You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ode.apache.org by Christian Fonden <ch...@die-rooter.de> on 2008/12/08 14:08:55 UTC
ODE/Tomcat Setup with java security manager enabled
Hello ODE users list,
I'm new to Apache ODE and Tomcat and just have set up ODE successfully under debian linux.
During the Setup process I encountered the following Exception Stack Trace when trying to access the ODE Url:
org.apache.jasper.JasperException: access denied (java.lang.RuntimePermission
accessClassInPackage.org.apache.jasper.compiler)
org.apache.jasper.compiler.JspConfig.processWebDotXml(JspConfig.java:185)
org.apache.jasper.compiler.JspConfig.init(JspConfig.java:198)
Causing an HTTP 500 Error.
When turning off the Tomcat Security settings in the /etc/init.d/tomcat55 startup script
in
# Use the Java security manager? (yes/no)
TOMCAT5_SECURITY=yes (changed to no later)
everything works fine. The axis2 start page is loading correctly when accessing the ODE url.
As turning off the TOMCAT5_SECURITY setting does not seem to be a very trustworthy solution, my question is:
How can I get ODE working without turning off that option in the tomcat settings.
greets
Chris
Re: ODE/Tomcat Setup with java security manager enabled
Posted by Christian Fonden <ch...@die-rooter.de>.
Ok, then I think I'm supposed to learn more about the tomcat sandbox before
investigating that feature. When I found out more and think it's worth the
work I'm going to tell you over the ode list.
Thanks for your help
chris
----- Original Message -----
From: "Alex Boisvert" <bo...@intalio.com>
To: <us...@ode.apache.org>
Sent: Tuesday, December 09, 2008 8:33 PM
Subject: Re: ODE/Tomcat Setup with java security manager enabled
> Understood; but if it means no webapps can read/write to disk, then
> there's
> a problem. I think you're the first to try to run Ode in this
> configuration. We would need to understand the limitations when running
> in
> that mode and address each issue individually. Whether it's worth it or
> not, I don't know.
>
> alex
>
>
> On Tue, Dec 9, 2008 at 11:26 AM, Christian Fonden <
> christian.fonden@die-rooter.de> wrote:
>
>> Hi Alex,
>>
>> it seems that the java security manager is enabled with that flag.
>>
>> In my oppinion this is something similar to a sandbox for java code
>> running as a servlet, hosted by the tomcat webserver.
>> In the past two years I worked with the Microsoft IIS Webserver and I
>> think
>> the java security manager can be compared with the dotnet CLR runtime of
>> a
>> dotnet web app hosted in the IIS.
>>
>> Please correct me if I'm wrong....
>>
>>
>> greets
>> Chris
>>
>> ----- Original Message ----- From: "Alex Boisvert" <bo...@intalio.com>
>> To: <us...@ode.apache.org>
>> Sent: Monday, December 08, 2008 7:44 PM
>> Subject: Re: ODE/Tomcat Setup with java security manager enabled
>>
>>
>>
>> What does the TOMCAT5_SECURITY setting actually do?
>>>
>>> alex
>>>
>>> On Mon, Dec 8, 2008 at 5:08 AM, Christian Fonden <
>>> christian.fonden@die-rooter.de> wrote:
>>>
>>> Hello ODE users list,
>>>>
>>>> I'm new to Apache ODE and Tomcat and just have set up ODE successfully
>>>> under debian linux.
>>>>
>>>> During the Setup process I encountered the following Exception Stack
>>>> Trace
>>>> when trying to access the ODE Url:
>>>> org.apache.jasper.JasperException: access denied
>>>> (java.lang.RuntimePermission
>>>>
>>>> accessClassInPackage.org.apache.jasper.compiler)
>>>>
>>>> org.apache.jasper.compiler.JspConfig.processWebDotXml(JspConfig.java:185)
>>>> org.apache.jasper.compiler.JspConfig.init(JspConfig.java:198)
>>>>
>>>> Causing an HTTP 500 Error.
