You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Yaragalla, Muralidhar" <mu...@patni.com> on 2010/12/30 07:32:19 UTC
Tomcat security problem..please help
Hi all , I have added security manager in a filter initialization method in my webb app. I have deployed webapp in tomcat and when I start tomcat it is throwing the following error. Kindly help me in this.
How to avoid this? What should I do in the security policy?
Dec 30, 2010 11:41:25 AM org.apache.tomcat.util.modeler.Registry registerComponent
SEVERE: Error registering Catalina:j2eeType=Filter,name=jaas,WebModule=//localhost/cskip,J2EEApplication=none,J2EEServer=none
java.security.AccessControlException: access denied (javax.management.MBeanPermission org.apache.tomcat.util.modeler.BaseModelMBean#-[Catalina:J2EEApplication=none,J2EEServer=none,WebModule=//localhost/cskip,j2eeType=Filter,name=jaas] registerMBean)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.checkMBeanPermission(DefaultMBeanServerInterceptor.java:1806)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:309)
at com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:482)
at org.apache.tomcat.util.modeler.Registry.registerComponent(Registry.java:806)
at org.apache.catalina.core.ApplicationFilterConfig.registerJMX(ApplicationFilterConfig.java:457)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:299)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:422)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:115)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4001)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4651)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:905)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:740)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:500)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Dec 30, 2010 11:41:25 AM org.apache.catalina.core.ApplicationFilterConfig registerJMX
INFO: JMX registration failed for filter of type [com.ge.capital.cskip.jaas.filter.JAASFilter] and name [jaas]
java.security.AccessControlException: access denied (javax.management.MBeanPermission org.apache.tomcat.util.modeler.BaseModelMBean#-[Catalina:J2EEApplication=none,J2EEServer=none,WebModule=//localhost/cskip,j2eeType=Filter,name=jaas] registerMBean)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.checkMBeanPermission(DefaultMBeanServerInterceptor.java:1806)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:309)
at com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:482)
at org.apache.tomcat.util.modeler.Registry.registerComponent(Registry.java:806)
at org.apache.catalina.core.ApplicationFilterConfig.registerJMX(ApplicationFilterConfig.java:457)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:299)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:422)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:115)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4001)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4651)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:905)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:740)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:500)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Dec 30, 2010 11:41:25 AM org.apache.catalina.loader.WebappClassLoader findClass
WARNING: WebappClassLoader.findClassInternal(org.apache.struts2.dispatcher.ng.HostConfig) security exception: access denied (java.io.FilePermission C:\apache-tomcat-6.0.29\webapps\cskip\WEB-INF\classes\org\apache\struts2\dispatcher\ng\HostConfig.class read)
java.security.AccessControlException: access denied (java.io.FilePermission C:\apache-tomcat-6.0.29\webapps\cskip\WEB-INF\classes\org\apache\struts2\dispatcher\ng\HostConfig.class read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at org.apache.naming.resources.FileDirContext.file(FileDirContext.java:785)
at org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:206)
at org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:299)
at org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:2807)
at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2668)
at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1124)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1612)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1491)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Class.java:2389)
at java.lang.Class.getConstructor0(Class.java:2699)
at java.lang.Class.newInstance0(Class.java:326)
at java.lang.Class.newInstance(Class.java:308)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:275)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:422)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:115)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4001)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4651)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:905)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:740)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:500)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Dec 30, 2010 11:41:25 AM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
Dec 30, 2010 11:41:25 AM org.apache.catalina.startup.HostConfig deployWAR
SEVERE: Error deploying web application archive cskip.war
java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.Thread.setContextClassLoader(Thread.java:1351)
at org.apache.catalina.core.StandardContext.unbindThread(StandardContext.java:5019)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4664)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:905)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:740)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:500)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Thanks and Regards,
Muralidhar Yaragalla,
Senior Software Specialist,
Patni Computer Systems Ltd,
B-45/B-46, SIPCOT IT Park,
Rajiv Gandhi Salai (IT Highway),
Siruseri,Chennai - 603 103.
Tel: 91 44 4744 4444 x 2224
Link Line: 9 613 4516
Mobile : 9791174806
________________________________
Information contained and transmitted by this e-mail is confidential and proprietary to Patni Computer Systems Ltd and its affiliates (hitherto referred as Patni Computers) and is intended for use only by the recipient. If you are not the intended recipient , you are hereby notified that any dissemination, distribution, copying or use of this e-mail is strictly prohibited and you are requested to delete this e-mail immediately and notify the originator or netadmin@patni.com. Patni Computers does not enter into any agreement with any party by e-mail. Any views expressed by an individual do not necessarily reflect the view of Patni Computers. Patni Computers is not responsible for the consequences of any actions taken on the basis of information provided, through this email. The contents of an attachment to this e-mail may contain software viruses, which could damage your own computer system. While Patni Computers has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening an attachment. To know more about Patni Computers please visit www.patni.com.
RE: Tomcat security problem..please help
Posted by "Yaragalla, Muralidhar" <mu...@patni.com>.
Thank you so much. I will do that.
Thanks and Regards,
Muralidhar Yaragalla,
Senior Software Specialist,
Patni Computer Systems Ltd,
B-45/B-46, SIPCOT IT Park,
Rajiv Gandhi Salai (IT Highway),
Siruseri,Chennai - 603 103.
Tel: 91 44 4744 4444 x 2224
Link Line: 9 613 4516
Mobile : 9791174806
-----Original Message-----
From: André Warnier [mailto:aw@ice-sa.com]
Sent: Thursday, December 30, 2010 3:12 PM
To: Tomcat Users List
Subject: Re: Tomcat security problem..please help
Yaragalla, Muralidhar wrote:
> Hi all , I have added security manager in a filter initialization method in my webb app. I have deployed webapp in tomcat and when I start tomcat it is throwing the following error. Kindly help me in this.
> How to avoid this? What should I do in the security policy?
Reading the on-line documentation at
http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
would be a good first step.
A second one, in your next post, would be to indicate which version of Tomcat you are
running, on which platform, under which JVM.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Information contained and transmitted by this e-mail is confidential and proprietary to Patni Computer Systems Ltd and its affiliates (hitherto referred as Patni Computers) and is intended for use only by the recipient. If you are not the intended recipient , you are hereby notified that any dissemination, distribution, copying or use of this e-mail is strictly prohibited and you are requested to delete this e-mail immediately and notify the originator or netadmin@patni.com. Patni Computers does not enter into any agreement with any party by e-mail. Any views expressed by an individual do not necessarily reflect the view of Patni Computers. Patni Computers is not responsible for the consequences of any actions taken on the basis of information provided, through this email. The contents of an attachment to this e-mail may contain software viruses, which could damage your own computer system. While Patni Computers has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening an attachment. To know more about Patni Computers please visit www.patni.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat security problem..please help
Posted by André Warnier <aw...@ice-sa.com>.
Yaragalla, Muralidhar wrote:
> Hi all , I have added security manager in a filter initialization method in my webb app. I have deployed webapp in tomcat and when I start tomcat it is throwing the following error. Kindly help me in this.
> How to avoid this? What should I do in the security policy?
Reading the on-line documentation at
http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
would be a good first step.
A second one, in your next post, would be to indicate which version of Tomcat you are
running, on which platform, under which JVM.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org