Hi, I'm executing a webapp from a war file, deployed with its own context descriptor (not autodeployed), in a host (and even context for tomcat5) with unpackwar="false". Security is enabled and just for testing purpose catalina.policy has a grant codebase pointing to the war with java.security.AllPermission. I've tried this both in tomcat 4.1.28 (debian package on linux/i686) and Tomcat 5.0.14. That's the situation, now here's the probem:
webapp static content is served ok, but every servlet hangs, no exception thrown, just browser awaits forever, even if catalina.out shows the exception reported below. When executing form war, I've seen that WEB-INF/classes and WEB-INF/lib are unpacked to [webapp name] dir in tomcat work tree, and if I add the same java.security.AllPermission line, pointing to something like catalina.home/work/.../[webappname]/WEB-INF/- all servlets start working and no exception is reported in catalina.out, so everything works fine. This doubling of grant codebases lines in catalina.policy is no good IMO, so what I'm asking is if there's a way for setting security permissions for packed war executing webapps, in a more clean and clever way. I think I'm definitely missing something, please help me :). ----- Security Violation, attempt to use Restricted Class: org.apache.tomcat.util.http.FastHttpDateFormat java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.tomcat.util.http) Â Â Â Â at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270) Â Â Â Â at java.security.AccessController.checkPermission(AccessController.java:401) Â Â Â Â at java.lang.SecurityManager.checkPermission(SecurityManager.java:542) Â Â Â Â at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1513) Â Â Â Â at org.apache.catalina.loader.StandardClassLoader.loadClass(Unknown Source) Â Â Â Â at org.apache.catalina.loader.StandardClassLoader.loadClass(Unknown Source) Â Â Â Â at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:315) Â Â Â Â at org.apache.coyote.tomcat5.CoyoteResponse.setDateHeader(Unknown Source) Â Â Â Â at org.apache.coyote.tomcat5.CoyoteResponseFacade.setDateHeader(Unknown Source) Â Â Â Â at org.rg.web.JRGServlet.rgService(JRGServlet.java:80) Â Â Â Â at sisc.contratti.ContrattoServlet.doGet(ContrattoServlet.java:27) Â Â Â Â at javax.servlet.http.HttpServlet.service(Unknown Source) Â Â Â Â at javax.servlet.http.HttpServlet.service(Unknown Source) Â Â Â Â at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) Â Â Â Â at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) Â Â Â Â at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) Â Â Â Â at java.lang.reflect.Method.invoke(Method.java:324) Â Â Â Â at org.apache.catalina.security.SecurityUtil$1.run(Unknown Source) Â Â Â Â at java.security.AccessController.doPrivileged(Native Method) Â Â Â Â at javax.security.auth.Subject.doAsPrivileged(Subject.java:499) Â Â Â Â at org.apache.catalina.security.SecurityUtil.execute(Unknown Source) Â Â Â Â at org.apache.catalina.security.SecurityUtil.doAsPrivilege(Unknown Source) Â Â Â Â at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Unknown Source) Â Â Â Â at org.apache.catalina.core.ApplicationFilterChain.access$000(Unknown Source) Â Â Â Â at org.apache.catalina.core.ApplicationFilterChain$1.run(Unknown Source) Â Â Â Â at java.security.AccessController.doPrivileged(Native Method) Â Â Â Â at org.apache.catalina.core.ApplicationFilterChain.doFilter(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardWrapperValve.invoke(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardValveContext.invokeNext(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardPipeline.invoke(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardContextValve.invokeInternal(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardContextValve.invoke(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardValveContext.invokeNext(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardPipeline.invoke(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardHostValve.invoke(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardValveContext.invokeNext(Unknown Source) Â Â Â Â at org.apache.catalina.valves.ErrorReportValve.invoke(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardValveContext.invokeNext(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardPipeline.invoke(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardEngineValve.invoke(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardValveContext.invokeNext(Unknown Source) Â Â Â Â at org.apache.catalina.core.StandardPipeline.invoke(Unknown Source) Â Â Â Â at org.apache.catalina.core.ContainerBase.invoke(Unknown Source) Â Â Â Â at org.apache.coyote.tomcat5.CoyoteAdapter.service(Unknown Source) Â Â Â Â at org.apache.coyote.http11.Http11Processor.process(Unknown Source) Â Â Â Â at org.apache.coyote.http11.Http11Protocol $Http11ConnectionHandler.processConnection(Unknown Source) Â Â Â Â at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:589) Â Â Â Â at org.apache.tomcat.util.threads.ThreadPool $ControlRunnable.run(ThreadPool.java:666) Â Â Â Â at java.lang.Thread.run(Thread.java:536) -- riccardo --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
