Morning all,
Further to my perevious problem with RMI and servlets, I decided to try
something simpler. My understanding behind my RMI code not working is that
the default security permissions don't allow me to access a socket on my
machine. Trying to change the policy for my webapp using the tomcat.policy
file and the -security option when starting tomcat only made it worse - I
now get exceptions whenever I try to use sessions! Thinking this was my
code, I decided to try the session example which comes with Tomcat. Running
the session example without the - security tag works fine. With it, I get
the problems reported below. Looking at the archives I'm not the only person
having problems with the security manager. If there is a general isssue with
this version of Tomcat which means I won't be able to do what I'm trying to,
I'd like to know even if no-one can help - I could at least start looking at
alternatives rather than banging my head aginst a brick wall :-)
So, with the SessionExample and the -security option, I get the following
exception reported:
java.security.AccessControlException: access denied
(java.util.PropertyPermission tomcat.sessionid.randomclass read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:272)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1278)
at java.lang.System.getProperty(System.java:560)
at
org.apache.tomcat.util.SessionIdGenerator.getIdentifier(SessionIdGenerator.j
ava:124)
at
org.apache.tomcat.util.SessionIdGenerator.generateId(SessionIdGenerator.java
:177)
at
org.apache.tomcat.util.SessionUtil.generateSessionId(SessionUtil.java:180)
at
org.apache.tomcat.session.StandardManager.getNewSession(StandardManager.java
:379)
at
org.apache.tomcat.session.StandardSessionInterceptor.newSessionRequest(Stand
ardSessionInterceptor.java:177)
at
org.apache.tomcat.core.ContextManager.doNewSessionRequest(ContextManager.jav
a:913)
at
org.apache.tomcat.core.RequestImpl.getSession(RequestImpl.java:478)
at
org.apache.tomcat.facade.HttpServletRequestFacade.getSession(HttpServletRequ
estFacade.java:381)
at SessionExample.doGet(SessionExample.java:55)
<snip>
Line 55 in SessionExample is trying to get the id from a retieved session
object:
54: HttpSession session = request.getSession();
55: out.println("Session ID " + session.getId());
This is the policy entry for the examples webapps:
grant codeBase "file:${tomcat.home}/webapps/examples" {
permission java.net.SocketPermission "localhost:1024-", "listen";
permission java.util.PropertyPermission "*", "read";
permission java.security.AllPermission;
};
Despite having full debug for the example webapps specified, I get no
messages in servlet.log.
Any help will be very much appreciated
Sam Newman
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
