You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Joseph Mocker <mo...@fakebelieve.org> on 2011/04/01 00:23:01 UTC
Re: Profile Security NOT WORKING!!!
Not sure the inner workings of how JSPWiki uses jspwiki.properties, but
you could try turning on Java security manager debugging and see if that
shows up anything. Check out the trouble shooting section of
http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
Also, does jspwiki.log show anything?
Have you looked through all applicable log files for signs of exceptions
or other errors?
--joe
On 3/31/2011 2:49 PM, George, Kenneth V [NTK] wrote:
> That's fine, and I don't necessarily disagree with you.
>
> However, although I am running as root (which I probably should not be - but this is a simple install), I have not changed any of the env. values out-of-the-box for CENTOS 5.5. Other than me specifying JAVA_HOME, no other env. variable is being set. What is very strange about this, is that is happens exactly the same on 2 different machines, using 2 different OS'es, and 2 slightly different JDK's.
>
> Just for grins, I re-tested again on the Windows installation (Tomcat 6.0.32, JDK 1.6.0_24/1.5.0_32).
>
> After running the Security Configuration Verification page, I still get ALL GREENS for JDK 1.6 and mixed GREEN/RED for JDK 1.5.
>
> -----Original Message-----
> From: Joseph Mocker [mailto:mock@fakebelieve.org]
> Sent: Thursday, March 31, 2011 3:27 PM
> To: jspwiki-user@incubator.apache.org
> Subject: Re: Profile Security NOT WORKING!!!
>
> Are there freshly installed JDKs and servers, user accounts?
> Are you using JDKs provided by the Linux distro or one you downloaded separately from Oracle?
> (Its always possible that there is some configuration anywhere in the above that is interfering with reading jspwiki.policy.)
>
> What do the user environment variables look like when you start tomcat?
> Do you have any special CATALINA_OPTS or JAVA_OPTS defined in catalina.sh?
>
> It would appear to be something in your environment, as Janne, myself and others all have been successful so its got to be something in your environment, just need to find it.
>
> FWIW: I installed tomcat6 ubuntu dist (via apt-get tomcat6) which also installed OpenJDK, also worked for me.
>
> --joe
>
> On 3/31/2011 12:34 PM, George, Kenneth V [NTK] wrote:
>> Thanks for taking the time to research all of this.
>>
>> I am not sure why things are not working for me with 2 different machines and flavors 1.6 JDK (which is very frustrating since I think 1.5 is about to go the way of 1.4 - eol).
>>
>> I enabled the SecurityConfig.jsp and was able to show using 1.6 and Tomcat 6.0.32 I would get ALL GREEN boxes no matter what I would set jspwiki.policy to, and would get a mix of GREEN and RED using 1.5.
>>
>> I was thinking that maybe I should d/l the source and try to build the JSPWiki.jar file using 1.6 and see if I get different results. Just not sure.
>>
>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>> Sent: Thursday, March 31, 2011 2:16 PM
>> To: jspwiki-user@incubator.apache.org
>> Subject: Re: Profile Security NOT WORKING!!!
>>
>> All this commotion got the best of me, so I gave it a spin. Plus I'm running 2.4 and I probably should really upgrade.
>>
>> At any rate, seemed to work for me, here's what I did:
>>
>> 1. Spun up a new Ubuntu Server 10.10 X64 VM
>> 2. Created install folder /app
>> 3. Downloaded JDK 1.6.0_24 X64 from Oracle
>> 4. Installed Java into /app/jdk1.6.0_24
>> 5. export JAVA_HOME=/app/jdk1.6.0_24
>> 6. Downloaded Tomcat 6.0.32
>> 7. Installed Tomcat in /app/web/apache-tomcat-6.0.32
>> 8. Started up Tomcat to make sure its working. It was. Shut it down.
>> 9. Downloaded JSPWiki 2.8.4
>> 10. Installed JSPWiki into /app/web/sites/default/webapps/wiki
>> 11. Installed corepages into /app/web/sites/default/webapps/wiki
>> 12. Edited jspwiki.properties to fix paths for pageDir and storageDir
>> 13. Created Tomcat webapp descriptor in /app/web/apache-tomcat-6.0.32/conf/Catalina/localhost/wiki.xml (attached)
>> 14. Started up Tomcat hit the /wiki/Installer.jsp page in browser.
>> 15. Restarted Tomcat. Verified I could create files as anonymous, and I could login to admin account.
>> 16. Changed WEB-INF/jspwiki.policy (attached) file so that only logged in users can create/modify pages.
