You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Leucht, Axel" <Ax...@prodv.de> on 2007/11/09 16:40:41 UTC

Security-Manager problem

Hi, 

I'm having a weird problem with my webApp under Tomact with a SecurityManager (SM).

When no SM is enabled, my app runs fine. When I do start tomcat with a security manager I encounter one AccessControlException left which is:
java.security.AccessControlException: access denied (java.io.FilePermission $(catalina_home)\common\lib\servlet-api.jar read)
	at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:524)
	at org.apache.crimson.parser.Parser2.parse(Parser2.java:305)
	at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:442)
	at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562)
	at org.apache.catalina.startup.ContextConfig.applicationWebConfig(ContextConfig.java:352)
	at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:1044)
	at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:261)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4148)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
	at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:122)
	at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:144)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:738)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:920)
	at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:883)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:448)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

I assumed that files under $(catalina_home)/common do have all permissions granted due to 
grant codeBase "file:${catalina.home}/common/-" {
        permission java.security.AllPermission;
};

But this doesn't work and also it doesn't work when I enable the permission explicitly for my webApp.
	permission java.io.FilePermission "$(catalina_home)\common\lib\servlet-api.jar","read";
TC then does "Marking this application unavailable due to previous error(s)".
	
PS: $(catalina_home) is an absolute path on my windows machine to that tc-directory.

/Axel

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Security-Manager problem

Posted by Mark Thomas <ma...@apache.org>.

Leucht, Axel wrote:
> Hi, 
> 
> I'm having a weird problem with my webApp under Tomact with a SecurityManager (SM).
> 
> When no SM is enabled, my app runs fine. When I do start tomcat with a security manager I encounter one AccessControlException left which is:
> java.security.AccessControlException: access denied (java.io.FilePermission $(catalina_home)\common\lib\servlet-api.jar read)
> 	at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:524)
> 	at org.apache.crimson.parser.Parser2.parse(Parser2.java:305)
> 	at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:442)

Where is the Jar with these classes located?

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org