Re: null security domain

Aaron Stromas Thu, 15 Jun 2000 05:21:08 -0700
ok, i figured it out just as soon as i made the post. sort of... i had to add my
servlet.jar to the wrapper.classpath in jserv.properties to get the codebase picked
up. it will also inhibit automatic reload - not so good. i'm still not clear as to
why the problem occurred in the first place. does it have to do with the classloader?

-a

"Aaron M. Stromas" wrote:

> experts,
>
> please explain to me what is happenning with this situation.
>
> i am using the jserv servlet engine with apache and the ibm jdk 1.3.
> i've installed the sun
> security manager and it throws a security exception when the servlet's
> init method attempts
> to read a file. what confuses me is that when i turned on the tracing i
> found out that the
> domain that fails is null (see below).  a few more relevant details -
> the servlets are mount point is
>
>      ApJServMount /servlet /root
>
> i have started adding permissions to the java security policy for the
> ApacheJServ.jar one by one until
> it looked like this
>
> grant codebase "file:/usr/local/apache/libexec/ApacheJServ.jar" {
>
>         permission java.io.FilePermission
> "/usr/local/apache/conf/jserv/jserv.properties", "read";
>         permission java.io.FilePermission
> "/usr/local/apache/conf/jserv/zone.properties", "read";
>         permission java.io.FilePermission "/usr/local/apache/logs",
> "read,write";
>         permission java.io.FilePermission "/usr/local/apache/logs/*",
> "read,write";
>         permission java.io.FilePermission
> "/usr/local/apache/servlets/servlet.jar", "read";
>         permission java.io.FilePermission
> "/usr/local/apache/servlets/-", "read";
>
>         permission java.lang.RuntimePermission "createClassLoader";
>
>         permission java.net.SocketPermission
> "*:1024-65535","connect,accept,listen,resolve";
> };
>
> the policy has also has a grant for  the jar containig  the servlet
> which reads the file, which i
> expected to be the appropriate security domain:
>
> grant codebase "file:/usr/local/apache/servlets/servlet.jar" {
>        permission java.io.FilePermission
> "/home/ams/work/servlet/data/items", "read,write";
> };
>
> i'm stumped. why the servlet's codebase is ignored? any suggestions are
> eagerly sought. thanks!
>
> access: access denied (java.io.FilePermission
> /home/ams/work/servlet/data/items read)
> java.lang.Exception: Stack trace
>         at java.lang.Throwable.<init>(Throwable.java:96)
>         at java.lang.Exception.<init>(Exception.java:44)
>         at java.lang.Thread.dumpStack(Thread.java:1007)
>         at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:268)
>
>         at
> java.security.AccessController.checkPermission(AccessController.java:405)
>
>         at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:551)
>         at java.lang.SecurityManager.checkRead(SecurityManager.java:896)
>
>         at java.io.FileInputStream.<init>(FileInputStream.java:67)
>         at java.io.FileInputStream.<init>(FileInputStream.java:101)
>         at com.oracle.ats.servlet.servlet.init(Servlet.java:40)
>         at
> org.apache.jserv.JServServletManager.load_init(JServServletManager.java:579)
>
>         at
> org.apache.jserv.JServServletManager.loadServlet(JServServletManager.java:498)
>
>         at
> org.apache.jserv.JServConnection.processRequest(JServConnection.java:269)
>
>         at
> org.apache.jserv.JServConnection.run(JServConnection.java:188)
>         at java.lang.Thread.run(Thread.java:498)
> access: domain that failed ProtectionDomain (null <no certificates>)
>
> --
> Aaron Stromas     |   "Tick-tick-tick!!!... ja, Pantani is weg...."
> Oracle Corp.      |              BRTN commentator,
> +1 703 708 6821   |              L'Alpe d'Huez, 1995 Tour de France
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

--
Aaron Stromas    | "Tick-tick-tick!!!... ja, Pantani is weg..."
Oracle Corp      |                             BRTN commentator
+1 703.708.68.21 |                              L'Alpe d'Huez
                                            1995 Tour de France

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
Re: null security domain

Reply via email to
