You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Baernreuther Rainer <ra...@siemens.com> on 2002/11/04 15:10:52 UTC
Security Manager and Axis
Hi all,
I installed Axis V1.0 on my Tomcat 4.0.1 server by simply copying the axis
directory into my webapps directory. If I start Tomcat without a Security
Manager everything works fine. The trouble begins when the Security Manager
comes into play. During the starting process of Tomcat I get two error
messages from the Security Manager which I cannot explain. The first points
to missing RuntimePermission for requesting Class Loaders:
access: access denied (java.lang.RuntimePermission getClassLoader)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1071)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:259)
at
java.security.AccessController.checkPermission(AccessController.java:401)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1038)
at
org.apache.commons.discovery.jdk.JDK12Hooks.getSystemClassLoader(JDK12Hooks.
java:114)
at
org.apache.commons.discovery.resource.ClassLoaders.getLibLoaders(ClassLoader
s.java:176)
at
org.apache.commons.discovery.tools.DiscoverClass.find(DiscoverClass.java:355
)
at
org.apache.commons.discovery.tools.DiscoverClass.newInstance(DiscoverClass.j
ava:579)
at
org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.
java:418)
at
org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.
java:378)
at
org.apache.axis.components.logger.LogFactory$1.run(LogFactory.java:84)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.axis.components.logger.LogFactory.getLogFactory(LogFactory.java:8
0)
at
org.apache.axis.components.logger.LogFactory.<clinit>(LogFactory.java:72)
at
org.apache.axis.transport.http.AxisServlet.<clinit>(AxisServlet.java:101)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:130)
at
org.apache.axis.transport.http.AxisServletBase.class$(AxisServletBase.java:8
7)
at
org.apache.axis.transport.http.AxisServletBase.<clinit>(AxisServletBase.java
:94)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAcces
sorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstruc
torAccessorImpl.java:27
)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:296)
at java.lang.Class.newInstance(Class.java:249)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:820)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:
3267)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:3384)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:785)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:454)
at
org.apache.catalina.core.StandardHost.install(StandardHost.java:712)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:599)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:777)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:463)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor
t.java:155)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1131)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:612)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:307)
at
org.apache.catalina.core.StandardService.start(StandardService.java:388)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:505)
at org.apache.catalina.startup.Catalina.start(Catalina.java:776)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
The second failure points to a missing property permission:
access: access denied (java.util.PropertyPermission
org.apache.commons.discovery.log.level read)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1071)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:259)
at
java.security.AccessController.checkPermission(AccessController.java:401)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1291)
at java.lang.System.getProperty(System.java:572)
at
org.apache.commons.discovery.log.SimpleLog.<clinit>(SimpleLog.java:155)
at
org.apache.commons.discovery.log.DiscoveryLogFactory._newLog(DiscoveryLogFac
tory.java:142)
at
org.apache.commons.discovery.log.DiscoveryLogFactory.<clinit>(DiscoveryLogFa
ctory.java:105)
at
org.apache.commons.discovery.resource.DiscoverResources.<clinit>(DiscoverRes
ources.java:82)
at
org.apache.commons.discovery.tools.ResourceUtils.getResource(ResourceUtils.j
ava:122)
at
org.apache.commons.discovery.tools.ResourceUtils.loadProperties(ResourceUtil
s.java:175)
at
org.apache.commons.discovery.tools.PropertiesHolder.getProperties(Properties
Holder.java:102)
at
org.apache.commons.discovery.tools.DiscoverClass.find(DiscoverClass.java:360
)
at
org.apache.commons.discovery.tools.DiscoverClass.newInstance(DiscoverClass.j
ava:579)
at
org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.
java:418)
at
org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.
