Alejandro Garcia wrote:
Hi,
I have a problem with the Catalina’s security manager.
We are using Tomcat 6, with JDK 6 and JSF 2.1 with Spring, JPA and ICEFaces. My
app works very well when I run my app with the security manager disable.
The problem presents when I enable the security manager of Tomcat. My app fails
when Tomcat start giving me the next log:
INFO: Checking whether login URL '/security/login.jsf' is accessible with your
configuration
8/05/2013 12:29:11 PM org.springframework.web.context.ContextLoader
initWebApplicationContext
INFO: Root WebApplicationContext: initialization completed in 1969 ms
8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start
SEVERE: Falló en arranque del Contexto [/WebRed] debido a errores previos
8/05/2013 12:29:11 PM com.sun.faces.config.ConfigureListener contextDestroyed
SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime
java.lang.NullPointerException
at
com.sun.faces.config.ConfigureListener.getInitFacesContext(ConfigureListener.java:740)
at
com.sun.faces.config.ConfigureListener.contextDestroyed(ConfigureListener.java:300)
at
org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4245)
at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4886)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4750)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:146)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:777)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:943)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:563)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1399)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:762)
at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1500)
at
org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:252)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at
org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:194)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:250)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
The app works very when I put this line in the Catalina.policy
grant codeBase "file:${catalina.home}/webapps/WebRed/-" {
permission java.security.AllPermission;
};
There was other errors because the permissions, but I have been add some and
the lines are the next:
grant codeBase "file:${catalina.home}/webapps/WebRed/-" {
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager.util";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.core";
permission java.lang.RuntimePermission
"accessClassInPackage.org.springframework.web.context";
permission java.lang.RuntimePermission
"accessClassInPackage.org.springframework.web.context.request";
permission java.lang.RuntimePermission
"accessClassInPackage.org.springframework.web.filter";
permission java.lang.RuntimePermission
"accessClassInPackage.com.sun.faces.config";
permission java.lang.RuntimePermission "accessClassInPackage.org.icefaces.util";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission org.apache.naming.JndiPermission "jndi://localhost/WebRed/*";
permission java.io.FilePermission "/WebRed", "read";
permission java.io.FilePermission "${catalina.home}/webapps/WebRed",
"read,write";
permission java.io.FilePermission "${catalina.home}/webapps/WebRed/-",
"read,write,delete";
permission java.util.PropertyPermission
"org.apache.commons.logging.LogFactory.HashtableImpl", "read";
permission java.util.PropertyPermission "org.springframework.web.context.request",
"read";
permission java.util.PropertyPermission "org.springframework.web.servlet",
"read";
permission java.util.PropertyPermission "org.springframework.web.context", "read";
permission java.util.PropertyPermission "org.apache.catalina.manager.util", "read";
permission java.util.PropertyPermission "org.apache.catalina.manager", "read";
permission java.util.PropertyPermission "org.apache.catalina", "read";
permission java.util.PropertyPermission "org.apache.catalina.core", "read";
permission java.util.PropertyPermission "spring.security.strategy", "read";
permission java.util.PropertyPermission "com.icesoft.faces.webapp", "read";
permission java.util.PropertyPermission "com.sun.faces.config", "read";
permission java.util.PropertyPermission "javax.faces.webapp", "read";
permission java.util.PropertyPermission "catalina.base", "read";
permission java.util.PropertyPermission "org.icefaces.util", "read";
};
But still the app not works and I do not know what other permissions it needs
to run.
As I mentioned I think it’s only permission that are requiered, because with
“java.security.AllPermission;” works very well.
Maybe the first question should be : why do you want to run this with the
Security Manager ?
As far as I understand this, the SM only really helps, if otherwise unsecure applications
can be deployed within your JVM. Is that the case, or do you know and control all the
applications from the start ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
