You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Michele Mazzucco <Mi...@ncl.ac.uk> on 2006/11/20 17:22:06 UTC
SecurityManager problems
Hi all,
I need to provide a security manager in order to allow for dynamic
code downloading (my web service is using some rmi stuff). The policy
file is very simple:
grant {
permission java.security.AllPermission;
};
Nevertheless the system cannot start up. Should I use the tomcat
policy file instead?
Thanks in advance,
Michele
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: SecurityManager problems
Posted by Michele Mazzucco <Mi...@ncl.ac.uk>.
Some more details: I've tried to add the following lines to
catalina.policy:
grant codeBase "file:${catalina.home}/webapps/axis2/*" {
permission java.security.AllPermission;
};
but if I try to hit http://localhost:8080/axis2 I get this
SEVERE: Servlet /axis2 threw load() exception
java.security.AccessControlException: access denied
(java.io.FilePermission . read)
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:264)
at java.security.AccessController.checkPermission
(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.list(File.java:935)
at java.io.File.listFiles(File.java:1015)
at
org.apache.axis2.deployment.RepositoryListener.loadClassPathModules
(RepositoryListener.java:105)
at org.apache.axis2.deployment.RepositoryListener.<init>
(RepositoryListener.java:56)
at org.apache.axis2.deployment.DeploymentEngine.loadFromClassPath
(DeploymentEngine.java:120)
at
org.apache.axis2.deployment.WarBasedAxisConfigurator.getAxisConfiguratio
n(WarBasedAxisConfigurator.java:220)
at
org.apache.axis2.context.ConfigurationContextFactory.createConfiguration
Context(ConfigurationContextFactory.java:61)
at org.apache.axis2.transport.http.AxisServlet.initConfigContext
(AxisServlet.java:373)
at org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:
317)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:
243)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute
(SecurityUtil.java:275)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege
(SecurityUtil.java:161)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege
(SecurityUtil.java:114)
at org.apache.catalina.core.StandardWrapper.loadServlet
(StandardWrapper.java:1099)
at org.apache.catalina.core.StandardWrapper.load
(StandardWrapper.java:932)
at org.apache.catalina.core.StandardContext.loadOnStartup
(StandardContext.java:3951)
at org.apache.catalina.core.StandardContext.start
(StandardContext.java:4225)
at org.apache.catalina.core.ContainerBase.addChildInternal
(ContainerBase.java:759)
at org.apache.catalina.core.ContainerBase.access$000
(ContainerBase.java:121)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run
(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild
(ContainerBase.java:737)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:
524)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:
809)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:
698)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:
472)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
at org.apache.catalina.startup.HostConfig.lifecycleEvent
(HostConfig.java:310)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent
(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:
1021)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:
1013)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:
442)
at org.apache.catalina.core.StandardService.start
(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:
709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Nov 20, 2006 4:46:21 PM org.apache.catalina.core.ApplicationContext log
INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain:
[org.apache.webapp.balancer.RuleChain:
[org.apache.webapp.balancer.rules.URLStringMatchRule: Target string:
News / Redirect URL: http://www.cnn.com],
[org.apache.webapp.balancer.rules.RequestParameterRule: Target param
name: paramName / Target param value: paramValue / Redirect URL:
http://www.yahoo.com],
[org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL:
http://jakarta.apache.org]]
Nov 20, 2006 4:46:22 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Nov 20, 2006 4:46:22 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Nov 20, 2006 4:46:23 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Nov 20, 2006 4:46:23 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Nov 20, 2006 4:46:50 PM org.apache.catalina.core.StandardWrapperValve
invoke
SEVERE: Servlet.service() for servlet jsp threw exception
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
accessClassInPackage.org.apache.jasper.compiler)
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:264)
at java.security.AccessController.checkPermission
(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:
1512)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at org.apache.jasper.xmlparser.MyEntityResolver.resolveEntity
(ParserUtils.java:205)
at org.apache.xerces.util.EntityResolverWrapper.resolveEntity
(Unknown Source)
at org.apache.xerces.impl.XMLEntityManager.resolveEntity(Unknown
Source)
at org.apache.xerces.impl.XMLDocumentScannerImpl
$DTDDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument
(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at org.apache.jasper.xmlparser.ParserUtils.parseXMLDocument
(ParserUtils.java:95)
at org.apache.jasper.compiler.JspConfig.processWebDotXml
(JspConfig.java:76)
at org.apache.jasper.compiler.JspConfig.init(JspConfig.java:197)
at org.apache.jasper.compiler.JspConfig.findJspProperty
(JspConfig.java:249)
at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:112)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:295)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:276)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:264)
at org.apache.jasper.JspCompilationContext.compile
(JspCompilationContext.java:563)
at org.apache.jasper.servlet.JspServletWrapper.service
(JspServletWrapper.java:305)
at org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:314)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:
243)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute
(SecurityUtil.java:275)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege
