A few corrections to my previous mail: the offending line is a
System.getProperty(...) call and is done by the BootstrapPropertyResolver.
So that's the class to subclass (and configure) if you would like to
override the behaviour.
On Wed, Aug 12, 2009 at 8:25 PM, Levi Hoogenberg
<[email protected]>wrote:
> Hello,
>
> this is caused by the fact that Stripes performs a System.getProperties()
> call the StripesFilter. There are two ways around it:
> - subclass StripesFilter to avoid the call;
> - edit your security settings to allow the call. I'm no SecurityManager
> expert, but the line you need probably needs a wildcard (*).
>
> Levi
>
> Op 12 aug 2009 om 19:34 heeft JiangHongTiao <[email protected]> het
> volgende geschreven:\
>
> Hi,
> please, is there anybody who is using Tomcat with security manager turned
> on and can send me content of catalina.policy file? Because of my
> application is working without Security manager. But when I turn it on, my
> application throws an error. After days of googling I cannot find solution.
> Please, help. Thanks a lot.
>
> jht
>
> My catalina.policy file and Tomcat log:
>
> *// ========== SYSTEM CODE PERMISSIONS
> =========================================*
>
>
> *// These permissions apply to javac*
> *grant codeBase "file:${java.home}/lib/-" {*
> * permission java.security.AllPermission;*
> *};*
>
> *// These permissions apply to all shared system extensions*
> *grant codeBase "file:${java.home}/jre/lib/ext/-" {*
> * permission java.security.AllPermission;*
> *};*
>
> *// These permissions apply to javac when ${java.home] points at
> $JAVA_HOME/jre*
> *grant codeBase "file:${java.home}/../lib/-" {*
> * permission java.security.AllPermission;*
> *};*
>
> *// These permissions apply to all shared system extensions when*
> *// ${java.home} points at $JAVA_HOME/jre*
> *grant codeBase "file:${java.home}/lib/ext/-" {*
> * permission java.security.AllPermission;*
> *};*
>
>
> *// ========== CATALINA CODE PERMISSIONS
> =======================================*
>
>
> *// These permissions apply to the daemon code*
> *grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {*
> * permission java.security.AllPermission;*
> *};*
>
> *// These permissions apply to the logging API*
> *grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {*
> * permission java.util.PropertyPermission
> "java.util.logging.config.class", "read";*
> * permission java.util.PropertyPermission
> "java.util.logging.config.file", "read";*
> * permission java.io.FilePermission
> "${java.home}${file.separator}lib${file.separator}logging.properties",
> "read"; *
> * permission java.lang.RuntimePermission "shutdownHooks";*
> * permission java.io.FilePermission
> "${catalina.base}${file.separator}conf${file.separator}logging.properties",
> "read";*
> * permission java.util.PropertyPermission "catalina.base", "read";*
> * permission java.util.logging.LoggingPermission "control";*
> * permission java.io.FilePermission
> "${catalina.base}${file.separator}logs", "read, write";*
> * permission java.io.FilePermission
> "${catalina.base}${file.separator}logs${file.separator}*", "read, write";*
> * permission java.lang.RuntimePermission "getClassLoader";*
> * // To enable per context logging configuration, permit read
> access to the appropriate file.*
> * // Be sure that the logging configuration is secure before
> enabling such access*
> * // eg for the examples web application:*
> * // permission java.io.FilePermission
> "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
> "read";*
> *};*
>
> *// These permissions apply to the server startup code*
> *grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {*
> * permission java.security.AllPermission;*
> *};*
>
> *// These permissions apply to the servlet API classes*
> *// and those that are shared across all class loaders*
> *// located in the "lib" directory*
> *grant codeBase "file:${catalina.home}/lib/-" {*
> * permission java.security.AllPermission;*
> *};*
>
>
> *// ========== WEB APPLICATION PERMISSIONS
> =====================================*
>
>
> *// These permissions are granted by default to all web applications*
> *// In addition, a web application will be given a read FilePermission*
> *// and JndiPermission for all files and directories in its document root.
