Peter, On Wed, Aug 20, 2008 at 2:41 PM, Peter von Kaehne <[EMAIL PROTECTED]> wrote: > Thanks Troy. > > I will now go and try this out. > > But I found a file in my [~tomcat]/conf called catalina.policy. It lists > permissions for every aspect of java and of tomcat + has a section of > permission for webapplications. e.g. it appears that each webapplication > needs permissions set to connect to a TCP port and also permissions to > execute/access stuff from the operating system etc.
My own experiences (nightmares?) getting Catalina setup and running on a Linux system seem to indicate that the catalina.policy file is generated at Tomcat's startup time by Tomcat. Every time I tried to change a setting in catalina.policy, then restarted the server, it would overwrite all the changes I had made to the file. To make matters even more frustrating, the default Tomcat installation from Ubuntu and Debian (and, I would imagine, the RPM-based distros also) completely locks down all TCP/IP connections from webapps, even those to the loopback device. Since I could not locate the source of the original settings that were used to generate catalina.policy, I eventually threw my hands up in the air and downloaded the latest version of Tomcat (that works with your Java version) off of the Apache sites. It ran everything beautifully, including my connections to the PostgreSQL database. The downside is -- now the webapps are almost entirely free to access the host system. So you have to be much more careful about what apps you install on the Tomcat instance. But -- it'll probably serve you fewer headaches if you're willing to put up with the slightly lowered security. --Greg > > My best guess right now is that this is where you (on Crosswire) and I (here) > have different settings and I experience my problems. I am not allowed to > access /usr/local/tomcat/conf/catalina.policy on the server. Would it be > possible for you to have a look at this? Are there any specific (or even > generalised) settings in catalina.policy which might cause the different > behaviour? > > Thanks! > > Peter > Peter > > > > > > -------- Original-Nachricht -------- >> Datum: Wed, 20 Aug 2008 19:30:24 +0100 >> Von: "Troy A. Griffitts" <[EMAIL PROTECTED]> >> An: SWORD Developers\' Collaboration Forum <sword-devel@crosswire.org> >> Betreff: Re: [sword-devel] Corba-bindings of sword > >> Dear Peter, >> >> That's odd. How are you launching tomcat? Have you tried bypassing any >> /etc/rc.d startup scripts and just running (as the same user that you >> ran the java testclient) tomcat/bin/startup.sh >> >> The testclient doesn't really do anything so the output of it isn't >> important, except if it throws a bunch of exceptions. Looks like it >> successfully talked with the C++ engine and received an answer back to a >> request for the sword module paths. So I think we're ok there. I'm not >> sure what user tomcat is trying to run as, but if you launch it from the >> startup script, it might work ok. >> >> Peter von Kaehne wrote: >> > Sorry, not sure what happened there.... >> > >> > orbitrc's are liberally strewn around the system >> > >> > running the testclient gives an odd response: >> > >> > Connected: >> > PrefixPath: /usr/share/sword/ >> > ConfigPath: /usr/share/sword/mods.d >> > KeyText: Genesis 2:8 >> > Text: >> > KeyText: Genesis 2:9 >> > Text: >> > KeyText: Genesis 2:10 >> > Text: >> > >> > As you see it is empty. >> > >> > Looking at the logs suggests further that java is actually unable to >> execute swordorbserver (something I can do from the CLI) >> > >> > trying to attach to newly launched ORB >> > calling finalize. >> > trying to attach to running ORB >> > no ORB running; trying to launch >> > java.security.AccessControlException: access denied >> (java.io.FilePermission <<ALL FILES>> execute) >> > at >> java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) >> > at >> java.security.AccessController.checkPermission(AccessController.java:427) >> > at >> java.lang.SecurityManager.checkPermission(SecurityManager.java:532) >> > at java.lang.SecurityManager.checkExec(SecurityManager.java:782) >> > at java.lang.ProcessBuilder.start(ProcessBuilder.java:447) >> > at java.lang.Runtime.exec(Runtime.java:591) >> > at java.lang.Runtime.exec(Runtime.java:429) >> > at java.lang.Runtime.exec(Runtime.java:326) >> > at org.crosswire.sword.orb.SwordOrb.startOrb(SwordOrb.java:116) >> > at >> org.crosswire.sword.orb.SwordOrb.getSWMgrInstance(SwordOrb.java:159) >> > at org.crosswire.sword.orb.SwordOrb.finalize(SwordOrb.java:74) >> > at java.lang.ref.Finalizer.invokeFinalizeMethod(Native Method) >> > at java.lang.ref.Finalizer.runFinalizer(Finalizer.java:83) >> > at java.lang.ref.Finalizer.access$100(Finalizer.java:14) >> > at >> java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:160) >> > trying to attach to newly launched ORB >> > at >> java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) >> > at >> java.security.AccessController.checkPermission(AccessController.java:427) >> > at >> java.lang.SecurityManager.checkPermission(SecurityManager.java:532) >> > at java.lang.SecurityManager.checkExec(SecurityManager.java:782) >> > at java.lang.ProcessBuilder.start(ProcessBuilder.java:447) >> > at java.lang.Runtime.exec(Runtime.java:591) >> > at java.lang.Runtime.exec(Runtime.java:429) >> > at java.lang.Runtime.exec(Runtime.java:326) >> > at org.crosswire.sword.orb.SwordOrb.startOrb(SwordOrb.java:116) >> > at >> org.crosswire.sword.orb.SwordOrb.getSWMgrInstance(SwordOrb.java:159) >> > at >> org.crosswire.sword.orb.SwordOrb.getSWMgrInstance(SwordOrb.java:216) >> > at org.apache.jsp.index_jsp._jspService(index_jsp.java:182) >> > at >> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) >> > at >> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324) >> > at >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) >> > at >> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) >> > at sun.reflect.GeneratedMethodAccessor37.invoke(Unknown Source) >> > at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >> > at java.lang.reflect.Method.invoke(Method.java:585) >> > at >> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243) >> > at java.security.AccessController.doPrivileged(Native Method) >> > at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) >> > at >> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272) >> > at >> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161) >> > at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245) >> > at >> org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:50) >> > at >> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156) >> > at java.security.AccessController.doPrivileged(Native Method) >> > at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152) >> > at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) >> > at >> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) >> > at >> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) >> > at >> org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198) >> > at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152) >> > at >> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) >> > at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) >> > at >> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) >> > at >> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) >> > at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) >> > at >> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) >> > at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) >> > at >> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) >> > at >> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) >> > at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >> > at >> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) >> > at >> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) >> > at >> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) >> > at >> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) >> > at >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) >> > at >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705) >> > >> > >> > >> >> >> _______________________________________________ >> sword-devel mailing list: sword-devel@crosswire.org >> http://www.crosswire.org/mailman/listinfo/sword-devel >> Instructions to unsubscribe/change your settings at above page > > -- > GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry > Passion! > http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196 > > _______________________________________________ > sword-devel mailing list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel > Instructions to unsubscribe/change your settings at above page > _______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
