Re: ubuntu 9.10 tomcat6 security manager blocks access to system.properties

[Konstantin Kolinko <kn...@gmail.com>]

2009/12/23 Mike Power <mp...@alumni.calpoly.edu>:
> I am not sure if I am reading the stack trace right.  I have a war that
> is trying to read its configuration from the system.properties.
>
> It seems that tomcat6 is apply read write checks on calls to
> java.lang.System.getProperties.  Am I observing the details correctly?
> That seems to be the wrong permission check to make as a result the
> application can not initialized.
>
> Caused by: java.security.AccessControlException: access denied
> (java.util.PropertyPermission * read,write)
>       at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
>       at
> java.security.AccessController.checkPermission(AccessController.java:553)
>       at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>       at
> java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1269)
>       at java.lang.System.getProperties(System.java:599)
>       at
> org.sonatype.nexus.web.PlexusContainerConfigurationUtils.buildContext(PlexusContainerConfigurationUtils.java:93)
>

Start reading here:
http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html

Also
http://java.sun.com/javase/technologies/security/index.jsp
http://java.sun.com/javase/6/docs/technotes/guides/security/PolicyFiles.html

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: ubuntu 9.10 tomcat6 security manager blocks access to system.properties

[Konstantin Kolinko <kn...@gmail.com>]

2009/12/23 Mike Power <mp...@alumni.calpoly.edu>:
> This is not useful information I have read this.
>
> It does not  answer my specific question.
> Is it or is it no wrong for a read request via
> java.lang.System.getProperties to trigger an access request for both read
> and write permissions?
>
>
> Konstantin Kolinko wrote:
>>
>> 2009/12/23 Mike Power <mp...@alumni.calpoly.edu>:
>>
>>>
>>> I am not sure if I am reading the stack trace right.  I have a war that
>>> is trying to read its configuration from the system.properties.
>>>
>>> It seems that tomcat6 is apply read write checks on calls to
>>> java.lang.System.getProperties.  Am I observing the details correctly?
>>> That seems to be the wrong permission check to make as a result the
>>> application can not initialized.
>>>
>>> Caused by: java.security.AccessControlException: access denied
>>> (java.util.PropertyPermission * read,write)
>>>      at
>>>
>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
>>>      at
>>> java.security.AccessController.checkPermission(AccessController.java:553)
>>>      at
>>> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>>>      at
>>>
>>> java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1269)
>>>      at java.lang.System.getProperties(System.java:599)
>>>      at
>>>
>>> org.sonatype.nexus.web.PlexusContainerConfigurationUtils.buildContext(PlexusContainerConfigurationUtils.java:93)
>>>
>>>
>>
>> Start reading here:
>> http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
>>
>> Also
>> http://java.sun.com/javase/technologies/security/index.jsp
>>
>> http://java.sun.com/javase/6/docs/technotes/guides/security/PolicyFiles.html
>>
>> Best regards,
>> Konstantin Kolinko
>>

1. Do not top-post
2. You are asking whether "java.lang.System.getProperties" should
check for write + read ?  That is not our code, so this it is
off-topic here.
3. My personal opinion, though, is that code that is supposed to run
under SecurityManager, should use System.getProperty(), not
System.getProperties(). Asking for read access to all properties is
certainly too much for common usage.   Also I suppose that the map
returned by getProperties() allows both reading and writing, though I
never tried the latter.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: ubuntu 9.10 tomcat6 security manager blocks access to system.properties

[Mike Power <mp...@alumni.calpoly.edu>]

This is not useful information I have read this.

It does not  answer my specific question. 

Is it or is it no wrong for a read request via 
java.lang.System.getProperties to trigger an access request for both 
read and write permissions?


Konstantin Kolinko wrote:
> 2009/12/23 Mike Power <mp...@alumni.calpoly.edu>:
>   
>> I am not sure if I am reading the stack trace right.  I have a war that
>> is trying to read its configuration from the system.properties.
>>
>> It seems that tomcat6 is apply read write checks on calls to
>> java.lang.System.getProperties.  Am I observing the details correctly?
>> That seems to be the wrong permission check to make as a result the
>> application can not initialized.
>>
>> Caused by: java.security.AccessControlException: access denied
>> (java.util.PropertyPermission * read,write)
>>       at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
>>       at
>> java.security.AccessController.checkPermission(AccessController.java:553)
>>       at
>> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>>       at
>> java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1269)
>>       at java.lang.System.getProperties(System.java:599)
>>       at
>> org.sonatype.nexus.web.PlexusContainerConfigurationUtils.buildContext(PlexusContainerConfigurationUtils.java:93)
>>
>>     
>
> Start reading here:
> http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
>
> Also
> http://java.sun.com/javase/technologies/security/index.jsp
> http://java.sun.com/javase/6/docs/technotes/guides/security/PolicyFiles.html
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>