> *
> *grant { *
> * // Required for JNDI lookup of named JDBC DataSource's and*
> * // javamail named MimePart DataSource used to send mail*
> * permission java.util.PropertyPermission "java.home", "read";*
> * permission java.util.PropertyPermission "java.naming.*", "read";*
> * permission java.util.PropertyPermission "javax.sql.*", "read";*
>
> * // OS Specific properties to allow read access*
> * permission java.util.PropertyPermission "os.name", "read";*
> * permission java.util.PropertyPermission "os.version", "read";*
> * permission java.util.PropertyPermission "os.arch", "read";*
> * permission java.util.PropertyPermission "file.separator", "read";*
> * permission java.util.PropertyPermission "path.separator", "read";*
> * permission java.util.PropertyPermission "line.separator", "read";*
>
> * // JVM properties to allow read access*
> * permission java.util.PropertyPermission "java.version", "read";*
> * permission java.util.PropertyPermission "java.vendor", "read";*
> * permission java.util.PropertyPermission "java.vendor.url", "read";*
> * permission java.util.PropertyPermission "java.class.version", "read";
> *
> * permission java.util.PropertyPermission "java.specification.version",
> "read";*
> * permission java.util.PropertyPermission "java.specification.vendor",
> "read";*
> * permission java.util.PropertyPermission "java.specification.name",
> "read";*
>
> * permission java.util.PropertyPermission
> "java.vm.specification.version", "read";*
> * permission java.util.PropertyPermission
> "java.vm.specification.vendor", "read";*
> * permission java.util.PropertyPermission "java.vm.specification.name",
> "read";*
> * permission java.util.PropertyPermission "java.vm.version", "read";*
> * permission java.util.PropertyPermission "java.vm.vendor", "read";*
> * permission java.util.PropertyPermission "java.vm.name", "read";*
>
> * // Required for OpenJMX*
> * permission java.lang.RuntimePermission "getAttribute";*
>
> * // Allow read of JAXP compliant XML parser debug*
> * permission java.util.PropertyPermission "jaxp.debug", "read";*
>
> * // Precompiled JSPs need access to this package.*
> * permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.jasper.runtime";*
> * permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.jasper.runtime.*";*
> * *
> * // Precompiled JSPs need access to this system property.*
> * permission java.util.PropertyPermission
> "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";*
>
> *};*
>
> *and here is an error message from Apache Tomcat/6.0.18: *
>
> 12-Aug-2009 19:27:17 org.apache.catalina.core.ApplicationContext log
> INFO: Manager: list: Listing contexts for virtual host 'localhost'
> 12-Aug-2009 19:27:17 org.apache.catalina.core.ApplicationContext log
> INFO: Manager: list: Listing contexts for virtual host 'localhost'
> 12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
> INFO: Manager: list: Listing contexts for virtual host 'localhost'
> 12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
> INFO: Manager: list: Listing contexts for virtual host 'localhost'
> 12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
> INFO: Manager: list: Listing contexts for virtual host 'localhost'
> 12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
> INFO: Manager: list: Listing contexts for virtual host 'localhost'
> 12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
> INFO: Manager: install: Installing context configuration at
> 'file:/tmp/context8585864104667478830.xml'
> 12-Aug-2009 19:27:31 org.apache.catalina.core.ApplicationContext log
> INFO: Manager: install: Installing context configuration at
> 'file:/tmp/context8585864104667478830.xml'
> 12-Aug-2009 19:27:31 org.apache.catalina.loader.WebappClassLoader
> validateJarFile
> INFO: validateJarFile(/home/xjuraj/NetBeansProjects/
> jjurco.sk/build/web/WEB-INF/lib/servlet-api.jar) - jar not loaded. See
> Servlet Spec 2.3, section 9.7.2. Offending class:
> javax/servlet/Servlet.class
> 12-Aug-2009 19:27:31 org.apache.catalina.loader.WebappClassLoader
> validateJarFile
> INFO: validateJarFile(/home/xjuraj/NetBeansProjects/
> jjurco.sk/build/web/WEB-INF/lib/servlet-api.jar) - jar not loaded. See
> Servlet Spec 2.3, section 9.7.2. Offending class:
> javax/servlet/Servlet.class
> 12-Aug-2009 19:27:31 org.apache.catalina.core.StandardContext filterStart
> SEVERE: Exception starting filter StripesFilter
> java.security.AccessControlException: access denied
> (java.util.PropertyPermission Configuration.Class read)
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
> at
> java.security.AccessController.checkPermission(AccessController.java:546)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at
> java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
> at java.lang.System.getProperty(System.java:650)
> at
> net.sourceforge.stripes.config.BootstrapPropertyResolver.getProperty(BootstrapPropertyResolver.java:68)
> at
> net.sourceforge.stripes.controller.StripesFilter.init(StripesFilter.java:74)
> at
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:275)
> at
> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:397)
> at
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:108)
> at
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3709)
> at
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4363)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
> at
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
> at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
> at
> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
> at
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:511)
> at
> org.apache.catalina.startup.HostConfig.check(HostConfig.java:1231)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
> at
> com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
> at
> com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
> at
> org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1471)
> at
> org.apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:824)
> at
> org.apache.catalina.manager.ManagerServlet.doGet(ManagerServlet.java:350)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessC
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. <http://p.sf.net/sfu/bobj-july>
> http://p.sf.net/sfu/bobj-july
>
> _______________________________________________
> Stripes-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
