Re: ODE/Tomcat Setup with java security manager enabled

Tue, 09 Dec 2008 11:36:27 -0800

Ok, then I think I'm supposed to learn more about the tomcat sandbox before investigating that feature. When I found out more and think it's worth the work I'm going to tell you over the ode list. 

Thanks for your help

chris
----- Original Message ----- From: "Alex Boisvert" <[EMAIL PROTECTED]> 
To: <[email protected]>
Sent: Tuesday, December 09, 2008 8:33 PM
Subject: Re: ODE/Tomcat Setup with java security manager enabled
Understood; but if it means no webapps can read/write to disk, then there's 
a problem.  I think you're the first to try to run Ode in this
configuration. We would need to understand the limitations when running in 
that mode and address each issue individually.   Whether it's worth it or
not, I don't know.

alex


On Tue, Dec 9, 2008 at 11:26 AM, Christian Fonden <
[EMAIL PROTECTED]> wrote:


Hi Alex,

it seems that the java security manager is enabled with that flag.

In my oppinion  this is something similar to a sandbox for java code
running as a servlet, hosted by the tomcat webserver.
In the past two years I worked with the Microsoft IIS Webserver and I think the java security manager can be compared with the dotnet CLR runtime of a 
dotnet web app hosted in the IIS.

Please correct me if I'm wrong....


greets
Chris

----- Original Message ----- From: "Alex Boisvert" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, December 08, 2008 7:44 PM
Subject: Re: ODE/Tomcat Setup with java security manager enabled



 What does the TOMCAT5_SECURITY setting actually do?


alex

On Mon, Dec 8, 2008 at 5:08 AM, Christian Fonden <
[EMAIL PROTECTED]> wrote:

 Hello ODE users list,


I'm new to Apache ODE and Tomcat and just have set up ODE successfully
under debian linux.

During the Setup process I encountered the following Exception Stack
Trace
when trying to access the ODE Url:
org.apache.jasper.JasperException: access denied
(java.lang.RuntimePermission

accessClassInPackage.org.apache.jasper.compiler)

org.apache.jasper.compiler.JspConfig.processWebDotXml(JspConfig.java:185)
 org.apache.jasper.compiler.JspConfig.init(JspConfig.java:198)

Causing an HTTP 500 Error.
When turning off the Tomcat Security settings in the /etc/init.d/tomcat55 
startup script
in
# Use the Java security manager? (yes/no)
 TOMCAT5_SECURITY=yes (changed to no later)

everything works fine. The axis2 start page is loading correctly when
accessing the ODE url.

As turning off the TOMCAT5_SECURITY setting does not seem to be a very
trustworthy solution, my question is:

How can I get ODE working without turning off that option in the tomcat
settings.


greets
Chris

Reply via email to