>>>>
>>>> When turning off the Tomcat Security settings in the
>>>> /etc/init.d/tomcat55
>>>> startup script
>>>> in
>>>> # Use the Java security manager? (yes/no)
>>>> TOMCAT5_SECURITY=yes (changed to no later)
>>>>
>>>> everything works fine. The axis2 start page is loading correctly when
>>>> accessing the ODE url.
>>>>
>>>> As turning off the TOMCAT5_SECURITY setting does not seem to be a very
>>>> trustworthy solution, my question is:
>>>>
>>>> How can I get ODE working without turning off that option in the tomcat
>>>> settings.
>>>>
>>>>
>>>> greets
>>>> Chris
>>>>
>>>
>>>
>>
>
Re: ODE/Tomcat Setup with java security manager enabled
Posted by Alex Boisvert <bo...@intalio.com>.
Understood; but if it means no webapps can read/write to disk, then there's
a problem. I think you're the first to try to run Ode in this
configuration. We would need to understand the limitations when running in
that mode and address each issue individually. Whether it's worth it or
not, I don't know.
alex
On Tue, Dec 9, 2008 at 11:26 AM, Christian Fonden <
christian.fonden@die-rooter.de> wrote:
> Hi Alex,
>
> it seems that the java security manager is enabled with that flag.
>
> In my oppinion this is something similar to a sandbox for java code
> running as a servlet, hosted by the tomcat webserver.
> In the past two years I worked with the Microsoft IIS Webserver and I think
> the java security manager can be compared with the dotnet CLR runtime of a
> dotnet web app hosted in the IIS.
>
> Please correct me if I'm wrong....
>
>
> greets
> Chris
>
> ----- Original Message ----- From: "Alex Boisvert" <bo...@intalio.com>
> To: <us...@ode.apache.org>
> Sent: Monday, December 08, 2008 7:44 PM
> Subject: Re: ODE/Tomcat Setup with java security manager enabled
>
>
>
> What does the TOMCAT5_SECURITY setting actually do?
>>
>> alex
>>
>> On Mon, Dec 8, 2008 at 5:08 AM, Christian Fonden <
>> christian.fonden@die-rooter.de> wrote:
>>
>> Hello ODE users list,
>>>
>>> I'm new to Apache ODE and Tomcat and just have set up ODE successfully
>>> under debian linux.
>>>
>>> During the Setup process I encountered the following Exception Stack
>>> Trace
>>> when trying to access the ODE Url:
>>> org.apache.jasper.JasperException: access denied
>>> (java.lang.RuntimePermission
>>>
>>> accessClassInPackage.org.apache.jasper.compiler)
>>>
>>> org.apache.jasper.compiler.JspConfig.processWebDotXml(JspConfig.java:185)
>>> org.apache.jasper.compiler.JspConfig.init(JspConfig.java:198)
>>>
>>> Causing an HTTP 500 Error.
>>>
>>> When turning off the Tomcat Security settings in the /etc/init.d/tomcat55
>>> startup script
>>> in
>>> # Use the Java security manager? (yes/no)
>>> TOMCAT5_SECURITY=yes (changed to no later)
>>>
>>> everything works fine. The axis2 start page is loading correctly when
>>> accessing the ODE url.
>>>
>>> As turning off the TOMCAT5_SECURITY setting does not seem to be a very
>>> trustworthy solution, my question is:
>>>
>>> How can I get ODE working without turning off that option in the tomcat
>>> settings.
>>>
>>>
>>> greets
>>> Chris
>>>
>>
>>
>
RE: Catch error message
Posted by "Jackson, Douglas" <do...@siemens.com>.
Alex,
DOH! I was still using BPEL 1.1 syntax.
Thanks for your time!
-Doug.
-----Original Message-----
From: Alex Boisvert [mailto:boisvert@intalio.com]
Sent: Tuesday, January 06, 2009 4:32 PM
To: user@ode.apache.org
Subject: Re: Catch error message
Hi Douglas,
The catch activity syntax is:
<catch faultName="QName"?
faultVariable="BPELVariableName"?
