2012/8/31 Ragini <raginippa...@gmail.com>:
> Hi all,
>
> I am trying to run JSF-JAAS based sample application which is here.
> (http://www.ixtendo.com/secure-your-jsf-application-with-jaas/)
>
> I want to just use the application so just deployed jjwa.war file in
> web-apps directory of tomcat.
>
> Profiling tomcat:-
> I use tomcat 7.0 version.
There about 30 different versions of Tomcat 7.
> I try to profile tomcat so have added some
> parameters to setenv.sh. So I start tomcat by ./startup.sh. In browser I
> access web application. perform some actions in it. then I stop the server
> by ./shutdown.sh. After this the profiler dumps the output. This is how
> profiling of tomcat works for me in general.
>
> Now As I want to use this jjwa sample application I specified above, As the
> author has said I have added following thind to my catalina.policy file,
>
> grant codeBase "file:${catalina.home}/webapps/jjwa/-" {
Web applications are located in ${catalina.base}, not home.
> permission java.util.PropertyPermission "*", "read,write";
> permission javax.security.auth.AuthPermission "modifyPrincipals";
> permission javax.security.auth.AuthPermission "modifyPublicCredentials";
> permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
> permission javax.security.auth.AuthPermission "createLoginContext.*";
> permission javax.security.auth.AuthPermission "doAs";
> permission javax.security.auth.AuthPermission "doAsPrivileged";
> permission javax.security.auth.AuthPermission "getSubject";
> permission java.security.SecurityPermission "setPolicy";
> permission java.security.SecurityPermission "getPolicy";
> permission java.lang.RuntimePermission "accessClassInPackage.*";
> permission java.lang.RuntimePermission "getProtectionDomain";
> permission java.lang.RuntimePermission "loadLibrary.*";
> permission java.lang.RuntimePermission "modifyThread";
> permission java.lang.RuntimePermission "createClassLoader";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> permission java.net.SocketPermission "*:*", "accept,connect,resolve";
> permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
> permission java.lang.RuntimePermission "setContextClassLoader";
> permission java.lang.RuntimePermission "getClassLoader";
> permission java.io.FilePermission "<>", "read";
Socket permission for any address, and a lot of other permissions?
Is there anything substantial that is not allowed with the above?
> };
>
> I have set up my database also as said by the author.
>
> *Next the author asks to start the server by "/catalina.sh run -security/".
> When I do that I get "catalina.sh run -security catalina.sh: command not
> found". but when I try to run it by "sh talina.sh run -security", it throws
> some exception
> but server gets started and then I am able to access the application the
> author has said. I end the process(to stop the server) in terminal by
> pressing ctrl+c and it stops. But in this way I dont get any output from the
> profiler I use.
> which I actually need. So my questions are as follow:
>
> 1) what does the/"catalina.sh run -security/" or "sh talina.sh run
> -security" command exactly do ?
Adds additional arguments to the command that launches the java executable.
You may see the details if you read the catalina.sh script itself.
BTW, there is a comment at the top of the file.
> 2) what difference it makes when I start tomcat by runninf catalina.sh or
> startup.sh ?
startup.sh just calls "catalina.sh start "$@"".
Nothing more. It just adds one argument to the command line. The rest
is performed by catalina.sh script.
> 3) How should I actually start the tomcat to run the application with
> security ? and getting it profiles too ?*
The profiler will also be affected by the security manager. You have
to add permissions (I do not know which ones) to allow it to work.
That is a question about your profiler (what it requires for its
work)), Tomcat has little to do with it.
Do you really need to run with SecurityManager being enabled?
> I am new to tomcat and dont understand a lot the script files of it.
>
Tomcat is a java application, so what is important is the command line
for java executable. The scripts build that command line from a
number of human-friendly options. They are not Tomcat itself.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
