You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by James Woods <ja...@symbionetworks.com> on 2005/12/02 07:37:46 UTC

How to get security policy grants to work with principals

Hi,
 
I'm trying to implement a security policy on Tomcat 5.0.25. It works
fine with grants of the form
 
grant codeBase "file:<jarfile path>" {
    permission ..
};
 
However when I try a grant of the form 
 
grant codeBase "file:<jarfile path>", principal <classname> "username" {
    permission ..
};
 
I get a java.lang.ClassCircularityError exception with the name of the
principal class in the exception's description. I take it that in
refreshing the policy tomcat is trying to check the permission to open
the principal class and in order to do so it tries to refresh the
policy, which in turn tries to check the permission to open the
principal class and hence I get a ClassCircularityError exception.
 
All the documentation I have seen only refers to the first form of
grant. Any ideas anyone?
 
Here's an example of the exception stack trace:
 
java.lang.ClassCircularityError:
com/symbio/sona/security/principal/UserPrincipal
            java.lang.Class.forName0(Native Method)
            java.lang.Class.forName(Class.java:219)
 
sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1335)
 
sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1238)
 
sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1201)
 
sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1144)
 
sun.security.provider.PolicyFile.implies(PolicyFile.java:1099)
 
java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
 
java.security.AccessControlContext.checkPermission(AccessControlContext.
java:254)
 
java.security.AccessController.checkPermission(AccessController.java:401
)
 
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
 
java.lang.SecurityManager.checkRead(SecurityManager.java:863)
            java.io.File.exists(File.java:678)
 
org.apache.naming.resources.FileDirContext.file(FileDirContext.java:826)
 
org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:20
8)
 
org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:
287)
 
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(Webapp
ClassLoader.java:1707)
 
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappCla
ssLoader.java:1575)
 
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader
.java:860)
 
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader
.java:1307)
 
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader
.java:1189)
 
java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
            java.lang.Class.forName0(Native Method)
            java.lang.Class.forName(Class.java:219)
 
sun.security.provider.PolicyFile.addPermissions(PolicyFile.java:1335)
 
sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1238)
 
sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1201)
 
sun.security.provider.PolicyFile.getPermissions(PolicyFile.java:1144)
 
sun.security.provider.PolicyFile.implies(PolicyFile.java:1099)
 
java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
 
java.security.AccessControlContext.checkPermission(AccessControlContext.
java:254)
 
java.security.AccessController.checkPermission(AccessController.java:401
)
 
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
 
java.lang.SecurityManager.checkRead(SecurityManager.java:863)
            java.io.File.exists(File.java:678)
 
org.apache.naming.resources.FileDirContext.file(FileDirContext.java:826)
 
org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:20
8)
 
org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:
287)
 
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(Webapp
ClassLoader.java:1707)
 
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappCla
ssLoader.java:1575)
 
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader
.java:860)
 
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader
.java:1307)
 
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader
.java:1189)
 
java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
            org.apache.jsp.index_jsp._jspService(index_jsp.java:85)
 
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
            javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
            sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
            java.lang.reflect.Method.invoke(Method.java:324)
 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:241)
            java.security.AccessController.doPrivileged(Native Method)
            javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
 
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:268)
 
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.jav
a:157)