( faultMessageType="QName" | faultElement="QName" )? >*
activity
</catch>
so you are missing either the faultMessageType or the faultElement
attribute.
BTW, the "name" attribute should be a ncname (not a qname), and the variable
does not need to be defined earlier. It's defined in the catch itself.
alex
On Tue, Jan 6, 2009 at 1:04 PM, Jackson, Douglas <
douglas.s.jackson@siemens.com> wrote:
> Hi!
> The following message does not look right to me. Does it have something to
> do with a mismatch between the name and the variable?
>
> The namespace prefixes are declared, and other parts of the wsdl work fine
> (i.e. the invoke related to the catch).
>
> The error makes me think that a messageType or elementType variable is
> required and I have that...
>
> -Doug.
>
>
>
> org.apache.ode.bpel.iapi.ContextException: Deploy failed; error:
> [CompilationErrors] Compilation completed with 1 error(s):
> null:626: error: [VariableDeclMissingType] Declaration of variable
> "abort-fault-msg" does not specify the required type (either MessageType or
> ElementType).
>
>
> Here is the offending line:
>
> <catch name="fault:XSException" faultVariable="abort-fault-msg">
>
> Here are the decls:
>
> <variable name="abort-fault-msg"
> messageType="abortws:abort-fault-msg"/>
>
> From abortws:
> <wsdl:message name="abort-fault-msg">
> <wsdl:part name="abort-fault-part" element="fault:XSException"/>
> </wsdl:message>
>
> From fault:
> <xsd:element name="XSException" type="fault:exception-type"/>
>
>
>
Re: Catch error message
Posted by Alex Boisvert <bo...@intalio.com>.
Hi Douglas,
The catch activity syntax is:
<catch faultName="QName"?
faultVariable="BPELVariableName"?
( faultMessageType="QName" | faultElement="QName" )? >*
activity
</catch>
so you are missing either the faultMessageType or the faultElement
attribute.
BTW, the "name" attribute should be a ncname (not a qname), and the variable
does not need to be defined earlier. It's defined in the catch itself.
alex
On Tue, Jan 6, 2009 at 1:04 PM, Jackson, Douglas <
douglas.s.jackson@siemens.com> wrote:
> Hi!
> The following message does not look right to me. Does it have something to
> do with a mismatch between the name and the variable?
>
> The namespace prefixes are declared, and other parts of the wsdl work fine
> (i.e. the invoke related to the catch).
>
> The error makes me think that a messageType or elementType variable is
> required and I have that...
>
> -Doug.
>
>
>
> org.apache.ode.bpel.iapi.ContextException: Deploy failed; error:
> [CompilationErrors] Compilation completed with 1 error(s):
> null:626: error: [VariableDeclMissingType] Declaration of variable
> "abort-fault-msg" does not specify the required type (either MessageType or
> ElementType).
>
>
> Here is the offending line:
>
> <catch name="fault:XSException" faultVariable="abort-fault-msg">
>
> Here are the decls:
>
> <variable name="abort-fault-msg"
> messageType="abortws:abort-fault-msg"/>
>
> From abortws:
> <wsdl:message name="abort-fault-msg">
> <wsdl:part name="abort-fault-part" element="fault:XSException"/>
> </wsdl:message>
>
> From fault:
> <xsd:element name="XSException" type="fault:exception-type"/>
>
>
>
Catch error message
Posted by "Jackson, Douglas" <do...@siemens.com>.
Hi!
The following message does not look right to me. Does it have something to do with a mismatch between the name and the variable?
The namespace prefixes are declared, and other parts of the wsdl work fine (i.e. the invoke related to the catch).
The error makes me think that a messageType or elementType variable is required and I have that...
-Doug.
org.apache.ode.bpel.iapi.ContextException: Deploy failed; error: [CompilationErrors] Compilation completed with 1 error(s):
null:626: error: [VariableDeclMissingType] Declaration of variable "abort-fault-msg" does not specify the required type (either MessageType or ElementType).