>> 17. Restarted Tomcat. Verified I could not created/modify pages until I logged in.
>> Seemed pretty straight forward to me. Much easier than getting JSPWiki 2.4 with a custom jspwiki.policy to work with Sun Java System Web Server 7.0.
>>
>> :-)
>>
>> The Security Configuration Verifier showed the exact permissions of what I could do.
>>
>> --joe
>>
>>
>> On 3/31/2011 6:28 AM, George, Kenneth V [NTK] wrote:
>>
>> ...AND...on my test machine (local) I am using 1.6.0_24
>>
>>
>>
>> C:\Documents and Settings\kvg6037>java -version
>>
>> java version "1.6.0_24"
>>
>> Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
>>
>> Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode, sharing)
>>
>>
>>
>> -----Original Message-----
>>
>> From: Janne Jalkanen [mailto:Janne.Jalkanen@ecyrd.com]
>>
>> Sent: Thursday, March 31, 2011 1:42 AM
>>
>> To:
>> jspwiki-user@incubator.apache.org<mailto:jspwiki-user@incubator.apache
>> .org>
>>
>> Subject: Re: Profile Security NOT WORKING!!!
>>
>>
>>
>>
>>
>> This is odd, since I'm running on same JSPWiki, Ubuntu 10.04, Tomcat 6.0.32 (which is BTW a recommended upgrade; Chrome 10 breaks on occasion otherwise), and I have jspwiki.policy working. However, I am running OpenJDK 6b20-1.9.7-0ubuntu1~10.04.1.
>>
>>
>>
>> Is it possible that for some reason Sun JDK's built-in policy management is kicking in here? Or that it might just be broken in some odd fashion. Can you try OpenJDK and see if that works for you?
>>
>>
>>
>> /Janne
>>
>>
>> ________________________________
>>
>> This e-mail may contain Sprint Nextel proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.
>>
>
>
> ________________________________
>
> This e-mail may contain Sprint Nextel proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.
>
RE: Profile Security NOT WORKING!!!
Posted by "George, Kenneth V [NTK]" <Ke...@sprint.com>.
Ok, I found the issue (at it TOTALLY was my fault)!
What clued me in was this...
" We don't support running under a security manager. Lots of permissions needed, and the code isn't segmented properly with doPrivileged() blocks. That could change, but for now that's how it is..."
I went back and looked and sure enough, I was starting the TOMCAT container with '-security' because on the system that I use, there was another app that we needed to set security information to use RMI over to our data server. When I checked, I WAS also setting security on my local machine (which I use Eclipse) because that server config. is being used to develop that app.
BUT, the 1.5 instance, I had not setup using the security manager (locally) - so it worked.
Ugh....this is TOTALLY my fault guys.
Thanks for helping through this.
- Ken
-----Original Message-----
From: Andrew Jaquith [mailto:andrew.r.jaquith@gmail.com]
Sent: Friday, April 01, 2011 6:58 AM
To: jspwiki-user@incubator.apache.org
Cc: jspwiki-user@incubator.apache.org
Subject: Re: Profile Security NOT WORKING!!!
We don't support running under a security manager. Lots of permissions needed, and the code isn't segmented properly with doPrivileged() blocks. That could change, but for now that's how it is...
George, as far as your situation goes, it sounds rather unique. Your best bet would be to turn on JPDA debugging and put a breakpoint in the AuthorizationManager code. That will tell you FOR SURE what is going on. If you are up for that, I can help you, but you've got to know your way around Eclipse.
Andrew
On Apr 1, 2011, at 5:56, Florian Holeczek <fl...@holeczek.de> wrote:
> Uhm, wait... AFAIK we don't support running under a security manager!
>
> @Janne, Andrew: Has that changed?
>
> Regards
> Florian
>
>
> ----- Ursprüngliche Mail -----
> Von: "Joseph Mocker" <mo...@fakebelieve.org>
> An: jspwiki-user@incubator.apache.org
> Gesendet: Freitag, 1. April 2011 00:23:01
> Betreff: Re: Profile Security NOT WORKING!!!
>
> Not sure the inner workings of how JSPWiki uses jspwiki.properties,
> but you could try turning on Java security manager debugging and see
> if that shows up anything. Check out the trouble shooting section of
>
> http://tomcat.apache.org/tomcat-6.0-doc/security-manager-
> howto.html
>
> Also, does jspwiki.log show anything?
>
> Have you looked through all applicable log files for signs of
> exceptions or other errors?
