Hello All
Hope somebody can help me!
I am using Tomcat 4.0.3 on a Red Hat Linux 7.1 system with Apache 1.3.27, and it works
fine if started without the security manager. Recently I had to put up a file upload
form on one of my web sites, and when I deployed the jsp to accept the form data and
save the uploaded file to disk...it came up with the error "File cannot be saved". I
am using jspSmartUpload class to handle the multipart form data and to save the file
to disk, which can be downloaded from www.jspsmart.com
So I read the documentation and figured, the security manager might have to be enabled
with appropriate File IO permissions set for the directory to which I was trying to
save the file.
I proceeded to add the required "grant" directive in the catalina.policy file, and
when I started Tomcat with the security manager enabled....it wouldn't start! I
checked catalina.out and saw that Tomcat is not able to read server.xml. Here is the
stacktrace I found in catalina.out
Catalina.start: java.security.AccessControlException: access denied
(java.io.FilePermission /var/tomcat4/conf/server.xml read)
java.security.AccessControlException: access denied (java.io.FilePermission
/var/tomcat4/conf/server.xml read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkRead(SecurityManager.java:887)
at java.io.File.isDirectory(File.java:698)
at
sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:65)
at
sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:148)
at java.net.URL.openStream(URL.java:955)
at
org.apache.xerces.readers.DefaultReaderFactory.createReader(DefaultReaderFactory.java)
at
org.apache.xerces.readers.DefaultEntityHandler.startReadingFromDocument(DefaultEntityHandler.java)
at org.apache.xerces.framework.XMLParser.parseSomeSetup(XMLParser.java)
at org.apache.xerces.framework.XMLParser.parse(XMLParser.java)
at org.xml.sax.helpers.XMLReaderAdapter.parse(XMLReaderAdapter.java:223)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:314)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:253)
at org.apache.catalina.util.xml.XmlMapper.readXml(XmlMapper.java:228)
at org.apache.catalina.startup.Catalina.start(Catalina.java:725)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
Then, I found from the security manager howto on the web site, that if no security
manager is enabled, its just like giving all permissions...I am guessing this means
that in that case the operating system file permission system only will be in effect.
So I made the directory I wanted to save the file into, world writable, just to make
sure the OS is not preventing the save operation. Then started Tomcat without the
security manager...still the same result!
Now I am totally confused! What am I doing wrong?
Can anybody help me? Please?
Thanks and Regards
Harish
