You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by George Sexton <gs...@mhsoftware.com> on 2006/01/20 19:13:58 UTC
Security Manager
I tried running 5.5.14 with -security specified and got this error:
Using Security Manager
Listening for transport dt_socket at address: 7100
Could not load Logmanager "org.apache.juli.ClassLoaderLogManager"
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
shutdownHooks)
at
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:264)
at
java.security.AccessController.checkPermission(AccessController.java:
427)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
My solution was to add:
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.security.AllPermission;
};
To the catalina.policy file. Is this correct?
George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
RE: Security Manager
Posted by George Sexton <gs...@mhsoftware.com>.
Yet more. It seems by specification (SRV.3.7.1)
grant {
permission java.io.FilePermission "${catalina.base}/temp/-", "read,
write","delete";
permission java.util.PropertyPermission "javax.servlet.context.tempdir",
"read";
};
Really should be set so.
George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
> -----Original Message-----
> From: George Sexton [mailto:gsexton@mhsoftware.com]
> Sent: Friday, January 20, 2006 11:14 AM
> To: 'Tomcat Developers List'
> Subject: Security Manager
>
> I tried running 5.5.14 with -security specified and got this error:
>
> Using Security Manager
> Listening for transport dt_socket at address: 7100
> Could not load Logmanager "org.apache.juli.ClassLoaderLogManager"
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission
> shutdownHooks)
> at
> java.security.AccessControlContext.checkPermission(AccessControlConte
> xt.java:264)
> at
> java.security.AccessController.checkPermission(AccessController.java:
> 427)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>
>
> My solution was to add:
>
> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
> permission java.security.AllPermission;
> };
>
> To the catalina.policy file. Is this correct?
>
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
RE: Security Manager
Posted by George Sexton <gs...@mhsoftware.com>.
It also seems to me the policy file should have:
grant codeBase "file:${catalina.base}/shared/-" {
permission java.security.AllPermission;
};
And
permission java.util.PropertyPermission "java.io.tmpdir", "read";
George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
> -----Original Message-----
> From: George Sexton [mailto:gsexton@mhsoftware.com]
> Sent: Friday, January 20, 2006 11:14 AM
> To: 'Tomcat Developers List'
> Subject: Security Manager
>
> I tried running 5.5.14 with -security specified and got this error:
>
> Using Security Manager
> Listening for transport dt_socket at address: 7100
> Could not load Logmanager "org.apache.juli.ClassLoaderLogManager"
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission
> shutdownHooks)
> at
> java.security.AccessControlContext.checkPermission(AccessControlConte
> xt.java:264)
> at
> java.security.AccessController.checkPermission(AccessController.java:
> 427)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>
>
> My solution was to add:
>
> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
> permission java.security.AllPermission;
> };
>
> To the catalina.policy file. Is this correct?
>
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
RE: Security Manager
Posted by George Sexton <gs...@mhsoftware.com>.
It also seems to me the policy file should have:
grant codeBase "file:${catalina.base}/shared/-" {
permission java.security.AllPermission;
};
George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
> -----Original Message-----
> From: George Sexton [mailto:gsexton@mhsoftware.com]
> Sent: Friday, January 20, 2006 11:14 AM
> To: 'Tomcat Developers List'
> Subject: Security Manager
>
> I tried running 5.5.14 with -security specified and got this error:
>
> Using Security Manager
> Listening for transport dt_socket at address: 7100
> Could not load Logmanager "org.apache.juli.ClassLoaderLogManager"
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission
> shutdownHooks)
> at
> java.security.AccessControlContext.checkPermission(AccessControlConte
> xt.java:264)
> at
> java.security.AccessController.checkPermission(AccessController.java:
> 427)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>
>
> My solution was to add:
>
> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
> permission java.security.AllPermission;
> };
>
> To the catalina.policy file. Is this correct?
>
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org