You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Nikola Milutinovic <Ni...@ev.co.yu> on 2005/03/11 13:16:41 UTC
One quick question on running TC in security mode
Hi all.
I'm faced with a situation where I need to deploy an application on a
server that is running TC 4.1 with "-security" option enabled. I have
figured out that I need to edit "catalina.policy" file and grant my
application permissions. I'm testing config on my home machine running
5.5.7. Now I'm slightly baffled.
The application needs to connect to a DB, send mail and write/read files
from the file system. All is well except mail sending. This is my
catalina policy file:
grant codeBase "file:/home/test/webapps/test/-" {
permission java.net.SocketPermission "localhost:5432",
"resolve,connect";
permission java.net.SocketPermission "localhost:3306",
"resolve,connect";
permission java.net.SocketPermission "localhost:25",
"resolve,connect";
// permission java.net.SocketPermission "localhost:*",
"resolve,connect";
permission java.io.FilePermission "/", "read";
permission java.io.FilePermission "/-", "read";
permission java.io.FilePermission "/tmp/-", "read,write";
};
And this is what I get when a JSP page tries to send an e-mail:
*root cause*
java.security.AccessControlException: access denied (java.net.SocketPermission localhost resolve)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
java.security.AccessController.checkPermission(AccessController.java:427)
Any idea what is wrong?
Nix.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: One quick question on running TC in security mode - still problems
Posted by Nikola Milutinovic <Ni...@ev.co.yu>.
Nikola Milutinovic wrote:
> Hi all.
>
> I'm faced with a situation where I need to deploy an application on a
> server that is running TC 4.1 with "-security" option enabled. I have
> figured out that I need to edit "catalina.policy" file and grant my
> application permissions. I'm testing config on my home machine running
> 5.5.7. Now I'm slightly baffled.
>
> The application needs to connect to a DB, send mail and write/read
> files from the file system. All is well except mail sending. This is
> my catalina policy file:
>
> grant codeBase "file:/home/test/webapps/test/-" {
> permission java.net.SocketPermission "localhost:5432",
> "resolve,connect";
> permission java.net.SocketPermission "localhost:3306",
> "resolve,connect";
> permission java.net.SocketPermission "localhost:25",
> "resolve,connect";
> // permission java.net.SocketPermission "localhost:*",
> "resolve,connect";
> permission java.io.FilePermission "/", "read";
> permission java.io.FilePermission "/-", "read";
> permission java.io.FilePermission "/tmp/-", "read,write";
> };
Heh, found one cause, the mail jars were not in my WEB-INF/lib, but in
the ${catalina.home}/common/lib. Now, I have modified the
catalina.policy file:
grant {
permission java.net.SocketPermission "localhost:25",
"resolve,connect";
permission java.net.SocketPermission "localhost:3306",
"resolve,connect";
permission java.net.SocketPermission "localhost:5432",
"resolve,connect";
};
Now sending starts, but I get the following exception:
javax.activation.UnsupportedDataTypeException: no object DCH for MIME
type text/plain
Am I missing something? When security is turned off, mail gets sent.
Nix.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org