You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mohan T <Mo...@ramco.com.INVALID> on 2021/08/06 03:51:10 UTC
Help Needed
Dear All,
We are using Tomcat 8.5 on Suse LINUX.
We enabled JAvA security in tomcat and invoking the Catalina.sh. We are facing some permission issues in the environment.
We could see the below error messages.
access: access allowed ("java.util.logging.LoggingPermission" "control")
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1336)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:419)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.util.logging.LogManager.checkPermission(LogManager.java:1586)
at java.util.logging.Logger.checkPermission(Logger.java:422)
at java.util.logging.Logger.removeHandler(Logger.java:1764)
at org.apache.juli.ClassLoaderLogManager.resetLoggers(ClassLoaderLogManager.java:393)
at org.apache.juli.ClassLoaderLogManager.shutdown(ClassLoaderLogManager.java:377)
at org.apache.juli.ClassLoaderLogManager$Cleaner.run(ClassLoaderLogManager.java:81)
policy: getPermissions:
PD CodeSource: (file:/home/ilas/tomcat8.5_tech/apache-tomcat-8.5.35/bin/tomcat-juli.jar <no signer certificates>)
PD ClassLoader: sun.misc.Launcher$AppClassLoader@3d4eac69
PD Principals: <no principals>
policy: evaluate codesources:
Policy CodeSource: (file:/usr/java/jdk1.8.0_162/jre/lib/- <no signer certificates>)
Active CodeSource: (file:/home/ilas/tomcat8.5_tech/apache-tomcat-8.5.35/bin/tomcat-juli.jar <no signer certificates>)
Thanks
Mohan
DISCLAIMER: This communication contains information which is confidential and the copyright of Ramco Systems Ltd, its subsidiaries or a third party ("Ramco"). This email may also contain legally privileged information. Confidentiality and legal privilege attached to this communication are not waived or lost by reason of mistaken delivery to you.This email is intended to be read or used by the addressee only. If you are not the intended recipient, any use, distribution, disclosure or copying of this email is strictly prohibited without the express written approval of Ramco. Please delete and destroy all copies and email Ramco at Legal@ramco.com immediately. Any views expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views of Ramco. Except as required by law, Ramco does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference. If you do not wish to receive such communications, please forward this communication to marketing@ramco.com and express your wish not to receive such communications henceforth.
Re: Help Needed
Posted by Rob Sargent <rs...@xmission.com>.
>
> On Aug 6, 2021, at 8:31 PM, Mohan T <Mo...@ramco.com.invalid> wrote:
>
> Dear All,
>
> Any inputs on this. We are not getting a break in this.
Did upgrading change anything?
You may want to layout your configuration and why you think it should work. Which version of Java, etc?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Help Needed
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mohan,
On 8/8/21 08:45, Mohan T wrote:
> There is no specific upgrade to the environment.
Did you see the reply to your message I sent on August 6th?
> We are introducing new components and the permission is being set for
> them in catalina.policy file.
Are your JAR files signed? The error says they are not signed. (And
presumably you are requiring them to be signed.)
> Attaching the Catalina.policy file for reference.
Your attachment has been stripped. Find another way to communicate the
policy. Copy/paste in the message ought to work.
> openjdk version "1.8.0_131"
> OpenJDK Runtime Environment (build 1.8.0_131-b12)
> OpenJDK 64-Bit Server VM (build 25.131-b12, mixed mode)
FYI This is also quite old.
-chris
> *From:*Mohan T
> *Sent:* 07 August 2021 08:00
> *To:* 'Tomcat Users List' <us...@tomcat.apache.org>
> *Subject:* RE: Help Needed
>
> Dear All,
>
> Any inputs on this. We are not getting a break in this.
>
> Kindly help us in taking things forward.
>
> Thanks
>
> Mohan
>
> *From:*Mohan T
> *Sent:* 06 August 2021 09:21
> *To:* Tomcat Users List <users@tomcat.apache.org
> <ma...@tomcat.apache.org>>
> *Subject:* Help Needed
>
> Dear All,
>
> */_We are using Tomcat 8.5 on Suse LINUX. _/*
>
> We enabled JAvA security in tomcat and invoking the Catalina.sh. We are
> facing some permission issues in the environment.
>
> We could see the below error messages.
