subject:"Re\: problems start cyclos in Tomcat with secutrity manager"

Re: problems start cyclos in Tomcat with secutrity manager

2010-07-15 Thread stefan-b



awarnier wrote:
 
 stefan-b wrote:
 Hello,
 I hope you can help.
 
 I've installed cyclos (http://project.cyclos.org) on my tomcat5.5 running
 on
 debian lenny on amd64Bit Machine.
 A Mail to the Cyclos Team itself gets no answer since a week and the
 Cyclos
 Forum is nearly dead :(
 
 With an disabled security manager all works fine.
 The Manager was disabled in /etc/init.d/tomcat5.5
 
 To make a long story short, I do not think that there is any problem in
 disabling the 
 security manager, if you trust the webapps that you install on your
 server.
 It is another matter entirely if you are going to allow other people to
 load and install 
 webapps on it.
 Finding out which specific permissions you need to grant to an application
 which you do 
 not entirely know, can be a long and frustrating experience, and may well
 come to the same 
 thing anyway in the end, given a complex application.
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 

Very thanks for your quik answer.
I now understand the sense of the security manager. It should save users
from other users if there are more then one User has access to create
webapps.

I seems that there is no chance to get cyclos working with enabled security
manager.
However...

I found some help here:
http://publib.boulder.ibm.com/infocenter/wasinfo/v4r0/index.jsp?topic=/com.ibm.websphere.v4.doc/wasa_content/050107.html

and added this lines to /etc/tomcat5.5/policy.d/50user.policy:
-
grant {
permission java.lang.RuntimePermission createClassLoader;
permission java.lang.RuntimePermission getClassLoader;
permission java.lang.RuntimePermission setContextClassLoader;
permission java.lang.RuntimePermission shutdownHooks;
permission java.lang.RuntimePermission setFactory;
permission java.lang.RuntimePermission setIO;
permission java.lang.RuntimePermission modifyThread;
permission java.lang.RuntimePermission stopThread;
permission java.lang.RuntimePermission modifyThreadGroup;
permission java.lang.RuntimePermission getProtectionDomain;
permission java.lang.RuntimePermission readFileDescriptor;
permission java.lang.RuntimePermission writeFileDescriptor;
permission java.lang.RuntimePermission loadLibrary.*;
permission java.lang.RuntimePermission accessClassInPackage.*;
permission java.lang.RuntimePermission defineClassInPackage.*;
permission java.lang.RuntimePermission accessDeclaredMembers;
permission java.lang.RuntimePermission queuePrintJob;
permission java.io.FilePermission ALL FILES,
read,write,execute,delete;
permission java.lang.reflect.ReflectPermission suppressAccessChecks;
permission java.net.SocketPermission *, connect;
permission javax.xml.ws.WebServicePermission publishEndpoint;
permission java.util.PropertyPermission *, read,write;
};
-

... and enabled nearly everything free that is possible or in fact disabled
the security manager.
The end of the Story is at final a nullPointerException on
LifecycleListener.contextInitialized():

-
ERROR LifecycleListener - Error on
LifecycleListener.contextInitialized()#012java.lang.NullPointerException#012#011at
nl.strohalm.cyclos.utils.SettingsHelper.storeLocalSettings(SettingsHelper.java:125)#012#011at
nl.strohalm.cyclos.http.lifecycle.SettingsInitialization.init(SettingsInitialization.java:47)#012#011at
nl.strohalm.cyclos.http.LifecycleListener$2.doInTransactionWithoutResult(LifecycleListener.java:199)#012#011at
org.springframework.transaction.support.TransactionCallbackWithoutResult.doInTransaction(TransactionCallbackWithoutResult.java:33)#012#011at
org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.run(LifecycleListener.java:194)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.runAll(LifecycleListener.java:217)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.contextInitialized(LifecycleListener.java:138)#012#011at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)#012#011at
org.apache.catalina.core.StandardCo 
Jul 15 16:45:07 srv097 jsvc.exec[17567]:
ntext.start(StandardContext.java:4216)#012#011at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)#012#011at
org.apache.catalina.core.ContainerBase.access$0(ContainerBase.java:744)#012#011at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:144)#012#011at
java.security.AccessController.doPrivileged(Native Method)#012#011at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:738)#012#011at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)#012#011at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)#012#011at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)#012#011at