>
> --joe
>
>
> On 3/31/2011 2:49 PM, George, Kenneth V [NTK] wrote:
>> That's fine, and I don't necessarily disagree with you.
>>
>> However, although I am running as root (which I probably should not
>> be - but this is a simple install), I have not changed any of the
>> env. values out-of-the-box for CENTOS 5.5. Other than me
>> specifying JAVA_HOME, no other env. variable is being set. What is
>> very strange about this, is that is happens exactly the same on 2
>> different machines, using 2 different OS'es, and 2 slightly different
>> JDK's.
>>
>> Just for grins, I re-tested again on the Windows installation (Tomcat
>> 6.0.32, JDK 1.6.0_24/1.5.0_32).
>>
>> After running the Security Configuration Verification page, I still
>> get ALL GREENS for JDK 1.6 and mixed GREEN/RED for JDK 1.5.
>>
>> -----Original Message-----
>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>> Sent: Thursday, March 31, 2011 3:27 PM
>> To: jspwiki-user@incubator.apache.org
>> Subject: Re: Profile Security NOT WORKING!!!
>>
>> Are there freshly installed JDKs and servers, user accounts?
>> Are you using JDKs provided by the Linux distro or one you downloaded
>> separately from Oracle?
>> (Its always possible that there is some configuration anywhere in the
>> above that is interfering with reading jspwiki.policy.)
>>
>> What do the user environment variables look like when you start
>> tomcat?
>> Do you have any special CATALINA_OPTS or JAVA_OPTS defined in
>> catalina.sh?
>>
>> It would appear to be something in your environment, as Janne, myself
>> and others all have been successful so its got to be something in
>> your environment, just need to find it.
>>
>> FWIW: I installed tomcat6 ubuntu dist (via apt-get tomcat6) which
>> also installed OpenJDK, also worked for me.
>>
>> --joe
>>
>> On 3/31/2011 12:34 PM, George, Kenneth V [NTK] wrote:
>>> Thanks for taking the time to research all of this.
>>>
>>> I am not sure why things are not working for me with 2 different
>>> machines and flavors 1.6 JDK (which is very frustrating since I
>>> think 1.5 is about to go the way of 1.4 - eol).
>>>
>>> I enabled the SecurityConfig.jsp and was able to show using 1.6 and
>>> Tomcat 6.0.32 I would get ALL GREEN boxes no matter what I would
>>> set jspwiki.policy to, and would get a mix of GREEN and RED using
>>> 1.5.
>>>
>>> I was thinking that maybe I should d/l the source and try to build
>>> the JSPWiki.jar file using 1.6 and see if I get different results.
>>> Just not sure.
>>>
>>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>>> Sent: Thursday, March 31, 2011 2:16 PM
>>> To: jspwiki-user@incubator.apache.org
>>> Subject: Re: Profile Security NOT WORKING!!!
>>>
>>> All this commotion got the best of me, so I gave it a spin. Plus I'm
>>> running 2.4 and I probably should really upgrade.
>>>
>>> At any rate, seemed to work for me, here's what I did:
>>>
>>> 1. Spun up a new Ubuntu Server 10.10 X64 VM
>>> 2. Created install folder /app
>>> 3. Downloaded JDK 1.6.0_24 X64 from Oracle
>>> 4. Installed Java into /app/jdk1.6.0_24
>>> 5. export JAVA_HOME=/app/jdk1.6.0_24
>>> 6. Downloaded Tomcat 6.0.32
>>> 7. Installed Tomcat in /app/web/apache-tomcat-6.0.32
>>> 8. Started up Tomcat to make sure its working. It was. Shut it
>>> down.
>>> 9. Downloaded JSPWiki 2.8.4
>>> 10. Installed JSPWiki into /app/web/sites/default/webapps/wiki
>>> 11. Installed corepages into /app/web/sites/default/webapps/wiki
>>> 12. Edited jspwiki.properties to fix paths for pageDir and
>>> storageDir
>>> 13. Created Tomcat webapp descriptor in /app/web/apache-
>>> tomcat-6.0.32/conf/Catalina/localhost/wiki.xml (attached)
>>> 14. Started up Tomcat hit the /wiki/Installer.jsp page in
>>> browser.
>>> 15. Restarted Tomcat. Verified I could create files as anonymous,
>>> and I could login to admin account.
>>> 16. Changed WEB-INF/jspwiki.policy (attached) file so that only
>>> logged in users can create/modify pages.
>>> 17. Restarted Tomcat. Verified I could not created/modify pages
>>> until I logged in.
