You are viewing a plain text version of this content. The canonical link for it is here.
Posted to xindice-users@xml.apache.org by prasub <we...@gmail.com> on 2009/06/02 19:49:47 UTC
Tomcat permissions issue when trying to load xindice configuration
I am new to Tomcat and Xindice. I have successfully configured and built
xindice (as per the documentation). Now when I try to visit the following
link:
http://localhost:8080/xindice
I get the following error message:
____________
exception
javax.servlet.ServletException: Servlet.init() for servlet xindice threw
exception
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
java.lang.Thread.run(Thread.java:636)
root cause
org.apache.xindice.util.ConfigurationException: Failed to load
configuration.
org.apache.xindice.server.XindiceServlet.loadConfiguration(XindiceServlet.java:267)
org.apache.xindice.server.XindiceServlet.init(XindiceServlet.java:105)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:616)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
java.lang.Thread.run(Thread.java:636)
root cause
java.security.AccessControlException: access denied
(java.util.PropertyPermission xindice.configuration read)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
java.security.AccessController.checkPermission(AccessController.java:553)
java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
java.lang.System.getProperty(System.java:669)
org.apache.xindice.server.XindiceServlet.loadConfiguration(XindiceServlet.java:232)
org.apache.xindice.server.XindiceServlet.init(XindiceServlet.java:105)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:616)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
java.lang.Thread.run(Thread.java:636)
____________
I have followed the instruction listed out on xindice installation howto
page. The one thing that is not clear is where should the
<context>..</context> info of xindice.xml be appended to in the server.xml
file? I added it as a child under the <host> tag and later moved it as a
sibling to <host> tag. Both instances didn't make a difference.
Since, I am new to Java as well as Tomcat, I am unable to narrow down on the
security settings of Tomcat. I even checked my tomcat6 startup script and
there is no mention of starting the service with security ON.
Can someone help me out on how to configure and run xindice with tomcat?
Thanks in advance.
--
View this message in context: http://www.nabble.com/Tomcat-permissions-issue-when-trying-to-load-xindice-configuration-tp23837520p23837520.html
Sent from the Xindice - Users mailing list archive at Nabble.com.
Re: Tomcat permissions issue when trying to load xindice configuration
Posted by Natalia Shilenkova <ns...@gmail.com>.
On Jun 3, 2009, at 11:09 PM, prasub wrote:
> __________
> OS: Linux Mint 6 (Felicia) - I suppose, it is built on Ubuntu 8.10
> Tomcat version: Tomcat 6.0.18-ubuntu3.1 (from package manager)
> __________
>
> I usually issue the following command to restart the Tomcat Webserver.
>
> mymachine@localhost /etc/init.d $ sudo ./tomcat6 restart
>
> A grep on my tomcat6 for the security word yielded the following
> result:
> _____________
> mylogin@mymachine /etc/init.d $ more tomcat6 | grep -i security
> # Use the Java security manager? (yes/no)
> TOMCAT6_SECURITY=yes
> if [ "$TOMCAT6_SECURITY" = "yes" ]; then
> JAVA_OPTS="$JAVA_OPTS -Djava.security.manager
> -Djava.security.policy=$POLICY_CACHE"
> _____________
>
> I guess, I should be turning off security with the option "no". But
> then, is
> this the best way or do you recommend a better approach to let
> xindice run
> with proper permissions? If you suggest an alternative approach, can
> you
> please list out the steps to enable permissions for xindice. I
> think, it
> will be very useful to me as well as for someone else.
>
> In fact there is an earlier discussion in this forum (i think so) that
> touches the same issue. Except that, it didn't end up with how
> exactly the
> person (who had a similar issue with some earlier version of Tomcat)
> cleaned
> up/disabled the "security" word in his Tomcat startup script.
>
That's what I think your options are:
1. Run Xindice under Jetty. Jetty is a servlet container that's
included with Xindice distribution and can be started with "xindiced
start" command.
2. Turn off Tomcat's security manager. That option has security
implications, however, and would affect other applications deployed
under Tomcat.
3. Add new section to the security policy file to grant all
permissions to Xindice:
grant codeBase "file:${catalina.home}/webapps/xindice/-" {
permission java.security.AllPermission;
};
4. Add new section to the security policy file that grants only the
permissions that are required to run Xindice. This is the part of it:
grant codeBase "file:${catalina.home}/webapps/xindice/-" {
permission java.util.PropertyPermission "xindice.home", "read";
permission java.util.PropertyPermission "xindice.db.home", "read";
permission java.util.PropertyPermission "xindice.configuration",
"read";
permission java.util.PropertyPermission
"org.xmldb.common.xml.queries.XPathQueryFactory", "write";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.io.FilePermission "<<ALL FILES>>",
"read,write,delete";
};
This is not finished (was taking a bit longer than I thought :)), and
"<<ALL FILES>>" token has to be replaced with database location... But
you can get the picture.
The best approach, as always, depends on circumstances.
Regards,
Natalia
Re: Tomcat permissions issue when trying to load xindice
configuration
Posted by prasub <we...@gmail.com>.
>
>For some reason the version of Tomcat that you have starts with
security manager... Do you know the exact version of Tomcat installed?
How do you start it? Also, can you please tell me what OS you use?