Re: problems start cyclos in Tomcat with secutrity manager (Solved)

2010-07-15 Thread stefan-b


Seems it runs with secutrity manager enabled.
The Error from the Post above comes from a wrong Database version (cyclos
3.6 Beta3) what I've tested temporaly but not reset for Cyclos 3.5.6 Stable.

This Lines I added to /etc/tomcat5.5/policy.d/50user.policy
Inspired from this IBM Site:
http://publib.boulder.ibm.com/infocenter/wasinfo/v4r0/index.jsp?topic=/com.ibm.websphere.v4.doc/wasa_content/050107.html

--- This is the full enabled List and will be stepwise disabled/commented
out to support only the realy needed Futures for Cyclos.
-
grant {
permission java.lang.RuntimePermission createClassLoader;
permission java.lang.RuntimePermission getClassLoader;
permission java.lang.RuntimePermission setContextClassLoader;
permission java.lang.RuntimePermission shutdownHooks;
permission java.lang.RuntimePermission setFactory;
permission java.lang.RuntimePermission setIO;
permission java.lang.RuntimePermission modifyThread;
permission java.lang.RuntimePermission stopThread;
permission java.lang.RuntimePermission modifyThreadGroup;
permission java.lang.RuntimePermission getProtectionDomain;
permission java.lang.RuntimePermission readFileDescriptor;
permission java.lang.RuntimePermission writeFileDescriptor;
permission java.lang.RuntimePermission loadLibrary.*;
permission java.lang.RuntimePermission accessClassInPackage.*;
permission java.lang.RuntimePermission defineClassInPackage.*;
permission java.lang.RuntimePermission accessDeclaredMembers;
permission java.lang.RuntimePermission queuePrintJob;
permission java.io.FilePermission ALL FILES,
read,write,execute,delete;
permission java.lang.reflect.ReflectPermission suppressAccessChecks;
permission java.net.SocketPermission *, connect;
permission javax.xml.ws.WebServicePermission publishEndpoint;
permission java.util.PropertyPermission *, read,write;
};
- 

This in /etc/init.d/tomcat5.5:
# Use the Java security manager? (yes/no)
TOMCAT5_SECURITY=yes

