Re: problems start cyclos in Tomcat with secutrity manager

stefan-b Thu, 15 Jul 2010 01:51:28 -0700


awarnier wrote:
> 
> stefan-b wrote:
>> Hello,
>> I hope you can help.
>> 
>> I've installed cyclos (http://project.cyclos.org) on my tomcat5.5 running
>> on
>> debian lenny on amd64Bit Machine.
>> A Mail to the Cyclos Team itself gets no answer since a week and the
>> Cyclos
>> Forum is nearly dead :(
>> 
>> With an disabled security manager all works fine.
>> The Manager was disabled in /etc/init.d/tomcat5.5
>> 
> To make a long story short, I do not think that there is any problem in
> disabling the 
> security manager, if you trust the webapps that you install on your
> server.
> It is another matter entirely if you are going to allow other people to
> load and install 
> webapps on it.
> Finding out which specific permissions you need to grant to an application
> which you do 
> not entirely know, can be a long and frustrating experience, and may well
> come to the same 
> thing anyway in the end, given a complex application.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
>


Very thanks for your quik answer.
I now understand the sense of the security manager. It should save users
from other users if there are more then one User has access to create
webapps.

I seems that there is no chance to get cyclos working with enabled security
manager.
However...

I found some help here:
http://publib.boulder.ibm.com/infocenter/wasinfo/v4r0/index.jsp?topic=/com.ibm.websphere.v4.doc/wasa_content/050107.html

and added this lines to /etc/tomcat5.5/policy.d/50user.policy:
-----------------
grant {
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "setIO";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "stopThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "readFileDescriptor";
permission java.lang.RuntimePermission "writeFileDescriptor";
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "defineClassInPackage.*";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.io.FilePermission "<<ALL FILES>>",
"read,write,execute,delete";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.net.SocketPermission "*", "connect";
permission javax.xml.ws.WebServicePermission "publishEndpoint";
permission java.util.PropertyPermission "*", "read,write";
};
-----------------

... and enabled nearly everything free that is possible or in fact disabled
the security manager.
The end of the Story is at final a nullPointerException on
LifecycleListener.contextInitialized():

-----------------
ERROR LifecycleListener - Error on
LifecycleListener.contextInitialized()#012java.lang.NullPointerException#012#011at
nl.strohalm.cyclos.utils.SettingsHelper.storeLocalSettings(SettingsHelper.java:125)#012#011at
nl.strohalm.cyclos.http.lifecycle.SettingsInitialization.init(SettingsInitialization.java:47)#012#011at
nl.strohalm.cyclos.http.LifecycleListener$2.doInTransactionWithoutResult(LifecycleListener.java:199)#012#011at
org.springframework.transaction.support.TransactionCallbackWithoutResult.doInTransaction(TransactionCallbackWithoutResult.java:33)#012#011at
org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.run(LifecycleListener.java:194)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.runAll(LifecycleListener.java:217)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.contextInitialized(LifecycleListener.java:138)#012#011at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)#012#011at
org.apache.catalina.core.StandardCo 
Jul 15 16:45:07 srv097 jsvc.exec[17567]:
ntext.start(StandardContext.java:4216)#012#011at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)#012#011at
org.apache.catalina.core.ContainerBase.access$0(ContainerBase.java:744)#012#011at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:144)#012#011at
java.security.AccessController.doPrivileged(Native Method)#012#011at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:738)#012#011at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)#012#011at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)#012#011at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)#012#011at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)#012#011at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)#012#011at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)#012#011at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)#012#011at
org.apache.catalina.core.ContainerBase                                          
                                                                                
                                                    
Jul 15 16:45:07 srv097 jsvc.exec[17567]:
.start(ContainerBase.java:1022)#012#011at
org.apache.catalina.core.StandardHost.start(StandardHost.java:736)#012#011at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)#012#011at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)#012#011at
org.apache.catalina.core.StandardService.start(StandardService.java:448)#012#011at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)#012#011at
org.apache.catalina.startup.Catalina.start(Catalina.java:552)#012#011at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)#012#011at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)#012#011at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)#012#011at
java.lang.reflect.Method.invoke(Method.java:597)#012#011at
org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)#012#011at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)#012#011at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)#012#011at
sun.reflect.DelegatingMethodAccessorImpl.invok                                  
                                                                                
