Re: [HELP]Tomcat3.2beta4 SecurityManager--Does it really work?

Drasko Kokic Fri, 12 Jan 2001 03:10:32 -0800
Just out of interest ... why wouldn't you like to
upgrade to the Tomcat release version?!

--- "Ye, Tao" <[EMAIL PROTECTED]> wrote:
> Hi, all,
> 
> Thanks for reading this far, now don't give up
> yet...
> 
> I'm trying to use Tomcat standalone with security
> turned on (with tomcat.bat
> run -security), with my servlet in the
> Webapps/myApp/.
> 
> I have followed the direction of
> uguide/tomcat_security.txt that's in the
> doc of the distribution.
> I modified conf/server.xml to:
>     1) add 
>       <SecurityManager
> className="java.security.SecurityManager">
>         <Permission
> className="java.lang.RuntimePermission"
> attribute="stopThread"/>
>         <Permission
> className="java.util.PropertyPermission"
> attribute="java.version" value="read"/>
>       </SecurityManager>
>     2) uncommented
>         <ContextInterceptor 
>            
>
className="org.apache.tomcat.context.PolicyInterceptor"
> />    
>     3) edit myServlet's context to be:
>         <Context path="/myApp" 
>                       docBase="webapps/myApp" 
>                       debug="0" 
>                       reloadable="false" 
>                      trusted="true" > 
>                       <Permission
> className="java.util.PropertyPermission"
> attribute="*" value="read,write" />
>                        <Permission
> className="java.io.FilePermission"
>         attribute="&lt;&lt;ALL FILES&gt;&gt;"
> value="read,write" />
>         </Context>
>       
> 
> I also changed the "webapps/examples" permission to
> AllPermission.
> 
> But I get the following error still (I tried
> AllPermission and same thing
> happens, so it's not the file permission):
> java.security.AccessControlException: access denied
> (java.io.FilePermission
> I:\tomcat\Webapps\myApp\Web-inf\classes read)
>         at
>
java.security.AccessControlContext.checkPermission(Unknown
> Source)
>         at
>
java.security.AccessController.checkPermission(Unknown
> Source)
>         at
> java.lang.SecurityManager.checkPermission(Unknown
> Source)
>         at
> java.lang.SecurityManager.checkRead(Unknown Source)
>         at java.io.File.isDirectory(Unknown Source)
>         at
>
org.apache.tomcat.loader.AdaptiveClassLoader.loadClass(AdaptiveClassLoa
> der.java:465)
>         at java.lang.ClassLoader.loadClass(Unknown
> Source)
>         at
> java.lang.ClassLoader.loadClassInternal(Unknown
> Source)
>         at
> neverhood.myApp.myServlet.<init>(MyServlet.java:59)
>         at java.lang.Class.newInstance0(Native
> Method)
>         at java.lang.Class.newInstance(Unknown
> Source)
>         at
>
org.apache.tomcat.core.ServletWrapper.loadServlet(ServletWrapper.java:2
> 68)
>         at
>
org.apache.tomcat.core.ServletWrapper.init(ServletWrapper.java:289)
>         at
>
org.apache.tomcat.context.LoadOnStartupInterceptor.contextInit(LoadOnSt
> artupInterceptor.java:130)
>         at
>
org.apache.tomcat.core.ContextManager.initContext(ContextManager.java:4
> 43)
>         at
>
org.apache.tomcat.core.ContextManager.init(ContextManager.java:403)
>         at
>
org.apache.tomcat.startup.Tomcat.execute(Tomcat.java:197)
>         at
>
org.apache.tomcat.startup.Tomcat.main(Tomcat.java:237)
> cannot load servlet name: myServlet
> 
> I also tried accessing the examples, same thing:
> 
> java.security.AccessControlException: access denied
> (java.io.FilePermission
>
I:\production\tomcat\Webapps\examples\Web-inf\classes
> read)
>         at
>
java.security.AccessControlContext.checkPermission(Unknown
> Source)
>         at
>
java.security.AccessController.checkPermission(Unknown
> Source)
>         at
> java.lang.SecurityManager.checkPermission(Unknown
> Source)
>         at
> java.lang.SecurityManager.checkRead(Unknown Source)
>         at java.io.File.isDirectory(Unknown Source)
>         at
>
org.apache.tomcat.loader.AdaptiveClassLoader.loadClass(AdaptiveClassLoader.j
> ava:465)
>         at java.lang.ClassLoader.loadClass(Unknown
> Source)
>         at
> java.lang.ClassLoader.loadClassInternal(Unknown
> Source)
>         at
> HelloWorldExample.doGet(HelloWorldExample.java:25)
>         at
>
javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
>         at
>
javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
>         at
>
org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:387)
>         at
>
org.apache.tomcat.core.Handler.service(Handler.java:263)
>         at
>
org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:371)
>         at
>
org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:74
> 9)
>         at
>
org.apache.tomcat.core.ContextManager.service(ContextManager.java:695)
>         at
>
org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpC
> onnectionHandler.java:207)
>         at
>
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:403)
>         at
>
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498)
>         at java.lang.Thread.run(Unknown Source)
> 
> Help??
> 
> bye, 
> 
> Tao 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, email:
> [EMAIL PROTECTED]
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
Re: [HELP]Tomcat3.2beta4 SecurityManager--Does it really work?

Reply via email to
