You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/03/07 17:27:30 UTC

DO NOT REPLY [Bug 17775] New: - java.security.AccessControlException: access denied (java.io.FilePermission error

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17775>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17775

java.security.AccessControlException: access denied (java.io.FilePermission error

           Summary: java.security.AccessControlException: access denied
                    (java.io.FilePermission error
           Product: Tomcat 4
           Version: 4.1.12
          Platform: Macintosh
        OS/Version: MacOS X
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: vinhta@vinniesoft.co.uk
                CC: vinhta@vinniesoft.co.uk


I have notice a perculiar problem with the tomcat server regarding the
catalina.policy file.

when i start tomcat with -security, i understand i have to edit the
catalina.policy file so that application in my webapps directory can be read.

but for some reason when i use 

grant codeBase "file:${catalina.home}/webapps/myapp/-" {
permission java.io.FilePermission "${catalina.home}/webapps/myapp/-",
"read,write,delete";
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
permission SocketPermission "localhost:1024-", "listen,connect,resolve";
 permission java.util.PropertyPermission "*", "read,write";

}

this doesn't let me read anything in the "${catalina.home}/webapps/myapp/"
directory but it does let me read pages in sub folders of that directory e.g.
"${catalina.home}/webapps/myapp/images/"

so for instance if i goto 

http://127.0.0.1:8080/myapp/ it will give me the following error

 java.security.AccessControlException: access denied (java.io.FilePermission
/usr/local/jakarta-tomcat-4.1.12/webapps/myapp read)

but if i change the catalina.policy file so it is like below

grant codeBase "file:${catalina.home}/webapps/myapp/-" {
permission java.io.FilePermission "${catalina.home}/webapps/-", "read,write,delete";
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
permission SocketPermission "localhost:1024-", "listen,connect,resolve";
 permission java.util.PropertyPermission "*", "read,write";
}

and then goto http://127.0.0.1:8080/myapp/ again the page works!!!!!

but i think this also mean that the above codeBase can write to any folder in
the webapps directory, which is not safe or secure.

I was wondering if this is a bug with your tomcat build or is it a bug with java
itself inc. policytool gui.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org