>
__________
OS: Linux Mint 6 (Felicia) - I suppose, it is built on Ubuntu 8.10
Tomcat version: Tomcat 6.0.18-ubuntu3.1 (from package manager)
__________
I usually issue the following command to restart the Tomcat Webserver.
mymachine@localhost /etc/init.d $ sudo ./tomcat6 restart
A grep on my tomcat6 for the security word yielded the following result:
_____________
mylogin@mymachine /etc/init.d $ more tomcat6 | grep -i security
# Use the Java security manager? (yes/no)
TOMCAT6_SECURITY=yes
if [ "$TOMCAT6_SECURITY" = "yes" ]; then
JAVA_OPTS="$JAVA_OPTS -Djava.security.manager
-Djava.security.policy=$POLICY_CACHE"
_____________
I guess, I should be turning off security with the option "no". But then, is
this the best way or do you recommend a better approach to let xindice run
with proper permissions? If you suggest an alternative approach, can you
please list out the steps to enable permissions for xindice. I think, it
will be very useful to me as well as for someone else.
In fact there is an earlier discussion in this forum (i think so) that
touches the same issue. Except that, it didn't end up with how exactly the
person (who had a similar issue with some earlier version of Tomcat) cleaned
up/disabled the "security" word in his Tomcat startup script.
Thanks for your time.
--
View this message in context: http://www.nabble.com/Tomcat-permissions-issue-when-trying-to-load-xindice-configuration-tp23837520p23863128.html
Sent from the Xindice - Users mailing list archive at Nabble.com.
Re: Tomcat permissions issue when trying to load xindice
configuration
Posted by Natalia Shilenkova <ns...@gmail.com>.
On Wed, Jun 3, 2009 at 1:43 PM, prasub <we...@gmail.com> wrote:
>
> Natalia,
>
> Thanks for getting back.
>
>>
>>What are the versions of Xindice and Tomcat that you tried?
>>
>
> I am using Xindice 1.1 and Tomcat 6.
Interesting. I just tried to run Xindice 1.1 under Tomcat 6.0.18 and
it did not have problems with permissions.
For some reason the version of Tomcat that you have starts with
security manager... Do you know the exact version of Tomcat installed?
How do you start it? Also, can you please tell me what OS you use?
Regards,
Natalia
Re: Tomcat permissions issue when trying to load xindice
configuration
Posted by prasub <we...@gmail.com>.
Natalia,
Thanks for getting back.
>
>What are the versions of Xindice and Tomcat that you tried?
>
I am using Xindice 1.1 and Tomcat 6.
--
View this message in context: http://www.nabble.com/Tomcat-permissions-issue-when-trying-to-load-xindice-configuration-tp23837520p23855935.html
Sent from the Xindice - Users mailing list archive at Nabble.com.
Re: Tomcat permissions issue when trying to load xindice
configuration
Posted by Natalia Shilenkova <ns...@gmail.com>.
What are the versions of Xindice and Tomcat that you tried?
Natalia
On Tue, Jun 2, 2009 at 1:49 PM, prasub <we...@gmail.com> wrote:
>
> I am new to Tomcat and Xindice. I have successfully configured and built
> xindice (as per the documentation). Now when I try to visit the following
> link:
>
> http://localhost:8080/xindice
>
> I get the following error message:
> ____________
>
> exception
>
> javax.servlet.ServletException: Servlet.init() for servlet xindice threw
> exception
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> java.lang.Thread.run(Thread.java:636)
>
> root cause
>
> org.apache.xindice.util.ConfigurationException: Failed to load
> configuration.
>
> org.apache.xindice.server.XindiceServlet.loadConfiguration(XindiceServlet.java:267)
> org.apache.xindice.server.XindiceServlet.init(XindiceServlet.java:105)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> java.lang.reflect.Method.invoke(Method.java:616)
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> java.security.AccessController.doPrivileged(Native Method)
> javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
>
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
>
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115)
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> java.lang.Thread.run(Thread.java:636)
>
> root cause
>
> java.security.AccessControlException: access denied
> (java.util.PropertyPermission xindice.configuration read)
>
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
> java.security.AccessController.checkPermission(AccessController.java:553)
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
> java.lang.System.getProperty(System.java:669)
>
> org.apache.xindice.server.XindiceServlet.loadConfiguration(XindiceServlet.java:232)
> org.apache.xindice.server.XindiceServlet.init(XindiceServlet.java:105)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> java.lang.reflect.Method.invoke(Method.java:616)
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> java.security.AccessController.doPrivileged(Native Method)
> javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
>
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
>
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115)
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> java.lang.Thread.run(Thread.java:636)
>
> ____________
>
> I have followed the instruction listed out on xindice installation howto
> page. The one thing that is not clear is where should the
> <context>..</context> info of xindice.xml be appended to in the server.xml
> file? I added it as a child under the <host> tag and later moved it as a
> sibling to <host> tag. Both instances didn't make a difference.
>
> Since, I am new to Java as well as Tomcat, I am unable to narrow down on the
> security settings of Tomcat. I even checked my tomcat6 startup script and
> there is no mention of starting the service with security ON.
>
> Can someone help me out on how to configure and run xindice with tomcat?
>
> Thanks in advance.
> --
> View this message in context: http://www.nabble.com/Tomcat-permissions-issue-when-trying-to-load-xindice-configuration-tp23837520p23837520.html
> Sent from the Xindice - Users mailing list archive at Nabble.com.
>
>