java:378)
at
org.apache.axis.components.logger.LogFactory$1.run(LogFactory.java:84)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.axis.components.logger.LogFactory.getLogFactory(LogFactory.java:8
0)
at
org.apache.axis.components.logger.LogFactory.<clinit>(LogFactory.java:72)
at
org.apache.axis.transport.http.AxisServlet.<clinit>(AxisServlet.java:101)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:130)
at
org.apache.axis.transport.http.AxisServletBase.class$(AxisServletBase.java:8
7)
at
org.apache.axis.transport.http.AxisServletBase.<clinit>(AxisServletBase.java
:94)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAcces
sorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstruc
torAccessorImpl.java:27
)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:296)
at java.lang.Class.newInstance(Class.java:249)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:820)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:
3267)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:3384)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:785)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:454)
at
org.apache.catalina.core.StandardHost.install(StandardHost.java:712)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:599)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:777)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:463)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor
t.java:155)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1131)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:612)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:307)
at
org.apache.catalina.core.StandardService.start(StandardService.java:388)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:505)
at org.apache.catalina.startup.Catalina.start(Catalina.java:776)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
I have already added the following entry to the property file
catalina.policy:
grant codeBase "file:${catalina.home}/webapps/axis/-" {
permission java.security.AllPermission;
};
>From my point of view all the class files mentioned in the above stack
traces are covered by the policy file and all class files should have
AllPermission.
Can anybody explain to me what I'm doing wrong. Are there still other jar
files that have to be added to the policy file?
Thanks for your help in advance.
Rainer
RE: Security Manager and Axis
Posted by "Stuart Halloway (DevelopMentor)" <st...@develop.com>.
Hi Rainer,
I tried the grant syntax you used and saw the same problem. I also tried
various combinations of wildcarding and specifying the JARs
individually, to no avail.
The debug flag -Djava.security.debug=policy should be helpful here, but
it is not. Tomcat's WebappClassLoader has a toString implementation that
triggers a security check. The policy trace then triggers the toString
implementation, causing an infinite recursion.
Given that Tomcat appears to be doing the class loading, you may want to
ask on the Tomcat list.
Stu
----------------------------------------------------------
Stuart Halloway : staff.develop.com/halloway
DevelopMentor : www.develop.com
Essential Java : www.develop.com/courses/essjava
----------------------------------------------------------
-----Original Message-----
From: Baernreuther Rainer [mailto:rainer.baernreuther@siemens.com]
Sent: Monday, November 04, 2002 9:11 AM
To: 'axis-user@xml.apache.org'
Subject: Security Manager and Axis
Hi all,
I installed Axis V1.0 on my Tomcat 4.0.1 server by simply copying the
axis
directory into my webapps directory. If I start Tomcat without a
Security
Manager everything works fine. The trouble begins when the Security
Manager
comes into play. During the starting process of Tomcat I get two error
messages from the Security Manager which I cannot explain. The first
points
to missing RuntimePermission for requesting Class Loaders:
access: access denied (java.lang.RuntimePermission getClassLoader)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1071)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.
java
:259)
at
java.security.AccessController.checkPermission(AccessController.java:401
)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at
java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1038)
at
org.apache.commons.discovery.jdk.JDK12Hooks.getSystemClassLoader(JDK12Ho
oks.
java:114)
at
org.apache.commons.discovery.resource.ClassLoaders.getLibLoaders(ClassLo
ader
s.java:176)
at
org.apache.commons.discovery.tools.DiscoverClass.find(DiscoverClass.java
:355
)
at
org.apache.commons.discovery.tools.DiscoverClass.newInstance(DiscoverCla
ss.j
ava:579)
at
org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingle
ton.
java:418)
at
org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingle
ton.
java:378)
at
org.apache.axis.components.logger.LogFactory$1.run(LogFactory.java:84)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.axis.components.logger.LogFactory.getLogFactory(LogFactory.ja
va:8
0)
at
org.apache.axis.components.logger.LogFactory.<clinit>(LogFactory.java:72
)
at
org.apache.axis.transport.http.AxisServlet.<clinit>(AxisServlet.java:101
)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:130)
at
org.apache.axis.transport.http.AxisServletBase.class$(AxisServletBase.ja
va:8
7)
at
org.apache.axis.transport.http.AxisServletBase.<clinit>(AxisServletBase.
