I know it's not going to help you much or at all. And I am not
certain what's going on with your side, but just FYI. I have
tested the TC v4.1.12 with "-security." And it runs fine on
the WinNT.
It has many security permissions in the catalina.policy, inclduing
own Web Apps, JAXM, AXIS, RMI stub downloading, blah, blah...
Pae
> Thank you for your suggestions. See my comments below:
>
> > First, ensure you are running with the -security option that
> > turns on Tomcat
> > with the security manager installed. Often you need to modify the
>
> I am definitely running with the -security option. I have double-checked
> that it's in my start.bat script in the bin/ directory and I see the
> statement "Using Security Manager" on the tomcat console. Plus, when
> running with -Djava.security.debug=access,failure, I see permissions
> checking etc. going on.
>
> > Second, you are granting your permissions far too low on the
> > file path. At
> > the very least, consider something like
> >
> > grant codeBase "file:${catalina.base}/webapps/yourappname/-" {
>
> The grant that I described there was a last-ditch desparate attempt to
> cover everything with AllPermission. I had previously tried granting on
> the individual .jar files, on the webapps directory, on my specific
> webapps directory, etc. I've tried every conceivable known permutation.
> Regardless, I did as you suggested and put the grant back on the
> specific webapp directory (using the "-" at the end)... No luck.
>
> >
> > Third, are you actually running multiple instances in which your
> > catalina.base is different than your catalina.home? If so,
>
> I'm only running one instance of tomcat. I'm not sure where/how
> catalina.base gets set, but I have a good feeling that the actual policy
> file is being read b/c if I remove that policy file then everything goes
> nuts.
>
> One interesting thing is that I can grant access in the general grant {
> ... } clause (no specific codeBase specified... Just the default for all
> webapps), and things will work fine. However, I don't want to grant
> access to all webapps, I only want to grant access to a particular
> webapp/jar file.
>
> Basically, it looks like grant entries on codebase's under the webapps
> directory are *completely ignored*. No matter what I grant on a
> particular webapp (using grant codeBase
> "file:${catalina.base}/webapps/appname/-" { <perms> }), nothing takes
> effect at all. I can verify this by looking at debug output (setting
> java.debug.security=policy,access,failure) -- when it prints the
> Protection Domain that failed the access call, I can clearly see that
> *no permissions* are granted to the jar files under that webapp/codebase
> besides the default jndi and file read permissions. If I want any
> permissions to apply, I have to grant them generally in the grant { ...
> } clause (no codeBase).
>
> Obviously, this is not desired behavior. It looks like there could be a
> bug in the Tomcat policy management?
>
> JP
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
