On 09/05/2022 16:23, Chavez Ortiz, Oscar (Externo) wrote:
Hello Mark, thank you for your answer.
- With Security reasons i mean from head quarters the server must be certified
by accomplishing a set of security hardening rules. One of those is Security
Manager.
It would be worth making sure they are aware that the security manager
is going away eventually.
- In this case our system uses Tomcat 9.0.58, at this moment newer versions of
Tomcat are not recommended by SAP.
There haven't been any recent changes I can think of related to the
security manager so I don't think that running a slightly older version
than the latest is going to be a factor in this instance.
- Actually the Windows Server 2016 (which hosts the SAP BO System) is a VM but
as i've said it must be certified on Hardening Security.
The security manager probably isn't gaining you that much then. Run
Tomcat under an appropriately locked down OS user and you'll get most of
the benefits.
- I just have launched Tomcat with -Djava.security.debug=access,failure option
and after checked log file there aren't any AccessControlException error in it.
That wasn't what I was expecting.
A few things to try.
The 500 error should trigger an entry in a log somewhere. What does that
log entry say?
You could try "-Djava.security.debug=all" but that is likely to be very
verbose.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