java
:94)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorA
cces
sorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingCons
truc
torAccessorImpl.java:27
)
at
java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:296)
at java.lang.Class.newInstance(Class.java:249)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:820)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.j
ava:
3267)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:3384
)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:785)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:454)
at
org.apache.catalina.core.StandardHost.install(StandardHost.java:712)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:599)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:777)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:46
3)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSu
ppor
t.java:155)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1131)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:612)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:307)
at
org.apache.catalina.core.StandardService.start(StandardService.java:388)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:505)
at org.apache.catalina.startup.Catalina.start(Catalina.java:776)
at
org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at
org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
The second failure points to a missing property permission:
access: access denied (java.util.PropertyPermission
org.apache.commons.discovery.log.level read)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1071)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.
java
:259)
at
java.security.AccessController.checkPermission(AccessController.java:401
)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1291)
at java.lang.System.getProperty(System.java:572)
at
org.apache.commons.discovery.log.SimpleLog.<clinit>(SimpleLog.java:155)
at
org.apache.commons.discovery.log.DiscoveryLogFactory._newLog(DiscoveryLo
gFac
tory.java:142)
at
org.apache.commons.discovery.log.DiscoveryLogFactory.<clinit>(DiscoveryL
ogFa
ctory.java:105)
at
org.apache.commons.discovery.resource.DiscoverResources.<clinit>(Discove
rRes
ources.java:82)
at
org.apache.commons.discovery.tools.ResourceUtils.getResource(ResourceUti
ls.j
ava:122)
at
org.apache.commons.discovery.tools.ResourceUtils.loadProperties(Resource
Util
s.java:175)
at
org.apache.commons.discovery.tools.PropertiesHolder.getProperties(Proper
ties
Holder.java:102)
at
org.apache.commons.discovery.tools.DiscoverClass.find(DiscoverClass.java
:360
)
at
org.apache.commons.discovery.tools.DiscoverClass.newInstance(DiscoverCla
ss.j
ava:579)
at
org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingle
ton.
java:418)
at
org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingle
ton.
java:378)
at
org.apache.axis.components.logger.LogFactory$1.run(LogFactory.java:84)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.axis.components.logger.LogFactory.getLogFactory(LogFactory.ja
va:8
0)
at
org.apache.axis.components.logger.LogFactory.<clinit>(LogFactory.java:72
)
at
org.apache.axis.transport.http.AxisServlet.<clinit>(AxisServlet.java:101
)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:130)
at
org.apache.axis.transport.http.AxisServletBase.class$(AxisServletBase.ja
va:8
7)
at
org.apache.axis.transport.http.AxisServletBase.<clinit>(AxisServletBase.
java
:94)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorA
cces
sorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingCons
truc
torAccessorImpl.java:27
)
at
java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:296)
at java.lang.Class.newInstance(Class.java:249)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:820)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.j
ava:
3267)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:3384
)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:785)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:454)
at
org.apache.catalina.core.StandardHost.install(StandardHost.java:712)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:599)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:777)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:46
3)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSu
ppor
t.java:155)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1131)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:612)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:307)
at
org.apache.catalina.core.StandardService.start(StandardService.java:388)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:505)
at org.apache.catalina.startup.Catalina.start(Catalina.java:776)
at
org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at
org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
I have already added the following entry to the property file
catalina.policy:
grant codeBase "file:${catalina.home}/webapps/axis/-" {
permission java.security.AllPermission;
};
>From my point of view all the class files mentioned in the above stack
traces are covered by the policy file and all class files should have
AllPermission.
Can anybody explain to me what I'm doing wrong. Are there still other
jar
files that have to be added to the policy file?
Thanks for your help in advance.
Rainer