                                                      
Jul 15 16:45:07 srv097 jsvc.exec[17567]:
e(DelegatingMethodAccessorImpl.java:25)#012#011at
java.lang.reflect.Method.invoke(Method.java:597)#012#011at
org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)     
                                                                                
                                                                  
Jul 15 16:45:07 srv097 jsvc.exec[17567]: 16:45:07,269 ERROR
[/banks-of-community] - Exception sending context initialized event to
listener instance of class
nl.strohalm.cyclos.http.LifecycleListener#012java.lang.RuntimeException:
java.lang.NullPointerException#012#011at
nl.strohalm.cyclos.http.LifecycleListener.contextInitialized(LifecycleListener.java:144)#012#011at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)#012#011at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)#012#011at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)#012#011at
org.apache.catalina.core.ContainerBase.access$0(ContainerBase.java:744)#012#011at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:144)#012#011at
java.security.AccessController.doPrivileged(Native Method)#012#011at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:738)#012#011at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)#012#011at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)#012#011at
o                                                                               
                                                                                
                        
Jul 15 16:45:07 srv097 jsvc.exec[17567]:
rg.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)#012#011at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)#012#011at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)#012#011at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)#012#011at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)#012#011at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)#012#011at
org.apache.catalina.core.StandardHost.start(StandardHost.java:736)#012#011at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)#012#011at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)#012#011at
org.apache.catalina.core.StandardService.start(StandardService.java:448)#012#011at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)#012#011at
org.apache.catalina.startup.Catalina.start(Catalina.java:552)#012#011at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)#012#011at
sun.reflect.NativeMethodAccessorImpl.invoke(Nativ                               
                                                                                
                                                               
Jul 15 16:45:07 srv097 jsvc.exec[17567]:
eMethodAccessorImpl.java:39)#012#011at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)#012#011at
java.lang.reflect.Method.invoke(Method.java:597)#012#011at
org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)#012#011at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)#012#011at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)#012#011at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)#012#011at
java.lang.reflect.Method.invoke(Method.java:597)#012#011at
org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)#012Caused
by: java.lang.NullPointerException#012#011at
nl.strohalm.cyclos.utils.SettingsHelper.storeLocalSettings(SettingsHelper.java:125)#012#011at
nl.strohalm.cyclos.http.lifecycle.SettingsInitialization.init(SettingsInitialization.java:47)#012#011at
nl.strohalm.cyclos.http.LifecycleListener$2.doInTransactionWithoutResult(LifecycleListener.java:199)#012#011at
org.springframework.transaction.support.TransactionCallbackWithoutResult.doIn   
                                                                                
                                                                                
              
Jul 15 16:45:07 srv097 jsvc.exec[17567]:
Transaction(TransactionCallbackWithoutResult.java:33)#012#011at
org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:127)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.run(LifecycleListener.java:194)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.runAll(LifecycleListener.java:217)#012#011at
nl.strohalm.cyclos.http.LifecycleListener.contextInitialized(LifecycleListener.java:138)#012#011...
31 more                                                                         
Jul 15 16:45:07 srv097 jsvc.exec[17567]: Jul 15, 2010 4:45:07 PM
org.apache.catalina.core.StandardContext start#012SEVERE: Error
listenerStart                                              
Jul 15 16:45:07 srv097 jsvc.exec[17567]: Jul 15, 2010 4:45:07 PM
org.apache.catalina.core.StandardContext start#012SEVERE: Context
[/banks-of-community] startup failed due to previous errors
-----------------

So it seems, there is no way to run Cyclos with security Manager enabled -
else you have a solve for the problem above.
At the other Hand it is of course very careless to run other tomcat apps
while a financial Software is running in it.

My solve at this point is to disable security Manager and forbid running
other apps on the tomcat Server.
I think this is an elegant solution.

In this case - if you have a solution for the problem above I would be very
obliged else thanks at all and with best regards

Stefan B













-- 
View this message in context: 
http://old.nabble.com/problems-start-cyclos-in-Tomcat-with-secutrity-manager-tp29166853p29170658.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: problems start cyclos in Tomcat with secutrity manager

Reply via email to