>
> access: access allowed ("java.util.logging.LoggingPermission" "control")
>
> java.lang.Exception: Stack trace
>
> at java.lang.Thread.dumpStack(Thread.java:1336)
>
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:419)
>
> at
> java.security.AccessController.checkPermission(AccessController.java:884)
>
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>
> at
> java.util.logging.LogManager.checkPermission(LogManager.java:1586)
>
> at java.util.logging.Logger.checkPermission(Logger.java:422)
>
> at java.util.logging.Logger.removeHandler(Logger.java:1764)
>
> at
> org.apache.juli.ClassLoaderLogManager.resetLoggers(ClassLoaderLogManager.java:393)
>
> at
> org.apache.juli.ClassLoaderLogManager.shutdown(ClassLoaderLogManager.java:377)
>
> at
> org.apache.juli.ClassLoaderLogManager$Cleaner.run(ClassLoaderLogManager.java:81)
>
> policy: getPermissions:
>
> PD CodeSource:
> (file:/home/ilas/tomcat8.5_tech/apache-tomcat-8.5.35/bin/tomcat-juli.jar
> <no signer certificates>)
>
> PD ClassLoader: sun.misc.Launcher$AppClassLoader@3d4eac69
> <ma...@3d4eac69>
>
> PD Principals: <no principals>
>
> policy: evaluate codesources:
>
> Policy CodeSource: (file:/usr/java/jdk1.8.0_162/jre/lib/- <no
> signer certificates>)
>
> Active CodeSource:
> (file:/home/ilas/tomcat8.5_tech/apache-tomcat-8.5.35/bin/tomcat-juli.jar
> <no signer certificates>)
>
> Thanks
>
> Mohan
>
> DISCLAIMER: This communication contains information which is
> confidential and the copyright of Ramco Systems Ltd, its subsidiaries or
> a third party (“Ramco”). This email may also contain legally privileged
> information. Confidentiality and legal privilege attached to this
> communication are not waived or lost by reason of mistaken delivery to
> you.This email is intended to be read or used by the addressee only. If
> you are not the intended recipient, any use, distribution, disclosure or
> copying of this email is strictly prohibited without the express written
> approval of Ramco. Please delete and destroy all copies and email Ramco
> at Legal@ramco.com immediately. Any views expressed in this
> communication are those of the individual sender, except where the
> sender specifically states them to be the views of Ramco. Except as
> required by law, Ramco does not represent, warrant and/or guarantee that
> the integrity of this communication has been maintained nor that the
> communication is free of errors, virus, interception or interference. If
> you do not wish to receive such communications, please forward this
> communication to marketing@ramco.com and express your wish not to
> receive such communications henceforth.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Help Needed
Posted by Mohan T <Mo...@ramco.com.INVALID>.
Hi,
There is no specific upgrade to the environment .
We are introducing new components and the permission is being set for them in catalina.policy file.
Attaching the Catalina.policy file for reference.
openjdk version "1.8.0_131"
OpenJDK Runtime Environment (build 1.8.0_131-b12)
OpenJDK 64-Bit Server VM (build 25.131-b12, mixed mode)
Thanks
Mohan
From: Mohan T
Sent: 07 August 2021 08:00
To: 'Tomcat Users List' <us...@tomcat.apache.org>
Subject: RE: Help Needed
Dear All,
Any inputs on this. We are not getting a break in this.
Kindly help us in taking things forward.
Thanks
Mohan
From: Mohan T
Sent: 06 August 2021 09:21
To: Tomcat Users List <us...@tomcat.apache.org>>
Subject: Help Needed
Dear All,
We are using Tomcat 8.5 on Suse LINUX.
We enabled JAvA security in tomcat and invoking the Catalina.sh. We are facing some permission issues in the environment.
We could see the below error messages.
access: access allowed ("java.util.logging.LoggingPermission" "control")
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1336)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:419)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.util.logging.LogManager.checkPermission(LogManager.java:1586)
at java.util.logging.Logger.checkPermission(Logger.java:422)
at java.util.logging.Logger.removeHandler(Logger.java:1764)
at org.apache.juli.ClassLoaderLogManager.resetLoggers(ClassLoaderLogManager.java:393)
at org.apache.juli.ClassLoaderLogManager.shutdown(ClassLoaderLogManager.java:377)
at org.apache.juli.ClassLoaderLogManager$Cleaner.run(ClassLoaderLogManager.java:81)
policy: getPermissions:
PD CodeSource: (file:/home/ilas/tomcat8.5_tech/apache-tomcat-8.5.35/bin/tomcat-juli.jar <no signer certificates>)
PD ClassLoader: sun.misc.Launcher$AppClassLoader@3d4eac69<ma...@3d4eac69>
PD Principals: <no principals>
policy: evaluate codesources:
Policy CodeSource: (file:/usr/java/jdk1.8.0_162/jre/lib/- <no signer certificates>)
Active CodeSource: (file:/home/ilas/tomcat8.5_tech/apache-tomcat-8.5.35/bin/tomcat-juli.jar <no signer certificates>)
Thanks
Mohan
DISCLAIMER: This communication contains information which is confidential and the copyright of Ramco Systems Ltd, its subsidiaries or a third party ("Ramco"). This email may also contain legally privileged information. Confidentiality and legal privilege attached to this communication are not waived or lost by reason of mistaken delivery to you.This email is intended to be read or used by the addressee only. If you are not the intended recipient, any use, distribution, disclosure or copying of this email is strictly prohibited without the express written approval of Ramco. Please delete and destroy all copies and email Ramco at Legal@ramco.com immediately. Any views expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views of Ramco. Except as required by law, Ramco does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference. If you do not wish to receive such communications, please forward this communication to marketing@ramco.com and express your wish not to receive such communications henceforth.
