You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ja...@mobilewebexpert.co.uk on 2012/01/09 20:22:53 UTC
Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
Hiya,
I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now having a problem running my webapp. I know I probably need to specify some security privileges somewhere, but not sure where - possibly catalina.policy? Can anyone help??
Here's the error from the log file:
09-Jan-2012 17:33:34 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [Manager] in context with path [/manager] threw exception [Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags] with root cause
java.lang.NoClassDefFoundError: Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags
at org.netbeans.modules.schema2beans.DOMBinding.register(DOMBinding.java:166)
at org.netbeans.modules.schema2beans.BeanProp.registerDomNode(BeanProp.java:1809)
at org.netbeans.modules.schema2beans.GraphManager.createRootBinding(GraphManager.java:232)
at org.netbeans.modules.schema2beans.BaseBean.createRoot(BaseBean.java:288)
at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:98)
at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:75)
at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:71)
at org.netbeans.modules.web.monitor.server.MonitorFilter.setupDataRecord(MonitorFilter.java:484)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:331)
at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:245)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:245)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Thanks,
James
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager
enabled (Windows Vista)
Posted by Konstantin Kolinko <kn...@gmail.com>.
2012/1/9 <ja...@mobilewebexpert.co.uk>:
> Hiya,
>
> I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now having a problem running my webapp. I know I probably need to specify some security privileges somewhere,
Have you read the docs?
> but not sure where - possibly catalina.policy?
That file is not used by Tomcat but by Java runtime. So whether it is
used depends on what command was used to launch the JVM.
The catalina.bat/catalina.sh files use conf/catalina.policy by default.
If you use something else then you are on your own to configure it properly.
> Can anyone help??
>
> Here's the error from the log file:
>
> 09-Jan-2012 17:33:34 org.apache.catalina.core.StandardWrapperValve invoke
> SEVERE: Servlet.service() for servlet [Manager] in context with path [/manager] threw exception [Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags] with root cause
> java.lang.NoClassDefFoundError: Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags
(...)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager
enabled (Windows Vista)
Posted by André Warnier <aw...@ice-sa.com>.
james@mobilewebexpert.co.uk wrote:
> Basically, I've created a webapp which runs fine on my development
> machine, but our actual hosting is shared (and uses a Security Manager)
> and some new libraries we're using throws up loads of exceptions which
> we need to replicate locally, hence the need for me to activate the
> Security Manager.
>
> If it makes things any simpler, the webapp runs as the root context. Any
> chance you could help me out with the code I need for catalina.policy?
>
This is a long and tedious process, if you want to do it right. And it would require an
in-depth knowledge of the application, which nobody else but you has.
Basically, the Security Manager provides a kind of "sandbox" around the applications,
German-like : everything which is not specifically allowed, is forbidden.
So you have to know what all the various permissions are, and then know what your
application requires specifically.
There are examples at the end of the standard catalina.policy file, and I'm sure that by
googling a bit on the names which you see there, you'll find what you need.
Of course, a shortcut would be :
grant codeBase "file:${catalina.home}/webapps/<yourapp>/-" { (*)
permission java.security.AllPermission;
};
but then one could wonder why bothering to use a Security Manager at all..
(*) <yourapp> here being ROOT
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem running my webapp with Tomcat 7.0.22.0 Security
Manager enabled (Windows Vista)
Posted by Tim Watts <ti...@cliftonfarm.org>.
On Tue, 2012-01-10 at 22:06 +0000, james@mobilewebexpert.co.uk wrote:
> Basically, I've created a webapp which runs fine on my development machine,
> but our actual hosting is shared (and uses a Security Manager) and some new
> libraries we're using throws up loads of exceptions which we need to
> replicate locally, hence the need for me to activate the Security Manager.
>
> If it makes things any simpler, the webapp runs as the root context. Any
> chance you could help me out with the code I need for catalina.policy?
>
Sounds like your host provider is prescribing the security constraints
and you want to replicate that to see what adjustments need to be made
to the app and/or the policy file. Why not grab the policy file on your
target host and start with that?
> ----- Original Message -----
> From: "Pid" <pi...@pidster.com>
> To: "Tomcat Users List" <us...@tomcat.apache.org>
> Sent: Tuesday, January 10, 2012 7:47 PM
> Subject: Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager
> enabled (Windows Vista)
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
Posted by ja...@mobilewebexpert.co.uk.
Basically, I've created a webapp which runs fine on my development machine,
but our actual hosting is shared (and uses a Security Manager) and some new
libraries we're using throws up loads of exceptions which we need to
replicate locally, hence the need for me to activate the Security Manager.
If it makes things any simpler, the webapp runs as the root context. Any
chance you could help me out with the code I need for catalina.policy?
----- Original Message -----
From: "Pid" <pi...@pidster.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Tuesday, January 10, 2012 7:47 PM
Subject: Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager
enabled (Windows Vista)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager
enabled (Windows Vista)
Posted by Pid <pi...@pidster.com>.
On 10/01/2012 15:51, james@mobilewebexpert.co.uk wrote:
> Thanks for the reply.
>
> Afraid I'm very new to Tomcat - please could you explain to me what
> changes I need to make to catalina.policy?
It's can be tricky and it's application specific.
You'll need to add specific policy rules that permit the application to
do whatever it needs to do. E.g. access to network, file system, jars etc.
Is there a particular reason you want to enable the Security Manager?
Are you hosting untrusted 3rd party applications for example?
p
> Thanks,
> James
>
> ----- Original Message ----- From: "Pid" <pi...@pidster.com>
> To: "Tomcat Users List" <us...@tomcat.apache.org>
> Sent: Tuesday, January 10, 2012 9:19 AM
> Subject: Re: Problem running my webapp with Tomcat 7.0.22.0 Security
> Manager enabled (Windows Vista)
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
[key:62590808]
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)
Posted by ja...@mobilewebexpert.co.uk.
Thanks for the reply.
Afraid I'm very new to Tomcat - please could you explain to me what changes
I need to make to catalina.policy?
Thanks,
James
----- Original Message -----
From: "Pid" <pi...@pidster.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Tuesday, January 10, 2012 9:19 AM
Subject: Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager
enabled (Windows Vista)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager
enabled (Windows Vista)
Posted by Pid <pi...@pidster.com>.
On 09/01/2012 19:22, james@mobilewebexpert.co.uk wrote:
> Hiya,
>
> I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now having a problem running my webapp. I know I probably need to specify some security privileges somewhere, but not sure where - possibly catalina.policy? Can anyone help??
Yes, in catalina.policy. Have fun.
p
> Here's the error from the log file:
>
> 09-Jan-2012 17:33:34 org.apache.catalina.core.StandardWrapperValve invoke
> SEVERE: Servlet.service() for servlet [Manager] in context with path [/manager] threw exception [Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags] with root cause
> java.lang.NoClassDefFoundError: Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags
> at org.netbeans.modules.schema2beans.DOMBinding.register(DOMBinding.java:166)
> at org.netbeans.modules.schema2beans.BeanProp.registerDomNode(BeanProp.java:1809)
> at org.netbeans.modules.schema2beans.GraphManager.createRootBinding(GraphManager.java:232)
> at org.netbeans.modules.schema2beans.BaseBean.createRoot(BaseBean.java:288)
> at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:98)
> at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:75)
> at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:71)
> at org.netbeans.modules.web.monitor.server.MonitorFilter.setupDataRecord(MonitorFilter.java:484)
> at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:331)
> at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:245)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
> at sun.reflect.GeneratedMethodAccessor32.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:245)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964)
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:662)
>
> Thanks,
> James
--
[key:62590808]