You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Barry Demchak <bd...@tpsoft.com> on 2008/10/24 01:59:29 UTC

Tomcat, CXF, Security Manager, and Permissions

Hi --

I have a Tomcat-based application that is able to perform a CXF-based 
web services call just fine when Tomcat security is turned off. When 
Tomcat security is on, the CXF-based web service call throws an 
execution error exception.

I assume that this occurs because I haven't provided some 
SecurityManager permissions in the Tomcat policy files.

Can anyone shed some light on this?? Is there a list of permissions 
that CXF needs in order to run with the Tomcat Security Manager??

Thanks! (Otherwise, I'll have to run with security disabled.)



vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
: Barry Demchak                          :
: UC San Diego                           :
: Computer Science Department            :
: https://sosa.ucsd.edu/people/bdemchak/ :
: (858) 452-8700                         :
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Re: Tomcat, CXF, Security Manager, and Permissions

Posted by Daniel Kulp <dk...@apache.org>.

I guess it depends on how strict the security manager is.   CXF, but it's 
nature, does a lot of things with reflection, examining annotations, etc...   
It also does some classloading things, it uses ASM to create some classes, 
etc...   There are a bunch of things that could potentially cause issues if 
the security manager is too strict.   That said, no idea how to debug 
it.   :-(    Propably remote attach to the tomcat instance and put a 
breakpoint in the security manager class and see what's causing it to throw 
stuff.

Dan

On Monday 27 October 2008 2:34:13 pm Barry Demchak wrote:
> Thanks, Sergey ...
>
> It's very hard to say, actually.
>
> The situation is that I'm making the CXF call from within a GWT
> (Google Web Toolkit) servlet. The CXF call is throwing an exception
> (Throwable, as far as I know), and when I try to forward the
> exception or do anything with it, something very bad happens. At that
> point, the whole GWT servlet call fails.
>
> Nothing gets written to the Tomcat log, or anywhere else I can see.
>
> The only thing I know beyond that is that this doesn't happen if I
> run Tomcat with no security at all.
>
> Hugely frustrating.
>
> Can you think of a way to troubleshoot this??
>
> Thanks.
>
> At 12:57 AM 10/24/2008, Sergey Beryozkin wrote:
> >Hi
> >
> >>Hi --
> >>I have a Tomcat-based application that is able to perform a
> >>CXF-based web services call just fine when Tomcat security is
> >>turned off. When Tomcat security is on, the CXF-based web service
> >>call throws an execution error exception.
> >>I assume that this occurs because I haven't provided some
> >>SecurityManager permissions in the Tomcat policy files.
> >
> >Or it can occur because CXF does not use
> >AccessController.doPrivileged in certain cases, what kind of
> >exception you're seeing ?
> >
> >Cheers, Sergey
> >
> >>Can anyone shed some light on this?? Is there a list of permissions
> >>that CXF needs in order to run with the Tomcat Security Manager??
> >>Thanks! (Otherwise, I'll have to run with security disabled.)
> >>
> >>vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
> >>
> >>: Barry Demchak                          :
> >>: UC San Diego                           :
> >>: Computer Science Department            :
> >>: https://sosa.ucsd.edu/people/bdemchak/ :
> >>: (858) 452-8700                         :
> >>
> >>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> >vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
> >
> >: Barry Demchak                          :
> >: UC San Diego                           :
> >: Computer Science Department            :
> >: https://sosa.ucsd.edu/people/bdemchak/ :
> >: (858) 452-8700                         :
> >
> >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog

Re: Tomcat, CXF, Security Manager, and Permissions

Posted by Barry Demchak <bd...@tpsoft.com>.

Thanks, Sergey ...

It's very hard to say, actually.

The situation is that I'm making the CXF call from within a GWT 
(Google Web Toolkit) servlet. The CXF call is throwing an exception 
(Throwable, as far as I know), and when I try to forward the 
exception or do anything with it, something very bad happens. At that 
point, the whole GWT servlet call fails.

Nothing gets written to the Tomcat log, or anywhere else I can see.

The only thing I know beyond that is that this doesn't happen if I 
run Tomcat with no security at all.

Hugely frustrating.

Can you think of a way to troubleshoot this??

Thanks.


At 12:57 AM 10/24/2008, Sergey Beryozkin wrote:
>Hi
>
>
>
>>Hi --
>>I have a Tomcat-based application that is able to perform a 
>>CXF-based web services call just fine when Tomcat security is 
>>turned off. When Tomcat security is on, the CXF-based web service 
>>call throws an execution error exception.
>>I assume that this occurs because I haven't provided some 
>>SecurityManager permissions in the Tomcat policy files.
>
>Or it can occur because CXF does not use 
>AccessController.doPrivileged in certain cases, what kind of 
>exception you're seeing ?
>
>Cheers, Sergey
>
>>Can anyone shed some light on this?? Is there a list of permissions 
>>that CXF needs in order to run with the Tomcat Security Manager??
>>Thanks! (Otherwise, I'll have to run with security disabled.)
>>
>>vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
>>: Barry Demchak                          :
>>: UC San Diego                           :
>>: Computer Science Department            :
>>: https://sosa.ucsd.edu/people/bdemchak/ :
>>: (858) 452-8700                         :
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
>: Barry Demchak                          :
>: UC San Diego                           :
>: Computer Science Department            :
>: https://sosa.ucsd.edu/people/bdemchak/ :
>: (858) 452-8700                         :
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Re: Tomcat, CXF, Security Manager, and Permissions

Posted by Sergey Beryozkin <se...@progress.com>.

Hi



> Hi --
> 
> I have a Tomcat-based application that is able to perform a CXF-based 
> web services call just fine when Tomcat security is turned off. When 
> Tomcat security is on, the CXF-based web service call throws an 
> execution error exception.
> 
> I assume that this occurs because I haven't provided some 
> SecurityManager permissions in the Tomcat policy files.

Or it can occur because CXF does not use AccessController.doPrivileged in certain cases, what kind of exception you're seeing ?

Cheers, Sergey

> 
> Can anyone shed some light on this?? Is there a list of permissions 
> that CXF needs in order to run with the Tomcat Security Manager??
> 
> Thanks! (Otherwise, I'll have to run with security disabled.)
> 
> 
> 
> vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
> : Barry Demchak                          :
> : UC San Diego                           :
> : Computer Science Department            :
> : https://sosa.ucsd.edu/people/bdemchak/ :
> : (858) 452-8700                         :
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
>