You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/03/07 17:27:30 UTC
DO NOT REPLY [Bug 17775] New: -
java.security.AccessControlException: access denied (java.io.FilePermission error
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17775>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17775
java.security.AccessControlException: access denied (java.io.FilePermission error
Summary: java.security.AccessControlException: access denied
(java.io.FilePermission error
Product: Tomcat 4
Version: 4.1.12
Platform: Macintosh
OS/Version: MacOS X
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: vinhta@vinniesoft.co.uk
CC: vinhta@vinniesoft.co.uk
I have notice a perculiar problem with the tomcat server regarding the
catalina.policy file.
when i start tomcat with -security, i understand i have to edit the
catalina.policy file so that application in my webapps directory can be read.
but for some reason when i use
grant codeBase "file:${catalina.home}/webapps/myapp/-" {
permission java.io.FilePermission "${catalina.home}/webapps/myapp/-",
"read,write,delete";
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
permission SocketPermission "localhost:1024-", "listen,connect,resolve";
permission java.util.PropertyPermission "*", "read,write";
}
this doesn't let me read anything in the "${catalina.home}/webapps/myapp/"
directory but it does let me read pages in sub folders of that directory e.g.
"${catalina.home}/webapps/myapp/images/"
so for instance if i goto
http://127.0.0.1:8080/myapp/ it will give me the following error
java.security.AccessControlException: access denied (java.io.FilePermission
/usr/local/jakarta-tomcat-4.1.12/webapps/myapp read)
but if i change the catalina.policy file so it is like below
grant codeBase "file:${catalina.home}/webapps/myapp/-" {
permission java.io.FilePermission "${catalina.home}/webapps/-", "read,write,delete";
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
permission SocketPermission "localhost:1024-", "listen,connect,resolve";
permission java.util.PropertyPermission "*", "read,write";
}
and then goto http://127.0.0.1:8080/myapp/ again the page works!!!!!
but i think this also mean that the above codeBase can write to any folder in
the webapps directory, which is not safe or secure.
I was wondering if this is a bug with your tomcat build or is it a bug with java
itself inc. policytool gui.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org