You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rashid Jilani <ji...@lifebiosystems.com> on 2010/08/09 19:24:37 UTC
java.lang.RuntimePermission accessClassInPackage.org.apache.catalina
Hi: Gurus I am having the following exception when I try to fire Tomcat with
-security option with JAAS Realm.
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
I am using Tomcat 6.0.29 on windows XP machine, with JDK 1.6.
The way I am starting the catalina engine is something like this
@echo off
setlocal
set CATALINA_HOME=C:\apache-tomcat-6.0.29
set JAVA_OPTS="-Djava.security.manager
-Djava.security.auth.login.config=C:\Documents and
Settings\xxx\workspace\WebSecurity\WebContent\WEB-INF\projsp.login"
call catalina.bat run -security
endlocal
BTW I also try to add the following lines in catalina.policy file but no
luck
grant codeBase "file:/C:/Documents and
Settings/xxx/workspace/WebSecurity/WebContent/WEB-INF/classes/-" {
permission java.security.AllPermission;
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.manager.util";
};
Hensley how the JAAS can integrate with Tomcat has almost no real example or
documentation, so I am just trying my luck with trails and errors, please
let me know if some has any idea why I am having these errors.
Thanks,
RJ.
RE: java.lang.RuntimePermission accessClassInPackage.org.apache.catalina
Posted by Rashid Jilani <ji...@lifebiosystems.com>.
Hi; Chris, I am attaching the stack trace log file with this email. If you don't prefer attachments please let me know.
BTW there is no jars in webapps/lib directory, so the problem is somewhere else.
Regards,
RJ.
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Monday, August 09, 2010 1:18 PM
To: Tomcat Users List
Subject: Re: java.lang.RuntimePermission accessClassInPackage.org.apache.catalina
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rashid,
On 8/9/2010 1:24 PM, Rashid Jilani wrote:
> Hi: Gurus I am having the following exception when I try to fire Tomcat with
> -security option with JAAS Realm.
>
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
You should provide more of the stack trace for us to be able to help you.
> BTW I also try to add the following lines in catalina.policy file but no
> luck
>
> grant codeBase "file:/C:/Documents and
> Settings/xxx/workspace/WebSecurity/WebContent/WEB-INF/classes/-" {
>
> permission java.security.AllPermission;
>
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina";
>
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.manager";
>
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.manager.util";
>
> };
You may need to grant permissions to your webapp's library .jar files, too.
> Hensley how the JAAS can integrate with Tomcat has almost no real example or
> documentation, so I am just trying my luck with trails and errors, please
> let me know if some has any idea why I am having these errors.
It seems pretty clear that you simply haven't given permission for some
code to perform some task.
The stack trace tells you which code failed and what permission you
need: it should be trivial to add a "grant" that allows that code those
permissions.
You might want to read the thread back in March 2010 titled "[OT]
SecurityManager and Java Policy Files". Unfortunately, we didn't get
very far.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxgRmgACgkQ9CaO5/Lv0PBKtQCfdKoXx8HfVD+dVpwGeg9DiIWP
p9oAoKWK4tLMB4wKh3xAfsoOdxQXOuSM
=300m
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: java.lang.RuntimePermission accessClassInPackage.org.apache.catalina
Posted by Rashid Jilani <ji...@lifebiosystems.com>.