Here is the offending line:
<catch name="fault:XSException" faultVariable="abort-fault-msg">
Here are the decls:
<variable name="abort-fault-msg" messageType="abortws:abort-fault-msg"/>
>From abortws:
<wsdl:message name="abort-fault-msg">
<wsdl:part name="abort-fault-part" element="fault:XSException"/>
</wsdl:message>
>From fault:
<xsd:element name="XSException" type="fault:exception-type"/>
Re: ODE/Tomcat Setup with java security manager enabled
Posted by Christian Fonden <ch...@die-rooter.de>.
Hi Alex,
it seems that the java security manager is enabled with that flag.
In my oppinion this is something similar to a sandbox for java code running
as a servlet, hosted by the tomcat webserver.
In the past two years I worked with the Microsoft IIS Webserver and I think
the java security manager can be compared with the dotnet CLR runtime of a
dotnet web app hosted in the IIS.
Please correct me if I'm wrong....
greets
Chris
----- Original Message -----
From: "Alex Boisvert" <bo...@intalio.com>
To: <us...@ode.apache.org>
Sent: Monday, December 08, 2008 7:44 PM
Subject: Re: ODE/Tomcat Setup with java security manager enabled
> What does the TOMCAT5_SECURITY setting actually do?
>
> alex
>
> On Mon, Dec 8, 2008 at 5:08 AM, Christian Fonden <
> christian.fonden@die-rooter.de> wrote:
>
>> Hello ODE users list,
>>
>> I'm new to Apache ODE and Tomcat and just have set up ODE successfully
>> under debian linux.
>>
>> During the Setup process I encountered the following Exception Stack
>> Trace
>> when trying to access the ODE Url:
>> org.apache.jasper.JasperException: access denied
>> (java.lang.RuntimePermission
>>
>> accessClassInPackage.org.apache.jasper.compiler)
>>
>> org.apache.jasper.compiler.JspConfig.processWebDotXml(JspConfig.java:185)
>> org.apache.jasper.compiler.JspConfig.init(JspConfig.java:198)
>>
>> Causing an HTTP 500 Error.
>>
>> When turning off the Tomcat Security settings in the /etc/init.d/tomcat55
>> startup script
>> in
>> # Use the Java security manager? (yes/no)
>> TOMCAT5_SECURITY=yes (changed to no later)
>>
>> everything works fine. The axis2 start page is loading correctly when
>> accessing the ODE url.
>>
>> As turning off the TOMCAT5_SECURITY setting does not seem to be a very
>> trustworthy solution, my question is:
>>
>> How can I get ODE working without turning off that option in the tomcat
>> settings.
>>
>>
>> greets
>> Chris
>
Re: ODE/Tomcat Setup with java security manager enabled
Posted by Alex Boisvert <bo...@intalio.com>.
What does the TOMCAT5_SECURITY setting actually do?
alex
On Mon, Dec 8, 2008 at 5:08 AM, Christian Fonden <
christian.fonden@die-rooter.de> wrote:
> Hello ODE users list,
>
> I'm new to Apache ODE and Tomcat and just have set up ODE successfully
> under debian linux.
>
> During the Setup process I encountered the following Exception Stack Trace
> when trying to access the ODE Url:
> org.apache.jasper.JasperException: access denied
> (java.lang.RuntimePermission
>
> accessClassInPackage.org.apache.jasper.compiler)
> org.apache.jasper.compiler.JspConfig.processWebDotXml(JspConfig.java:185)
> org.apache.jasper.compiler.JspConfig.init(JspConfig.java:198)
>
> Causing an HTTP 500 Error.
>
> When turning off the Tomcat Security settings in the /etc/init.d/tomcat55
> startup script
> in
> # Use the Java security manager? (yes/no)
> TOMCAT5_SECURITY=yes (changed to no later)
>
> everything works fine. The axis2 start page is loading correctly when
> accessing the ODE url.
>
> As turning off the TOMCAT5_SECURITY setting does not seem to be a very
> trustworthy solution, my question is:
>
> How can I get ODE working without turning off that option in the tomcat
> settings.
>
>
> greets
> Chris