You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Josef Vosyka <pe...@bigfoot.com> on 2005/04/18 22:40:04 UTC

Trouble with SecurityManager with Tomcat 5.5

Hi,

I've got 3 exceptions, when I run simple webapp under SecurityManager with standard
policy file and:
-IntelliJ 4.5
-JDK 5.0
-Tomcat 5.5

The exceptions are:

SEVERE: Parse error in default web.xml
java.security.AccessControlException: access denied (java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina.core)

SEVERE: Parse error in application web.xml
java.security.AccessControlException: access denied (java.io.FilePermission
D:\usr\tomcat-5.5\common\lib\servlet-api.jar read)

SEVERE: Parse error in default web.xml
java.security.AccessControlException: access denied (java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina.core)


The standard policy file indeed contains the following:

grant codeBase "file:${catalina.home}/common/-" {
        permission java.security.AllPermission;
};

The accessClassInPackage problem disappears when I add this:

permission java.lang.RuntimePermission "accessClassInPackage.org.apache";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.*";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.*";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.core";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.core.*";


But the FilePermission remains even after adding the explicit and redundant:

grant codeBase "file:${catalina.home}/common/lib/-" {
        permission java.security.AllPermission;
};

or even this:

grant codeBase "file:${catalina.home}/common/lib/servlet-api.jar" {
        permission java.security.AllPermission;
};

I'm really hopeless to locate the cause of the problems. Seems like this should work out
of the box.

Any help is appreciated in advance.
Thanks!
--Josef

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org