(SecurityUtil.java:161)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:245)
at org.apache.catalina.core.ApplicationFilterChain.access$000
(ApplicationFilterChain.java:50)
at org.apache.catalina.core.ApplicationFilterChain$1.run
(ApplicationFilterChain.java:156)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:152)
at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol
$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket
(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt
(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:613)
Nov 20, 2006 4:46:50 PM
org.apache.catalina.core.ApplicationDispatcher invoke
SEVERE: Servlet.service() for servlet jsp threw exception
org.xml.sax.SAXException: Internal Error: File /javax/servlet/
resources/web-app_2_3.dtd not found
at org.apache.jasper.xmlparser.MyEntityResolver.resolveEntity
(ParserUtils.java:205)
at org.apache.xerces.util.EntityResolverWrapper.resolveEntity
(Unknown Source)
at org.apache.xerces.impl.XMLEntityManager.resolveEntity(Unknown
Source)
at org.apache.xerces.impl.XMLDocumentScannerImpl
$DTDDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument
(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at org.apache.jasper.xmlparser.ParserUtils.parseXMLDocument
(ParserUtils.java:95)
at org.apache.jasper.compiler.JspConfig.processWebDotXml
(JspConfig.java:76)
at org.apache.jasper.compiler.JspConfig.init(JspConfig.java:197)
at org.apache.jasper.compiler.JspConfig.findJspProperty
(JspConfig.java:249)
at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:112)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:295)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:276)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:264)
at org.apache.jasper.JspCompilationContext.compile
(JspCompilationContext.java:563)
at org.apache.jasper.servlet.JspServletWrapper.service
(JspServletWrapper.java:305)
at org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:314)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:
243)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute
(SecurityUtil.java:275)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege
(SecurityUtil.java:161)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:245)
at org.apache.catalina.core.ApplicationFilterChain.access$000
(ApplicationFilterChain.java:50)
at org.apache.catalina.core.ApplicationFilterChain$1.run
(ApplicationFilterChain.java:156)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:152)
at org.apache.catalina.core.ApplicationDispatcher.invoke
(ApplicationDispatcher.java:672)
at org.apache.catalina.core.ApplicationDispatcher.processRequest
(ApplicationDispatcher.java:465)
at org.apache.catalina.core.ApplicationDispatcher.doForward
(ApplicationDispatcher.java:398)
at org.apache.catalina.core.ApplicationDispatcher.access$000
(ApplicationDispatcher.java:66)
at org.apache.catalina.core.ApplicationDispatcher
$PrivilegedForward.run(ApplicationDispatcher.java:81)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationDispatcher.forward
(ApplicationDispatcher.java:293)
at org.apache.catalina.core.StandardHostValve.custom
(StandardHostValve.java:363)
at org.apache.catalina.core.StandardHostValve.status
(StandardHostValve.java:284)
at org.apache.catalina.core.StandardHostValve.throwable
(StandardHostValve.java:228)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:134)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol
$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket
(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt
(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:613)
Nov 20, 2006 4:46:50 PM org.apache.catalina.core.StandardHostValve
custom
SEVERE: Exception Processing ErrorPage[errorCode=500, location=/axis2-
web/Error/error500.jsp]
org.apache.jasper.JasperException: XML parsing error on file /WEB-INF/
web.xml
at org.apache.jasper.servlet.JspServletWrapper.handleJspException
(JspServletWrapper.java:512)
at org.apache.jasper.servlet.JspServletWrapper.service
(JspServletWrapper.java:377)
at org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:314)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:
243)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute
(SecurityUtil.java:275)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege
(SecurityUtil.java:161)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:245)
at org.apache.catalina.core.ApplicationFilterChain.access$000
(ApplicationFilterChain.java:50)
at org.apache.catalina.core.ApplicationFilterChain$1.run
(ApplicationFilterChain.java:156)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:152)
at org.apache.catalina.core.ApplicationDispatcher.invoke
(ApplicationDispatcher.java:672)
at org.apache.catalina.core.ApplicationDispatcher.processRequest
(ApplicationDispatcher.java:465)
at org.apache.catalina.core.ApplicationDispatcher.doForward
(ApplicationDispatcher.java:398)
at org.apache.catalina.core.ApplicationDispatcher.access$000
(ApplicationDispatcher.java:66)
at org.apache.catalina.core.ApplicationDispatcher
$PrivilegedForward.run(ApplicationDispatcher.java:81)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationDispatcher.forward
(ApplicationDispatcher.java:293)
at org.apache.catalina.core.StandardHostValve.custom
(StandardHostValve.java:363)
at org.apache.catalina.core.StandardHostValve.status
(StandardHostValve.java:284)
at org.apache.catalina.core.StandardHostValve.throwable
(StandardHostValve.java:228)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:134)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol
$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket
(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt
(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:613)
Where is the mistake?
Michele
On 20 Nov 2006, at 16:22, Michele Mazzucco wrote:
> Hi all,
>
> I need to provide a security manager in order to allow for dynamic
> code downloading (my web service is using some rmi stuff). The
> policy file is very simple:
>
> grant {
> permission java.security.AllPermission;
> };
>
> Nevertheless the system cannot start up. Should I use the tomcat
> policy file instead?
>
>
> Thanks in advance,
> Michele
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org