catalina.policy? It's can be tricky and it's application specific. You'll need to add specific policy rules that permit the application to do whatever it needs to do. E.g. access to network, file system, jars etc. Is there a particular reason you want to enable the Security Manager? Are you hosting untrusted 3rd party applications for example? p Thanks, James - Original Message - From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, January 10, 2012 9:19 AM Subject: Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
Basically, I've created a webapp which runs fine on my development machine, but our actual hosting is shared (and uses a Security Manager) and some new libraries we're using throws up loads of exceptions which we need to replicate locally, hence the need for me to activate the Security Manager. If it makes things any simpler, the webapp runs as the root context. Any chance you could help me out with the code I need for catalina.policy? - Original Message - From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, January 10, 2012 7:47 PM Subject: Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
2012/1/9 ja...@mobilewebexpert.co.uk: Hiya, I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now having a problem running my webapp. I know I probably need to specify some security privileges somewhere, Have you read the docs? but not sure where - possibly catalina.policy? That file is not used by Tomcat but by Java runtime. So whether it is used depends on what command was used to launch the JVM. The catalina.bat/catalina.sh files use conf/catalina.policy by default. If you use something else then you are on your own to configure it properly. Can anyone help?? Here's the error from the log file: 09-Jan-2012 17:33:34 org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet [Manager] in context with path [/manager] threw exception [Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags] with root cause java.lang.NoClassDefFoundError: Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags (...) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
