Hi,
please, is there anybody who is using Tomcat with security manager
turned on and can send me content of catalina.policy file? Because
of my application is working without Security manager. But when I
turn it on, my application throws an error. After days of googling I
cannot find solution. Please, help. Thanks a lot.
jht
My catalina.policy file and Tomcat log:
// ========== SYSTEM CODE PERMISSIONS
=========================================
// These permissions apply to javac
grant codeBase "file:${java.home}/lib/-" {
permission java.security.AllPermission;
};
// These permissions apply to all shared system extensions
grant codeBase "file:${java.home}/jre/lib/ext/-" {
permission java.security.AllPermission;
};
// These permissions apply to javac when ${java.home] points at
$JAVA_HOME/jre
grant codeBase "file:${java.home}/../lib/-" {
permission java.security.AllPermission;
};
// These permissions apply to all shared system extensions when
// ${java.home} points at $JAVA_HOME/jre
grant codeBase "file:${java.home}/lib/ext/-" {
permission java.security.AllPermission;
};
// ========== CATALINA CODE PERMISSIONS
=======================================
// These permissions apply to the daemon code
grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
permission java.security.AllPermission;
};
// These permissions apply to the logging API
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission
"java.util.logging.config.class", "read";
permission java.util.PropertyPermission
"java.util.logging.config.file", "read";
permission java.io.FilePermission "${java.home}$
{file.separator}lib${file.separator}logging.properties", "read";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.io.FilePermission "${catalina.base}$
{file.separator}conf${file.separator}logging.properties", "read";
permission java.util.PropertyPermission "catalina.base",
"read";
permission java.util.logging.LoggingPermission "control";
permission java.io.FilePermission "${catalina.base}$
{file.separator}logs", "read, write";
permission java.io.FilePermission "${catalina.base}$
{file.separator}logs${file.separator}*", "read, write";
permission java.lang.RuntimePermission "getClassLoader";
// To enable per context logging configuration, permit read
access to the appropriate file.
// Be sure that the logging configuration is secure before
enabling such access
// eg for the examples web application:
// permission java.io.FilePermission "${catalina.base}$
{file.separator}webapps${file.separator}examples${file.separator}WEB-
INF${file.separator}classes${file.separator}logging.properties",
"read";
};
// These permissions apply to the server startup code
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
permission java.security.AllPermission;
};
// These permissions apply to the servlet API classes
// and those that are shared across all class loaders
// located in the "lib" directory
grant codeBase "file:${catalina.home}/lib/-" {
permission java.security.AllPermission;
};
// ========== WEB APPLICATION PERMISSIONS
=====================================
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document
root.
grant {
// Required for JNDI lookup of named JDBC DataSource's and
// javamail named MimePart DataSource used to send mail
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "java.naming.*", "read";
permission java.util.PropertyPermission "javax.sql.*", "read";
// OS Specific properties to allow read access
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
// JVM properties to allow read access
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version",
"read";
permission java.util.PropertyPermission
"java.specification.version", "read";
permission java.util.PropertyPermission
"java.specification.vendor", "read";
permission java.util.PropertyPermission
"java.specification.name", "read";
permission java.util.PropertyPermission
"java.vm.specification.version", "read";
permission java.util.PropertyPermission
"java.vm.specification.vendor", "read";
permission java.util.PropertyPermission
"java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
// Required for OpenJMX
permission java.lang.RuntimePermission "getAttribute";
// Allow read of JAXP compliant XML parser debug
permission java.util.PropertyPermission "jaxp.debug", "read";
// Precompiled JSPs need access to this package.
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.runtime";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.runtime.*";
// Precompiled JSPs need access to this system property.
permission java.util.PropertyPermission
"org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
};
and here is an error message from Apache Tomcat/6.0.18:
12-Aug-2009 19:27:17 org.apache.catalina.core.ApplicationContext log
INFO: Manager: list: Listing contexts for virtual host 'localhost'
12-Aug-2009 19:27:17 org.apache.catalina.core.ApplicationContext log
INFO: Manager: list: Listing contexts for virtual host 'localhost'
12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
INFO: Manager: list: Listing contexts for virtual host 'localhost'
12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
INFO: Manager: list: Listing contexts for virtual host 'localhost'
12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
INFO: Manager: list: Listing contexts for virtual host 'localhost'
12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
INFO: Manager: list: Listing contexts for virtual host 'localhost'
12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
INFO: Manager: install: Installing context configuration at 'file:/
tmp/context8585864104667478830.xml'
12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
INFO: Manager: install: Installing context configuration at 'file:/
tmp/context8585864104667478830.xml'
12-Aug-2009 19:27:31 org.apache.catalina.loader.WebappClassLoader
validateJarFile
INFO: validateJarFile(/home/xjuraj/NetBeansProjects/jjurco.sk/build/
web/WEB-INF/lib/servlet-api.jar) - jar not loaded. See Servlet Spec
2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
12-Aug-2009 19:27:31 org.apache.catalina.loader.WebappClassLoader
validateJarFile
INFO: validateJarFile(/home/xjuraj/NetBeansProjects/jjurco.sk/build/
web/WEB-INF/lib/servlet-api.jar) - jar not loaded. See Servlet Spec
2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
12-Aug-2009 19:27:31 org.apache.catalina.core.StandardContext
filterStart
SEVERE: Exception starting filter StripesFilter
java.security.AccessControlException: access denied
(java.util.PropertyPermission Configuration.Class read)
at
java.
security.
AccessControlContext.checkPermission(AccessControlContext.java:323)
at
java.security.AccessController.checkPermission(AccessController.java:
546)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:
1285)
at java.lang.System.getProperty(System.java:650)
at
net.
sourceforge.
stripes.
config.
BootstrapPropertyResolver.getProperty(BootstrapPropertyResolver.java:
68)
at
net.
sourceforge.stripes.controller.StripesFilter.init(StripesFilter.java:
74)
at
org.
apache.
catalina.
core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:
275)
at
org.
apache.
catalina.
core.
ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:397)
at
org.
apache.
catalina.
core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:108)
at
org.
apache.
catalina.core.StandardContext.filterStart(StandardContext.java:3709)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:
4363)
at
org.
apache.
catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.access
$000(ContainerBase.java:123)
at org.apache.catalina.core.ContainerBase
$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:
769)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at
org.
apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:
627)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:511)
at
org.apache.catalina.startup.HostConfig.check(HostConfig.java:1231)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.
reflect.
NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.
reflect.
DelegatingMethodAccessorImpl.
invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.
apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:
297)
at
com.
sun.
jmx.
interceptor.
DefaultMBeanServerInterceptor.
invoke(DefaultMBeanServerInterceptor.java:836)
at
com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at
org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:
1471)
at
org.
apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:824)
at
org.apache.catalina.manager.ManagerServlet.doGet(ManagerServlet.java:
350)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
717)
at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown
Source)
at
sun.
reflect.
DelegatingMethodAccessorImpl.
invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil
$1.run(SecurityUtil.java:244)
at java.security.AccessC
---
---
---
---------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008
30-Day
trial. Simplify your report design, integration and deployment - and
focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
