On Jun 3, 2009, at 11:09 PM, prasub wrote:
__________
OS: Linux Mint 6 (Felicia) - I suppose, it is built on Ubuntu 8.10
Tomcat version: Tomcat 6.0.18-ubuntu3.1 (from package manager)
__________
I usually issue the following command to restart the Tomcat Webserver.
mymach...@localhost /etc/init.d $ sudo ./tomcat6 restart
A grep on my tomcat6 for the security word yielded the following
result:
_____________
mylo...@mymachine /etc/init.d $ more tomcat6 | grep -i security
# Use the Java security manager? (yes/no)
TOMCAT6_SECURITY=yes
if [ "$TOMCAT6_SECURITY" = "yes" ]; then
JAVA_OPTS="$JAVA_OPTS -Djava.security.manager
-Djava.security.policy=$POLICY_CACHE"
_____________
I guess, I should be turning off security with the option "no". But
then, is
this the best way or do you recommend a better approach to let
xindice run
with proper permissions? If you suggest an alternative approach, can
you
please list out the steps to enable permissions for xindice. I
think, it
will be very useful to me as well as for someone else.
In fact there is an earlier discussion in this forum (i think so) that
touches the same issue. Except that, it didn't end up with how
exactly the
person (who had a similar issue with some earlier version of Tomcat)
cleaned
up/disabled the "security" word in his Tomcat startup script.
That's what I think your options are:
1. Run Xindice under Jetty. Jetty is a servlet container that's
included with Xindice distribution and can be started with "xindiced
start" command.
2. Turn off Tomcat's security manager. That option has security
implications, however, and would affect other applications deployed
under Tomcat.
3. Add new section to the security policy file to grant all
permissions to Xindice:
grant codeBase "file:${catalina.home}/webapps/xindice/-" {
permission java.security.AllPermission;
};
4. Add new section to the security policy file that grants only the
permissions that are required to run Xindice. This is the part of it:
grant codeBase "file:${catalina.home}/webapps/xindice/-" {
permission java.util.PropertyPermission "xindice.home", "read";
permission java.util.PropertyPermission "xindice.db.home", "read";
permission java.util.PropertyPermission "xindice.configuration",
"read";
permission java.util.PropertyPermission
"org.xmldb.common.xml.queries.XPathQueryFactory", "write";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.io.FilePermission "<<ALL FILES>>",
"read,write,delete";
};
This is not finished (was taking a bit longer than I thought :)), and
"<<ALL FILES>>" token has to be replaced with database location... But
you can get the picture.
The best approach, as always, depends on circumstances.
Regards,
Natalia
