You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "David Le Strat (JIRA)" <je...@portals.apache.org> on 2005/09/11 21:56:31 UTC
[jira] Commented: (JS2-205) Using Tomcat Security Policy breaks RdbmsPolicy
[ http://issues.apache.org/jira/browse/JS2-205?page=comments#action_12323188 ]
David Le Strat commented on JS2-205:
------------------------------------
I am revisiting the RdbmsPolicy and how policies get loaded in addition to the RdbmsPolicy. They are quite a few issues with the current implementation including the recursive loop reported above.
> Using Tomcat Security Policy breaks RdbmsPolicy
> -----------------------------------------------
>
> Key: JS2-205
> URL: http://issues.apache.org/jira/browse/JS2-205
> Project: Jetspeed 2
> Type: Bug
> Components: Security
> Versions: 2.0-M2
> Reporter: David Sean Taylor
> Assignee: David Le Strat
> Fix For: 2.0-M2
>
> I set my Tomcat Security policy to:
> grant {
> permission java.security.AllPermission;
> };
> Start Tomcat 5.0.31 as:
> catalina run -security
> And it gets a stack overflow from recursive loop in policy setup:
> at java.security.AccessController.checkPermission(AccessController.java:
> 401)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
> at javax.security.auth.Subject.getSubject(Subject.java:251)
> at org.apache.jetspeed.security.impl.RdbmsPolicy.getPermissions(RdbmsPol
> icy.java:90)
> at java.security.Policy.getPermissions(Policy.java:343)
> at java.security.Policy.implies(Policy.java:397)
> at java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
> at java.security.AccessControlContext.checkPermission(AccessControlConte
> As an interim fix, if you don't need the Rdbms Policy,
> In the jetspeed-spring.xml, comment out:
> <!-- Security: RDBMS Policy implementation for JAAS -->
> <!--
> <bean id="org.apache.jetspeed.security.impl.RdbmsPolicy"
> class="org.apache.jetspeed.security.impl.RdbmsPolicy"
> >
> <constructor-arg ><ref bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg>
> </bean>
> -->
> <!-- Security: Authorization Provider -->
> <!--
> <bean id="org.apache.jetspeed.security.AuthorizationProvider"
> class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl"
> >
> <constructor-arg ><ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg>
> </bean>
> -->
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org