You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2007/11/28 18:07:47 UTC

DO NOT REPLY [Bug 43983] New: - codeBase of a webapp changes if antiResourceLocking is active - Security policy fails

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43983>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43983

           Summary: codeBase of a webapp changes if antiResourceLocking is
                    active - Security policy fails
           Product: Tomcat 6
           Version: 6.0.14
          Platform: Sun
        OS/Version: Windows Vista
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: mail@markus-kiss.de


I'm using Tomcat 6.0.14 with the "security" option in order to assign different
permissions to several webapps running within the Tomcat security sandbox.
However, I've encountered the following effect when I activate the
antiResourceLocking flag in the context.xml file of my webapp:

As this flag causes the server to copy all the files of my webapp to the temp
directory at runtime, the codeBase for the webapp also changes - but the
SecurityManager doesn't recognise that it has changed. Consequently, the
permissions for the specific webapp that I defined in catalina.policy actually
don't apply and I get an "access denied" exception. I have searched the web, the
security FAQ and newsgroups for a hint or a workaround, but with no success.
Neither the Tomcat Users Mailing List could help. With the help of the
java.security.debug=all option I came to the workaround to simply set the
codeBase in the catalina.policy file to the new location within the temp directory:

grant codeBase "file:${catalina.home}/temp/1-foo/-" {
        /* list of assigned permissions */
};

With this workaround everything works fine. However, the numeric prefix (e.g.
"1-") of the webapp copied to the temp folder eventually changes, for instance
when I redeploy the webapp or when I clear the temp directory. As a result, I
always have to keep the catalina.policy file up-to-date with the current prefix
of the webapp, otherwise the permissions fail.

I ask myself if there is a more elegant way to fix this problem, maybe by an
internal mapping of the original codeBase of the webapp in
${catalina.home}/webapps/ to the ${catalina.home}/temp/ directory which then
would be transparent for the SecurityManager? 

If there's no easy way to fix it, at least a hint should be placed in the Tomcat
Security FAQ that if antiResourceLocking is active, the codeBase of the webapp
has to be adapted within the catalina.policy file.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 43983] - codeBase of a webapp changes if antiResourceLocking is active - Security policy fails

Posted by bu...@apache.org.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43983>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43983


markt@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Additional Comments From markt@apache.org  2007-12-24 07:35 -------
I can't see a way to map to the new code base without a custom security manager.
I think an FAQ entry is the best option.

The FAQ is now on the wiki (http://wiki.apache.org/tomcat/FAQ/Security) so I'll
leave it to you to add what you consider to the appropriate text.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org