// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
[...]
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.core.*";
}
or do not use the SecurityManager.
*But* remember you are opening the Tomcat core classes to all web applications, and this is potentially a *security risk*. Also, your application is not portable across different Servlet Container when doing that.
-- Jeanfrancois
[EMAIL PROTECTED] wrote:
I have the following exception thrown when attempting to access tomcat app resources
WarpEngine[Apache - Tomcat4]: Mapping request
Security Violation, attempt to use Restricted Class: org.apache.catalina.core.ApplicationDispatcher
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.core)
at java.security.AccessControlContext.checkPermission(AccessControlContext. java:270)
at java.security.AccessController.checkPermission(AccessController.java:401 )
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1513)
at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLo ader.java:1056)
at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLo ader.java:992)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:322)
at org.apache.catalina.core.ApplicationContext.getNamedDispatcher(Applicati onContext.java:534)
at org.apache.catalina.core.ApplicationContextFacade.getNamedDispatcher(App licationContextFacade.java:179)
at alvolo.servlet.DispatcherServlet.initialiseSession(DispatcherServlet.jav a:280)
at alvolo.servlet.DispatcherServlet.doGet(DispatcherServlet.java:146)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilt erChain.java:197)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterC hain.java:176)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:172)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:190)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:566)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.ja va:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:234 3)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :180)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherVa lve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:174)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:429)
at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:495)
at java.lang.Thread.run(Thread.java:536)
StandardClassLoader: Security Violation, attempt to use Restricted Class: org.apache.catalina.core.ApplicationDispatcher
Does anybody have any suggestions as to how to attack this issue
Kind regards
Warren
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
-- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