Hi: Chris in case you can't see attachments here is the stack trace
Aug 9, 2010 3:12:31 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jre1.5.0_05\bin;.;C:\WINDOWS\system32;C:\WINDOWS;C:\Perl\site\bin;C:\Perl\bin;C:\oracle\product\10.2.0\db_1\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\IDM Computer Solutions\UltraEdit-32;C:\apache-ant-1.7.0\bin;C:\jboss-4.0.2\bin;C:\mule-2.1.2\bin;C:\apache-maven-2.0.9\bin;C:\Program Files\Java\jdk1.5.0_12\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\QuickTime\QTSystem\;C:\groovy-1.6.4\bin
Aug 9, 2010 3:12:31 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8085
Aug 9, 2010 3:12:31 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 667 ms
Aug 9, 2010 3:12:31 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Aug 9, 2010 3:12:31 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.29
Aug 9, 2010 3:12:31 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
Aug 9, 2010 3:12:32 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Aug 9, 2010 3:12:32 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor WebSecurity.xml
Aug 9, 2010 3:12:32 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
Aug 9, 2010 3:12:32 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory examples
Aug 9, 2010 3:12:32 PM org.apache.catalina.loader.WebappClassLoader findClass
WARNING: WebappClassLoader.findClassInternal(chat.ChatServlet) security exception: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
at java.lang.ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.checkPackageAccess(Unknown Source)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2733)
at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1124)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1612)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1491)
at org.apache.catalina.startup.WebAnnotationSet.loadApplicationServletAnnotations(WebAnnotationSet.java:108)
at org.apache.catalina.startup.WebAnnotationSet.loadApplicationAnnotations(WebAnnotationSet.java:58)
at org.apache.catalina.startup.ContextConfig.applicationAnnotationsConfig(ContextConfig.java:297)
at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:1078)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:261)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4540)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Aug 9, 2010 3:12:32 PM org.apache.catalina.loader.WebappClassLoader findClass
WARNING: WebappClassLoader.findClassInternal(chat.ChatServlet) security exception: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
at java.lang.ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.checkPackageAccess(Unknown Source)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2733)
at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1124)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1612)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1491)
at org.apache.catalina.startup.WebAnnotationSet.loadClassAnnotation(WebAnnotationSet.java:145)
at org.apache.catalina.startup.WebAnnotationSet.loadApplicationServletAnnotations(WebAnnotationSet.java:119)
at org.apache.catalina.startup.WebAnnotationSet.loadApplicationAnnotations(WebAnnotationSet.java:58)
at org.apache.catalina.startup.ContextConfig.applicationAnnotationsConfig(ContextConfig.java:297)
at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:1078)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:261)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4540)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Aug 9, 2010 3:12:32 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
Aug 9, 2010 3:12:32 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8085
Aug 9, 2010 3:12:32 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Aug 9, 2010 3:12:32 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/31 config=null
Aug 9, 2010 3:12:32 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1157 ms
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Monday, August 09, 2010 1:18 PM
To: Tomcat Users List
Subject: Re: java.lang.RuntimePermission accessClassInPackage.org.apache.catalina
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rashid,
On 8/9/2010 1:24 PM, Rashid Jilani wrote:
> Hi: Gurus I am having the following exception when I try to fire Tomcat with
> -security option with JAAS Realm.
>
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
You should provide more of the stack trace for us to be able to help you.
> BTW I also try to add the following lines in catalina.policy file but no
> luck
>
> grant codeBase "file:/C:/Documents and
> Settings/xxx/workspace/WebSecurity/WebContent/WEB-INF/classes/-" {
>
> permission java.security.AllPermission;
>
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina";
>
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.manager";
>
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.manager.util";
>
> };
You may need to grant permissions to your webapp's library .jar files, too.
> Hensley how the JAAS can integrate with Tomcat has almost no real example or
> documentation, so I am just trying my luck with trails and errors, please
> let me know if some has any idea why I am having these errors.
It seems pretty clear that you simply haven't given permission for some
code to perform some task.
The stack trace tells you which code failed and what permission you
need: it should be trivial to add a "grant" that allows that code those
permissions.
You might want to read the thread back in March 2010 titled "[OT]
SecurityManager and Java Policy Files". Unfortunately, we didn't get
very far.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxgRmgACgkQ9CaO5/Lv0PBKtQCfdKoXx8HfVD+dVpwGeg9DiIWP
p9oAoKWK4tLMB4wKh3xAfsoOdxQXOuSM
=300m
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: java.lang.RuntimePermission accessClassInPackage.org.apache.catalina
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rashid,
On 8/9/2010 1:24 PM, Rashid Jilani wrote:
> Hi: Gurus I am having the following exception when I try to fire Tomcat with
> -security option with JAAS Realm.
>
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
You should provide more of the stack trace for us to be able to help you.
> BTW I also try to add the following lines in catalina.policy file but no
> luck
>
> grant codeBase "file:/C:/Documents and
> Settings/xxx/workspace/WebSecurity/WebContent/WEB-INF/classes/-" {
>
> permission java.security.AllPermission;
>
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina";
>
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.manager";
>
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.manager.util";
>
> };
You may need to grant permissions to your webapp's library .jar files, too.
> Hensley how the JAAS can integrate with Tomcat has almost no real example or
> documentation, so I am just trying my luck with trails and errors, please
> let me know if some has any idea why I am having these errors.
It seems pretty clear that you simply haven't given permission for some
code to perform some task.
The stack trace tells you which code failed and what permission you
need: it should be trivial to add a "grant" that allows that code those
permissions.
You might want to read the thread back in March 2010 titled "[OT]
SecurityManager and Java Policy Files". Unfortunately, we didn't get
very far.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxgRmgACgkQ9CaO5/Lv0PBKtQCfdKoXx8HfVD+dVpwGeg9DiIWP
p9oAoKWK4tLMB4wKh3xAfsoOdxQXOuSM
=300m
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org