Re: socket permission catalina.policy question

Fri, 18 Oct 2002 02:19:32 -0700 

Start Tomcat with the java property -Djava.security.debug=access,failure
defined, then review all the debug output.

More information on how the Tomcat SecurityManager works can be found at:

http://kinetic.more.net/web/javaserver/security.shtml

Regards,

Glenn

Andrew Cheng wrote:

Quick question:

I have an applet that communicates with a servlet.  The servlet tries to
download a DTD file from a third machine.  It gets a socket permission
access denied exception.

I have wrapped the line of code in the servlet that downloads the file with
a privileged block.

The line of code calls a method inside a jar file.  I have used the policy
tool to grant all permissions to this jar file.  I have even tried granting
all permissions to all code temporarily!

I have made sure to use the "-security" option when starting tomcat.  I have
double checked this by looking at the log file and seeing that the security
manager is being used.

However, my servlet still gets a socket permission access denied exception.
The file I am trying to download is definitely downloadable from the machine
that the servlet is running on.  Please tell me what I have forgotten to do.

Thanks in advance,
Andrew
grant {
  permission java.security.AllPermission;
};

grant codeBase "file:${catalina.home}/_____/-" {
  permission java.net.SocketPermission "_____:8080", "accept, connect,
listen, resolve";
};

grant codeBase "file:${catalina.home}/_____/jdom.jar" {
  permission java.security.AllPermission;
  permission java.net.SocketPermission "_____:8080", "accept, connect,
listen, resolve";
};

grant codeBase "file:${catalina.home}/_____/jdom.jar!/-" {
  permission java.security.AllPermission;
};


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>


--
----------------------------------------------------------------------
Glenn Nielsen             [EMAIL PROTECTED] | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>

Reply via email to