You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Lawlor, Frank" <Fr...@AthensGroup.com> on 2002/03/18 20:38:33 UTC

Re: SecurityManager - pulling my hair out 

Here are some of my aded catalina.policy statements:

	1.	 	// Allow read of SAX Parser name
			permission java.util.PropertyPermission
"org.xml.sax.driver", "read";
	
	2.	Allow the Autoweb application to do whatever it wants:
	 	// The permissions granted to the AGCW application
			grant codeBase
"file:${catalina.home}/webapps/AGCW/-" {
	        		permission java.security.AllPermission;
			};

But is seems like TldLocationsCache (is this in your app?)
is having trouble getting to
/javax/servlet/resources/web-app_2_3.dtd (in common\lib\servlet.jar).
What is the dtd spec in your web.xml?

Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solutions.



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: SecurityManager - pulling my hair out

Posted by Kim Altintop <ki...@deepfx.com>.
Hi Frank,

thank you for responding. 
TldLocationsCache is a tomcat internal class that provides the web.xml and
tld DTDs to the SAX parser (thus avoiding it to download them from the
network). The DTD for the web.xml is deployed as part of the servlet.jar.
My DTD spec in web.xml is:

<!DOCTYPE web-app
	PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
	"http://java.sun.com/dtd/web-app_2_3.dtd">

It seems to me as if Tomcat should be able to resolve this under all
circumstances (as all Tomcat code has AllPermission by default). But it
doesn't and I'm unable to figure out what's going on... :(
As I said: no AccessControlException gets thrown here. Tomcat just prints
the message to the log - but my servlets are unable to get any
<init-param>s from web.xml since it has not been parsed. If I turn off the
SecurityManager, everything works fine.

After all, it seems like voodoo to me - since no one out there has the same
problem apparently...

Regards,
Kim

--On 3/18/2002 1:38 PM -0600 "Lawlor, Frank" <Fr...@AthensGroup.com>
wrote:

> Here are some of my aded catalina.policy statements:
> 
> 	1.	 	// Allow read of SAX Parser name
> 			permission java.util.PropertyPermission
> "org.xml.sax.driver", "read";
> 	
> 	2.	Allow the Autoweb application to do whatever it wants:
> 	 	// The permissions granted to the AGCW application
> 			grant codeBase
> "file:${catalina.home}/webapps/AGCW/-" {
> 	        		permission java.security.AllPermission;
> 			};
> 
> But is seems like TldLocationsCache (is this in your app?)
> is having trouble getting to
> /javax/servlet/resources/web-app_2_3.dtd (in common\lib\servlet.jar).
> What is the dtd spec in your web.xml?
> 
> Frank Lawlor
> Athens Group, Inc.
> (512) 345-0600 x151
> Athens Group, an employee-owned consulting firm integrating technology
> strategy and software solutions.
> 
> 
> 
> --
> To unsubscribe:   <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>