You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Jun Inamori <ju...@oop-reserch.com> on 2003/11/22 22:44:30 UTC

catalina.policy to avoid "no object DCH for MIME..."

Hi,

We faced the same problem as:
   http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg48320.html
The message reports the exception when sending e-mail.
It looks like this:

	javax.activation.UnsupportedDataTypeException: no object DCH for MIME type text/plain
	at javax.mail.Transport.send0(Transport.java:219)

We re-produce this, only if we enable SecurityManager and place "mail.jar" and "activation.jar" into:
   ${catalina.home}/shared/lib
SecurityManager seems to prevent "javax.activation.CommandMap" to load:
   META-INF/mailcap
from "mail.jar"

To avoid this kind of problem, "catalina.policy" should include the entity like this:

   grant codeBase "file:${catalina.home}/shared/lib/activation.jar" {
      permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.12-LE-jdk14/shared/lib/mail.jar","read";
   };

I request you to add the lines below to "catalina.policy".

// If you place "mail.jar" and "activation.jar" into:
//    ${catalina.home}/shared/lib
// please activate the entity below and update the target of
// FilePermission.

//grant codeBase "file:${catalina.home}/shared/lib/activation.jar" {
//  permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.12-LE-jdk14/shared/lib/mail.jar","read";
//};

I think this will help many Tomcat users, but do no harm.
Any suggestion/questions are welcome to me.
-- 

Happy Java programming!

Jun Inamori
OOP-Reserch Corporation
E-mail: jun@oop-reserch.com
URL:    http://www.oop-reserch.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

Re: catalina.policy to avoid "no object DCH for MIME..."

Posted by Glenn Nielsen <gl...@mail.more.net>.

Jun Inamori wrote:
> Hi,
> 
> Thank you for your reply.
> 
> 
>>This is a special use case depending on where you install
>>the mail API jars.
>>Since there are potentially 1000's of special use cases I
>>don't see where adding these examples to catalina.policy
>>would help.
>>
>>A better solution would be to add a section to the Tomcat
>>SecurityManager doc which lists what permissions are required
>>for different standard API's.  JDBC, mail, etc.
> 
> 
> That's a good idea.
> I'll try it.
> I just downloaded:
>    security-manager-howto.xml
> from CVS.
> I think I should work on this XML, rather than the HTML.

Yes, thats the right place.

> After the section titled:
> 
>   <h3>Policy File Format</h3>
> 
> I'll add the new section titled:
> 
>   <h3>Required Permissions for standard API's</h3>
> 
> The new section will list the required permissions for JDBC and JavaMail.
> I have ever experienced the difficulties in Java Advanced Imaging API with SecurityManager, and so I'll also list the required permission for it.
> I'll work on it in the next weekend.
> Any suggestions are welcome to me.
> 
> Best regards,

This sounds great.  Thanks for taking the initiative to improve the docs.

Regards,

Glenn


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

Re: catalina.policy to avoid "no object DCH for MIME..."

Posted by Jun Inamori <j-...@r2.dion.ne.jp>.

Hi,

Thank you for your reply.

> This is a special use case depending on where you install
> the mail API jars.
> Since there are potentially 1000's of special use cases I
> don't see where adding these examples to catalina.policy
> would help.
> 
> A better solution would be to add a section to the Tomcat
> SecurityManager doc which lists what permissions are required
> for different standard API's.  JDBC, mail, etc.

That's a good idea.
I'll try it.
I just downloaded:
   security-manager-howto.xml
from CVS.
I think I should work on this XML, rather than the HTML.
After the section titled:

  <h3>Policy File Format</h3>

I'll add the new section titled:

  <h3>Required Permissions for standard API's</h3>

The new section will list the required permissions for JDBC and JavaMail.
I have ever experienced the difficulties in Java Advanced Imaging API with SecurityManager, and so I'll also list the required permission for it.
I'll work on it in the next weekend.
Any suggestions are welcome to me.

Best regards,
-- 

Happy Java programming!

Jun Inamori
OOP-Reserch Corporation
E-mail: j-office@r2.dion.ne.jp
URL:    http://www.oop-reserch.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

Re: catalina.policy to avoid "no object DCH for MIME..."

Posted by Glenn Nielsen <gl...@mail.more.net>.

This is a special use case depending on where you install the mail API jars.
Since there are potentially 1000's of special use cases I don't see where
adding these examples to catalina.policy would help.

A better solution would be to add a section to the Tomcat SecurityManager doc
which lists what permissions are required for different standard API's.  JDBC,
mail, etc.

If you want to create a patch for the Tomcat security manager docs I would be
happy to review it and commit it.

Thanks,

Glenn

Jun Inamori wrote:
> Hi,
> 
> We faced the same problem as:
>    http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg48320.html
> The message reports the exception when sending e-mail.
> It looks like this:
> 
> 	javax.activation.UnsupportedDataTypeException: no object DCH for MIME type text/plain
> 	at javax.mail.Transport.send0(Transport.java:219)
> 
> We re-produce this, only if we enable SecurityManager and place "mail.jar" and "activation.jar" into:
>    ${catalina.home}/shared/lib
> SecurityManager seems to prevent "javax.activation.CommandMap" to load:
>    META-INF/mailcap
> from "mail.jar"
> 
> To avoid this kind of problem, "catalina.policy" should include the entity like this:
> 
>    grant codeBase "file:${catalina.home}/shared/lib/activation.jar" {
>       permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.12-LE-jdk14/shared/lib/mail.jar","read";
>    };
> 
> I request you to add the lines below to "catalina.policy".
> 
> // If you place "mail.jar" and "activation.jar" into:
> //    ${catalina.home}/shared/lib
> // please activate the entity below and update the target of
> // FilePermission.
> 
> //grant codeBase "file:${catalina.home}/shared/lib/activation.jar" {
> //  permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.12-LE-jdk14/shared/lib/mail.jar","read";
> //};
> 
> I think this will help many Tomcat users, but do no harm.
> Any suggestion/questions are welcome to me.



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org