log file.....:
policy:
policy: Adding policy entry:
policy: signedBy null
policy: codeBase file:../webapps/ROOT/WEB-INF/lib/site.jar!/-
policy:
policy: (java.security.AllPermission <all permissions> <all actions>)
policy:
Lloyd A Duke wrote:
Greetings, I am running Tomcat 4.03 on Win2k
I have recently started to run it with the -security flag.
I have added the following to my catalina.policy file to test.
grant codeBase "file:${catalina.home}/webapps/ROOT/WEB-INF/lib/site.jar!/-" {
permission java.security.AllPermission;
};
I have turned on the debugger.
It seems that my grant codeBase entry is not working.
from the debugger....
.......
access: access denied (java.net.SocketPermission localhost resolve)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:997)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:261)
at java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1042)
at java.net.InetAddress.getAllByName0(InetAddress.java:559)
at java.net.InetAddress.getAllByName0(InetAddress.java:540)
at java.net.InetAddress.getByName(InetAddress.java:449)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:261)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:281)
at sun.net.www.http.HttpClient.New(HttpClient.java:293)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:404)
at site.util.AppCaller.run(AppCaller.java:34)
at java.lang.Thread.run(Thread.java:484)
access: domain that failed ProtectionDomain (jar:file:C:/dev/jakarta-tomcat-4.0.3/webapps/ROOT/WEB-INF/lib/site.jar!/site/util/AppCaller.class <no certificates>)
java.security.Permissions@xxxxxx (
(java.util.PropertyPermission javax.sql.* read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission java.naming.* read)
(java.util.PropertyPermission java.home read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission jaxp.debug read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.vendor read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.lang.RuntimePermission accessClassInPackage.sun.beans.*)
(org.apache.naming.JndiPermission jndi:/localhost/WEB-INF/classes/*)
(org.apache.naming.JndiPermission jndi:/localhost/WEB-INF/lib/*)
(org.apache.naming.JndiPermission jndi:/localhost/*)
(java.io.FilePermission C:\dev\jakarta-tomcat-4.0.3\webapps\ROOT\WEB-INF\lib\site.jar read)
(java.io.FilePermission C:\dev\jakarta-tomcat-4.0.3\webapps\ROOT\- read)
(java.io.FilePermission C:\dev\jakarta-tomcat-4.0.3\webapps\ROOT\WEB-INF\lib\- read)
)
UGH...
I have tried explicitly adding Permissions. tried adding the specific class to the grant statement e.g.
file:${catalina.home}/webapps/ROOT/WEB-INF/lib/site.jar!/site/util/AppCaller.class
declaring the jar file without the ! appended to it.. giving only teh webapps dir in the grant statement...
nothing seems to work... any help??
--------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@xxxxxxxxxxxxxxxxxx For additional commands, e-mail: tomcat-user-help@xxxxxxxxxxxxxxxxxx
--------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@xxxxxxxxxxxxxxxxxx For additional commands, e-mail: tomcat-user-help@xxxxxxxxxxxxxxxxxx
