Hi
I try to run Tomcat with SecurityManager and policy file.
First, I found a bug in tomcat.sh - it passes "-security" option to the
class (it's necessary to add one "shift" statement before calling java).
Then I found that all session-based jsps give me errors like this (in
tomcat console):
java.security.AccessControlException: access denied
(java.util.PropertyPermission tomcat.sessionid.randomclass read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1278)
at java.lang.System.getProperty(System.java:560)
at
org.apache.tomcat.util.SessionIdGenerator.getIdentifier(SessionIdGenerator.java:124)
at
org.apache.tomcat.util.SessionIdGenerator.generateId(SessionIdGenerator.java:177)
at
org.apache.tomcat.util.SessionUtil.generateSessionId(SessionUtil.java:180)
at
org.apache.tomcat.session.StandardManager.getNewSession(StandardManager.java:379)
at
org.apache.tomcat.session.StandardSessionInterceptor.newSessionRequest(StandardSessionInterceptor.java:177)
at
org.apache.tomcat.core.ContextManager.doNewSessionRequest(ContextManager.java:913)
at org.apache.tomcat.core.RequestImpl.getSession(RequestImpl.java:478)
at
org.apache.tomcat.facade.HttpServletRequestFacade.getSession(HttpServletRequestFacade.java:381)
at
org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:173)
at
org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:149)
at
org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:99)
at
jsp.sessions._0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0._jspService(_0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0.java:51)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:177)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:318)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:391)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404)
at org.apache.tomcat.core.Handler.service(Handler.java:286)
at
org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
at
org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797)
at
org.apache.tomcat.core.ContextManager.service(ContextManager.java:743)
at
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166)
at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498)
at java.lang.Thread.run(Thread.java:484)
2001-03-02 03:45:32 - Ctx( /examples ): Exception in: R( /examples +
/jsp/sessions/carts.jsp + null) - java.lang.NullPointerException
at
jsp.sessions._0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0._jspService(_0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0.java:132)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:177)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:318)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:391)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404)
at org.apache.tomcat.core.Handler.service(Handler.java:286)
at
org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
at
org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797)
at
org.apache.tomcat.core.ContextManager.service(ContextManager.java:743)
at
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166)
at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498)
at java.lang.Thread.run(Thread.java:484)
So in browser I also get the error:
Error: 500
Location: /examples/jsp/sessions/carts.jsp
Internal Servlet Error:
java.lang.NullPointerException
at
jsp.sessions._0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0._jspService(_0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0.java:132)
at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:177)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:318)
at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:391)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404)
at org.apache.tomcat.core.Handler.service(Handler.java:286)
at
org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
at
org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797)
at
org.apache.tomcat.core.ContextManager.service(ContextManager.java:743)
at
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166)
at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498)
at java.lang.Thread.run(Thread.java:484)
I use standard tomcat.policy file. It gives "AllPermission" to the
tomcat classes. What's wrong?
Thanks for any ideas.
Sergey
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