# 250 MB of assured RAM for tomcat
JAVA_OPTS=-Xmx250m


Here it runs with secutrity Manager enabled :)
-
Jul 15 20:02:16 srv097 jsvc.exec[3323]: Jul 15, 2010 8:02:16 PM
org.apache.coyote.http11.Http11BaseProtocol init#012INFO: Initializing
Coyote HTTP/1.1 on http-8080
Jul 15 20:02:18 srv097 jsvc.exec[3323]: Jul 15, 2010 8:02:18 PM
org.apache.coyote.http11.Http11BaseProtocol init#012INFO: Initializing
Coyote HTTP/1.1 on http-8443
Jul 15 20:02:18 srv097 jsvc.exec[3323]: Jul 15, 2010 8:02:18 PM
org.apache.catalina.startup.Catalina load#012INFO: Initialization processed
in 2960 ms
Jul 15 20:02:18 srv097 jsvc.exec[3323]: Jul 15, 2010 8:02:18 PM
org.apache.catalina.core.StandardService start#012INFO: Starting service
Catalina
Jul 15 20:02:18 srv097 jsvc.exec[3323]: Jul 15, 2010 8:02:18 PM
org.apache.catalina.core.StandardEngine start#012INFO: Starting Servlet
Engine: Apache Tomcat/5.5
Jul 15 20:02:18 srv097 jsvc.exec[3323]: Jul 15, 2010 8:02:18 PM
org.apache.catalina.core.StandardHost start#012INFO: XML validation disabled
Jul 15 20:02:20 srv097 jsvc.exec[3323]: 20:02:20,352  INFO
[/banks-of-community] - Initializing Spring root WebApplicationContext
Jul 15 20:02:35 srv097 jsvc.exec[3323]: 20:02:35,726  INFO
DataBaseConfiguration - Cyclos database version 3.5.6 found on MySQL version
5.0.51a-24+lenny4
Jul 15 20:02:38 srv097 jsvc.exec[3323]: 20:02:38,681  INFO
CyclosOSCacheProvider - Enabling disk cache on
/var/lib/tomcat5.5/webapps/banks-of-community/WEB-INF/cache
Jul 15 20:03:12 srv097 jsvc.exec[3323]: 20:03:12,617  INFO
[/banks-of-community] - Cyclos initialized
Jul 15 20:03:13 srv097 jsvc.exec[3323]: 20:03:13,907  INFO
[/banks-of-community] - No Configuration for this context.  Initializing.
Jul 15 20:03:13 srv097 jsvc.exec[3323]: 20:03:13,907  INFO
[/banks-of-community] - configuring cewolf app..
Jul 15 20:03:13 srv097 jsvc.exec[3323]: 20:03:13,911  INFO
[/banks-of-community] - using storage class
de.laures.cewolf.storage.ClusterableSessionStorage
Jul 15 20:03:13 srv097 jsvc.exec[3323]: 20:03:13,911  INFO
[/banks-of-community] - using overlibURL /pages/scripts/overlib.js
Jul 15 20:03:13 srv097 jsvc.exec[3323]: 20:03:13,912  INFO
[/banks-of-community] - debugging is turned off
Jul 15 20:03:13 srv097 jsvc.exec[3323]: 20:03:13,912  INFO
[/banks-of-community] - ...done.
Jul 15 20:03:16 srv097 jsvc.exec[3323]: Jul 15, 2010 8:03:16 PM
org.apache.coyote.http11.Http11BaseProtocol start#012INFO: Starting Coyote
HTTP/1.1 on http-8080
Jul 15 20:03:16 srv097 jsvc.exec[3323]: Jul 15, 2010 8:03:16 PM
org.apache.coyote.http11.Http11BaseProtocol start#012INFO: Starting Coyote
HTTP/1.1 on http-8443
Jul 15 20:03:16 srv097 jsvc.exec[3323]: Jul 15, 2010 8:03:16 PM
org.apache.jk.common.ChannelSocket init#012INFO: JK: ajp13 listening on
/0.0.0.0:8009
Jul 15 20:03:16 srv097 jsvc.exec[3323]: Jul 15, 2010 8:03:16 PM
org.apache.jk.server.JkMain start#012INFO: Jk running ID=0 time=0/86 
config=null
Jul 15 20:03:16 srv097 jsvc.exec[3323]: Jul 15, 2010 8:03:16 PM

Re: problems start cyclos in Tomcat with secutrity manager

2010-07-14 Thread André Warnier


stefan-b wrote:

Hello,
I hope you can help.

I've installed cyclos (http://project.cyclos.org) on my tomcat5.5 running on
debian lenny on amd64Bit Machine.
A Mail to the Cyclos Team itself gets no answer since a week and the Cyclos
Forum is nearly dead :(

With an disabled security manager all works fine.
The Manager was disabled in /etc/init.d/tomcat5.5

To make a long story short, I do not think that there is any problem in disabling the 
security manager, if you trust the webapps that you install on your server.
It is another matter entirely if you are going to allow other people to load and install 
webapps on it.
Finding out which specific permissions you need to grant to an application which you do 
not entirely know, can be a long and frustrating experience, and may well come to the same 
thing anyway in the end, given a complex application.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: problems start cyclos in Tomcat with secutrity manager

Re: problems start cyclos in Tomcat with secutrity manager (Solved)

Re: problems start cyclos in Tomcat with secutrity manager

3 matches

Site Navigation

Mail list logo

Footer information