Hello,
I am starting Tomcat 3.2.1 with the -security option, so a
SecurityManager is used.
Then despite of my tomcat.policy file content (I have checked that this
file is really the one read to set the security policy) I get the error
message below. In fact it correspond to call to a class that is provided
in my delivery. Tomcat expands my .war file and under
.../myWebApps/WEB-INF/classes I find the .class files of my application.
If I do not set the SecurityManager, my servlet initialization
succeeds, and it is reachable.
Additionnal question: Is there a mean to make tomcat use my .war files
without expanding them ?
Using classpath:
/usr/local/jakarta-tomcat/dist/tomcat/classes:/usr/local/jakarta-tomcat/dist/tomcat/lib/ant.jar:/usr/local/jakarta-tomcat/dist/tomcat/lib/jasper.jar:/usr/local/jakarta-tomcat/dist/tomcat/lib/jaxp.jar:/usr/local/jakarta-tomcat/dist/tomcat/lib/parser.jar:/usr/local/jakarta-tomcat/dist/tomcat/lib/servlet.jar:/usr/local/jakarta-tomcat/dist/tomcat/lib/test:/usr/local/jakarta-tomcat/dist/tomcat/lib/tomcat.jar:/usr/local/jakarta-tomcat/dist/tomcat/lib/webserver.jar:/usr/local/j2sdk1_3_0/lib/tools.jar
Starting with a SecurityManager
# Starting tomcat. Check logs/tomcat.log for error messages
2001-03-09 10:10:58 - ContextManager: Adding context Ctx( /examples )
2001-03-09 10:10:58 - Ctx( /myWebApp ): Set debug to 9
2001-03-09 10:10:58 - ContextManager: Adding context Ctx( /myWebApp )
2001-03-09 10:10:59 - ContextManager: Adding context Ctx( /admin )
2001-03-09 10:10:59 - ContextManager: Adding context Ctx( )
2001-03-09 10:10:59 - ContextManager: Adding context Ctx( /test )
2001-03-09 10:11:00 - Ctx( /myWebApp ): XmlReader - init /myWebApp
webapps/myWebApp
2001-03-09 10:11:00 - Ctx( /myWebApp ): Reading
/usr/local/jakarta-tomcat/dist/tomcat/webapps/myWebApp/WEB-INF/web.xml
java.security.AccessControlException: access denied
(java.io.FilePermission
/usr/local/jakarta-tomcat/dist/tomcat/webapps/myWebApp/WEB-INF/classes
read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkRead(SecurityManager.java:890)
at java.io.File.isDirectory(File.java:556)
at
org.apache.tomcat.loader.AdaptiveClassLoader.loadClass(AdaptiveClassLoader.java:481)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at x.xxx.xxxx.xxxx.http.MainServlet.<init>(MainServlet.java:251)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at
org.apache.tomcat.core.ServletWrapper.loadServlet(ServletWrapper.java:268)
at
org.apache.tomcat.core.ServletWrapper.init(ServletWrapper.java:289)
at
org.apache.tomcat.context.LoadOnStartupInterceptor.contextInit(LoadOnStartupInterceptor.java:130)
at
org.apache.tomcat.core.ContextManager.initContext(ContextManager.java:491)
at
org.apache.tomcat.core.ContextManager.init(ContextManager.java:453)
at org.apache.tomcat.startup.Tomcat.execute(Tomcat.java:195)
at org.apache.tomcat.startup.Tomcat.main(Tomcat.java:235)
cannot load servlet name: MainServlet
2001-03-09 10:11:00 - Ctx( /myWebApp ): Loading -2147483646 jsp
2001-03-09 10:11:00 - Ctx( /myWebApp ): Loading 4 MainServlet
2001-03-09 10:11:02 - PoolTcpConnector: Starting Ajp12ConnectionHandler
on 8007
Here is my policy file:
I suppose that tomcat.home=/usr/local/jakarta-tomcat/dist/tomcat/
(that is the value in tomcat.sh)
// Additional permissions for tomcat.
grant {
// this does not fix the problem
permission java.io.FilePermission "file:${tomcat.home}/webapps/-",
"read";
};
// javac
grant codeBase "file:${java.home}/../lib/-" {
permission java.security.AllPermission;
};
// Tomcat gets all permissions
grant codeBase "file:${tomcat.home}/lib/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${tomcat.home}/classes/-" {
permission java.security.AllPermission;
};
// Example webapp policy
// By default we grant read access on webapp dir and
// write in workdir
grant codeBase "file:${tomcat.home}/webapps/examples" {
permission java.net.SocketPermission "localhost:1024-", "listen";
permission java.util.PropertyPermission "*", "read";
};
grant codeBase "file:${tomcat.home}/webapps/myWebApp" {
permission java.net.SocketPermission "*:1024-65535", "accept, connect,
listen, resolve";
permission java.net.SocketPermission "*:80", "connect,resolve";
permission java.util.PropertyPermission "*", "read";
// added to try to fix the problem, but it does nothing.
permission java.io.FilePermission
"file:${tomcat.home}/webapps/myWebApp/-", "read";
};
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
