Security Manager Exception

Wed, 23 Jul 2014 08:49:59 -0700 

On 7/22/2014 11:04 AM, George Sexton wrote:
I'm using Tomcat 7.0.54 with the security manager. I'm getting an exception I don't understand: 


2014-07-22 09:27:03,934 [http-bio-80-exec-64] ERROR 
org.apache.catalina.core.ContainerBase.[Catalina].[somehostname.mhsoftware.com].[/].[jsp]- 
Servlet.service() for servlet [jsp] in context with path [] threw 
exception [java.security.AccessControlException: access denied 
("java.lang.RuntimePermission" "getClassLoader")] with root cause
java.security.AccessControlException: access denied 
("java.lang.RuntimePermission" "getClassLoader")
        at java.security.AccessControlContext.checkPermission(Unknown 
Source)

        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)

        at java.lang.ClassLoader.checkClassLoaderPermission(Unknown 
Source)

        at java.lang.ClassLoader.getParent(Unknown Source)

        at 
org.apache.juli.ClassLoaderLogManager.findProperty(ClassLoaderLogManager.java:295)
        at 
org.apache.juli.ClassLoaderLogManager.getProperty(ClassLoaderLogManager.java:266)
        at 
org.apache.juli.ClassLoaderLogManager.addLogger(ClassLoaderLogManager.java:144)

        at java.util.logging.LogManager.demandLogger(Unknown Source)
        at java.util.logging.Logger.demandLogger(Unknown Source)
        at java.util.logging.Logger.getLogger(Unknown Source)
        at com.sun.mail.util.MailLogger.<init>(MailLogger.java:115)
        at javax.mail.Session.initLogger(Session.java:226)
        at javax.mail.Session.<init>(Session.java:210)
        at javax.mail.Session.getInstance(Session.java:247)
        at com.MHSoftware.net.mail.MHMail.sendSMTP(MHMail.java:470)



Line 144 of ClassLoaderLogManager is the addLogger method trying to 
read the .level property for the logger being created.



The catalina.policy is pretty much the stock one. I'm confused because 
the catalina.policy has:


grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
    permission java.lang.RuntimePermission "getClassLoader";


The page in question that's erroring out is a JSP that's calling a 
per-context jar. The hierarchy looks something like:


JSP ->
context/WEB-INF/lib/jar Class File ->
$CATALINA_BASE/lib/ MH Software.jar ->
$CATALINA_BASE javax.mail.jar ->
$CATALINA_HOME/bin/tomcat-juli.jar

$CATALINA_BASE/lib, has the grant for java.security.AllPermission;


I don't know if this makes a difference, but I'm using log4j, and 
following the instructions here:


http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j

I've made $CATALINA_BASE/conf/logging.properties an empty file.


Finally, it SEEMS to only be happening in JSP files. calls directly 
from classes in the context jar file don't seem to be failing.



If anyone could point me in the right direction, I would really 
appreciate it.






Have you granted permissions to the classes in WEB-INF?

-Terence Bandoian


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to