Hi,
I have a problem with the Catalina’s security manager.
We are using Tomcat 6, with JDK 6 and JSF 2.1 with Spring, JPA and ICEFaces. My
app works very well when I run my app with the security manager disable.
The problem presents when I enable the security manager of Tomcat. My app fails
when Tomcat start giving me the next log:
INFO: Checking whether login URL '/security/login.jsf' is accessible with your
configuration
8/05/2013 12:29:11 PM org.springframework.web.context.ContextLoader
initWebApplicationContext
INFO: Root WebApplicationContext: initialization completed in 1969 ms
8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start
SEVERE: Falló en arranque del Contexto [/WebRed] debido a errores previos
8/05/2013 12:29:11 PM com.sun.faces.config.ConfigureListener contextDestroyed
SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime
java.lang.NullPointerException
at
com.sun.faces.config.ConfigureListener.getInitFacesContext(ConfigureListener.java:740)
at
com.sun.faces.config.ConfigureListener.contextDestroyed(ConfigureListener.java:300)
at
org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4245)
at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4886)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4750)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:146)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:777)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:943)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:563)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1399)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:762)
at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1500)
at
org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:252)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at
org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:194)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:250)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
The app works very when I put this line in the Catalina.policy
grant codeBase "file:${catalina.home}/webapps/WebRed/-" {
permission java.security.AllPermission;
};
There was other errors because the permissions, but I have been add some and
the lines are the next:
grant codeBase "file:${catalina.home}/webapps/WebRed/-" {
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager.util";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.core";
permission java.lang.RuntimePermission
"accessClassInPackage.org.springframework.web.context";
permission java.lang.RuntimePermission
"accessClassInPackage.org.springframework.web.context.request";
permission java.lang.RuntimePermission
"accessClassInPackage.org.springframework.web.filter";
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.faces.config";
permission java.lang.RuntimePermission "accessClassInPackage.org.icefaces.util";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission org.apache.naming.JndiPermission "jndi://localhost/WebRed/*";
permission java.io.FilePermission "/WebRed", "read";
permission java.io.FilePermission "${catalina.home}/webapps/WebRed",
"read,write";
permission java.io.FilePermission "${catalina.home}/webapps/WebRed/-",
"read,write,delete";
permission java.util.PropertyPermission
"org.apache.commons.logging.LogFactory.HashtableImpl", "read";
permission java.util.PropertyPermission
"org.springframework.web.context.request", "read";
permission java.util.PropertyPermission "org.springframework.web.servlet",
"read";
permission java.util.PropertyPermission "org.springframework.web.context",
"read";
permission java.util.PropertyPermission "org.apache.catalina.manager.util",
"read";
permission java.util.PropertyPermission "org.apache.catalina.manager", "read";
permission java.util.PropertyPermission "org.apache.catalina", "read";
permission java.util.PropertyPermission "org.apache.catalina.core", "read";
permission java.util.PropertyPermission "spring.security.strategy", "read";
permission java.util.PropertyPermission "com.icesoft.faces.webapp", "read";
permission java.util.PropertyPermission "com.sun.faces.config", "read";
permission java.util.PropertyPermission "javax.faces.webapp", "read";
permission java.util.PropertyPermission "catalina.base", "read";
permission java.util.PropertyPermission "org.icefaces.util", "read";
};
But still the app not works and I do not know what other permissions it needs
to run.
As I mentioned I think it’s only permission that are requiered, because with
“java.security.AllPermission;” works very well.
Thank you