RE: Help Needed
Posted by Mohan T <Mo...@ramco.com.INVALID>.
Dear All,
Any inputs on this. We are not getting a break in this.
Kindly help us in taking things forward.
Thanks
Mohan
From: Mohan T
Sent: 06 August 2021 09:21
To: Tomcat Users List <us...@tomcat.apache.org>
Subject: Help Needed
Dear All,
We are using Tomcat 8.5 on Suse LINUX.
We enabled JAvA security in tomcat and invoking the Catalina.sh. We are facing some permission issues in the environment.
We could see the below error messages.
access: access allowed ("java.util.logging.LoggingPermission" "control")
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1336)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:419)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.util.logging.LogManager.checkPermission(LogManager.java:1586)
at java.util.logging.Logger.checkPermission(Logger.java:422)
at java.util.logging.Logger.removeHandler(Logger.java:1764)
at org.apache.juli.ClassLoaderLogManager.resetLoggers(ClassLoaderLogManager.java:393)
at org.apache.juli.ClassLoaderLogManager.shutdown(ClassLoaderLogManager.java:377)
at org.apache.juli.ClassLoaderLogManager$Cleaner.run(ClassLoaderLogManager.java:81)
policy: getPermissions:
PD CodeSource: (file:/home/ilas/tomcat8.5_tech/apache-tomcat-8.5.35/bin/tomcat-juli.jar <no signer certificates>)
PD ClassLoader: sun.misc.Launcher$AppClassLoader@3d4eac69<ma...@3d4eac69>
PD Principals: <no principals>
policy: evaluate codesources:
Policy CodeSource: (file:/usr/java/jdk1.8.0_162/jre/lib/- <no signer certificates>)
Active CodeSource: (file:/home/ilas/tomcat8.5_tech/apache-tomcat-8.5.35/bin/tomcat-juli.jar <no signer certificates>)
Thanks
Mohan
DISCLAIMER: This communication contains information which is confidential and the copyright of Ramco Systems Ltd, its subsidiaries or a third party ("Ramco"). This email may also contain legally privileged information. Confidentiality and legal privilege attached to this communication are not waived or lost by reason of mistaken delivery to you.This email is intended to be read or used by the addressee only. If you are not the intended recipient, any use, distribution, disclosure or copying of this email is strictly prohibited without the express written approval of Ramco. Please delete and destroy all copies and email Ramco at Legal@ramco.com immediately. Any views expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views of Ramco. Except as required by law, Ramco does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference. If you do not wish to receive such communications, please forward this communication to marketing@ramco.com and express your wish not to receive such communications henceforth.
Re: Help Needed
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mohan,
On 8/5/21 23:51, Mohan T wrote:
> Dear All,
>
> We are using Tomcat 8.5 on Suse LINUX.
>
> We enabled JAvA security in tomcat and invoking the Catalina.sh. We are facing some permission issues in the environment.
>
> We could see the below error messages.
>
> access: access allowed ("java.util.logging.LoggingPermission" "control")
> java.lang.Exception: Stack trace
> at java.lang.Thread.dumpStack(Thread.java:1336)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:419)
> at java.security.AccessController.checkPermission(AccessController.java:884)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.util.logging.LogManager.checkPermission(LogManager.java:1586)
> at java.util.logging.Logger.checkPermission(Logger.java:422)
> at java.util.logging.Logger.removeHandler(Logger.java:1764)
> at org.apache.juli.ClassLoaderLogManager.resetLoggers(ClassLoaderLogManager.java:393)
> at org.apache.juli.ClassLoaderLogManager.shutdown(ClassLoaderLogManager.java:377)
> at org.apache.juli.ClassLoaderLogManager$Cleaner.run(ClassLoaderLogManager.java:81)
> policy: getPermissions:
> PD CodeSource: (file:/home/ilas/tomcat8.5_tech/apache-tomcat-8.5.35/bin/tomcat-juli.jar <no signer certificates>)
> PD ClassLoader: sun.misc.Launcher$AppClassLoader@3d4eac69
> PD Principals: <no principals>
> policy: evaluate codesources:
> Policy CodeSource: (file:/usr/java/jdk1.8.0_162/jre/lib/- <no signer certificates>)
> Active CodeSource: (file:/home/ilas/tomcat8.5_tech/apache-tomcat-8.5.35/bin/tomcat-juli.jar <no signer certificates>)
If you require signed JAR files, please use a more recent version of
Tomcat 8.5.x. I'm not sure when signing was introduced, but 8.5.35
nearly 3 years ago and definitely should be upgraded if you are
sensitive to security issues.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org