Re: DO NOT REPLY [Bug 13907] - security manager does not give readpermission on a context by default

Thu, 24 Oct 2002 23:10:15 -0700 

> On Thu, 24 Oct 2002 22:59:59 -0500, Glenn Nielsen <[EMAIL PROTECTED]> said:
> Gettting the latest version from CVS won't fix your problem. I still
> think the problem is somewhere in your configuration.

I've installed the 4.1.12 tarball from the website and am running it
without modification other than adding the test jsp to
webapps/examples/jsp/test.jsp

I've now tried it under:

 Solaris/JDK1.4 with 4.1.12-LE 
 FreeBSD/JDK1.3.1 with 4.1.12
 Debian/JDK1.3.1 with 4.1.12

with the same result.

> You might try posting the SecurityManager debug output when the
> FilePermission read is denied.  Including the stack trace and the
> ProtectionDomain which failed.

Okay, here goes -- as I mentioned before, I see this as the exception:

org.apache.jasper.JasperException: access denied (java.io.FilePermission 
/usr/local/tomcat/webapps/examples/test2.new read)

and with the following CATALINA_OPTS=-Djava.security.debug=access,failure I get this 
in logs/catalina.out:

access: access denied (java.io.FilePermission 
/usr/local/tomcat/webapps/examples/test2.new read)
java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1071)
        at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:259)
        at java.security.AccessController.checkPermission(AccessController.java:401)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:887)
        at java.io.File.exists(File.java:677)
        at org.apache.jsp.test_jsp._jspService(test_jsp.java:53)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at 
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:204)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
        at 
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:98)
        at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176)
        at java.security.AccessController.doPrivileged(Native Method)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
        at 
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at 
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:471)
        at 
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
        at 
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at 
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
        at 
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
        at 
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
        at 
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:256)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:361)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:563)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:535)
        at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:638)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
        at java.lang.Thread.run(Thread.java:536)
access: access allowed (java.util.PropertyPermission java.security.debug read)
access: domain that failed ProtectionDomain  (file:/usr/local/tomcat/webapps/examples/ 
<no certificates>)
 null
 <no principals>
 java.security.Permissions@17aece8 (
 (java.io.FilePermission /usr/local/tomcat/work/Standalone/localhost/examples/- read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission jaxp.debug read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission javax.sql.* read)
 (java.util.PropertyPermission java.naming.* read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.home read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission os.arch read)
 (java.lang.RuntimePermission accessClassInPackage.sun.beans.*)
 (java.lang.RuntimePermission accessClassInPackage.sun.beans)
 (java.lang.RuntimePermission getAttribute)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.util.*)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime.*)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.util)
)

Hope that helps?

Thanks,
Adi

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>

Reply via email to