>>> Seemed pretty straight forward to me. Much easier than getting
>>> JSPWiki 2.4 with a custom jspwiki.policy to work with Sun Java
>>> System Web Server 7.0.
>>>
>>> :-)
>>>
>>> The Security Configuration Verifier showed the exact permissions
>>> of what I could do.
>>>
>>> --joe
>>>
>>>
>>> On 3/31/2011 6:28 AM, George, Kenneth V [NTK] wrote:
>>>
>>> ...AND...on my test machine (local) I am using 1.6.0_24
>>>
>>>
>>>
>>> C:\Documents and Settings\kvg6037>java -version
>>>
>>> java version "1.6.0_24"
>>>
>>> Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
>>>
>>> Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode, sharing)
>>>
>>>
>>>
>>> -----Original Message-----
>>>
>>> From: Janne Jalkanen [mailto:Janne.Jalkanen@ecyrd.com]
>>>
>>> Sent: Thursday, March 31, 2011 1:42 AM
>>>
>>> To:
>>> jspwiki-user@incubator.apache.org<mailto:jspwiki-user@incubator.apache
>>> .org>
>>>
>>> Subject: Re: Profile Security NOT WORKING!!!
>>>
>>>
>>>
>>>
>>>
>>> This is odd, since I'm running on same JSPWiki, Ubuntu 10.04,
>>> Tomcat 6.0.32 (which is BTW a recommended upgrade; Chrome 10
>>> breaks on occasion otherwise), and I have jspwiki.policy working.
>>> However, I am running OpenJDK 6b20-1.9.7-0ubuntu1~10.04.1.
>>>
>>>
>>>
>>> Is it possible that for some reason Sun JDK's built-in policy
>>> management is kicking in here? Or that it might just be broken in
>>> some odd fashion. Can you try OpenJDK and see if that works for you?
>>>
>>>
>>>
>>> /Janne
>>>
>>>
>>> ________________________________
>>>
>>> This e-mail may contain Sprint Nextel proprietary information
>>> intended for the sole use of the recipient(s). Any use by others
>>> is prohibited. If you are not the intended recipient, please
>>> contact the sender and delete all copies of the message.
>>>
>>
>>
>> ________________________________
>>
>> This e-mail may contain Sprint Nextel proprietary information
>> intended for the sole use of the recipient(s). Any use by others is
>> prohibited. If you are not the intended recipient, please contact
>> the sender and delete all copies of the message.
>>
>
________________________________
This e-mail may contain Sprint Nextel proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.
Re: Profile Security NOT WORKING!!!
Posted by Joseph Mocker <mo...@fakebelieve.org>.
I don't know if George is running with a Security Manager, I doubt it.
Since the jspwiki.policy file looks like a typical security.policy file
I thought he might be able to gleam some information about what is going
on by turning on Security Manager debugging.
If this doesn't make sense, sorry for the suggestion.
--joe
On 4/1/2011 4:57 AM, Andrew Jaquith wrote:
> We don't support running under a security manager. Lots of permissions
> needed, and the code isn't segmented properly with doPrivileged()
> blocks. That could change, but for now that's how it is...
>
> George, as far as your situation goes, it sounds rather unique. Your
> best bet would be to turn on JPDA debugging and put a breakpoint in
> the AuthorizationManager code. That will tell you FOR SURE what is
> going on. If you are up for that, I can help you, but you've got to
> know your way around Eclipse.
>
> Andrew
>
> On Apr 1, 2011, at 5:56, Florian Holeczek <fl...@holeczek.de> wrote:
>
>> Uhm, wait... AFAIK we don't support running under a security manager!
>>
>> @Janne, Andrew: Has that changed?
>>
>> Regards
>> Florian
>>
>>
>> ----- Ursprüngliche Mail -----
>> Von: "Joseph Mocker" <mo...@fakebelieve.org>
>> An: jspwiki-user@incubator.apache.org
>> Gesendet: Freitag, 1. April 2011 00:23:01
>> Betreff: Re: Profile Security NOT WORKING!!!
>>
>> Not sure the inner workings of how JSPWiki uses jspwiki.properties, but
>> you could try turning on Java security manager debugging and see if that
>> shows up anything. Check out the trouble shooting section of
>>
>> http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
>>
>> Also, does jspwiki.log show anything?
>>
>> Have you looked through all applicable log files for signs of exceptions
>> or other errors?
>>
>> --joe
>>
>>
>> On 3/31/2011 2:49 PM, George, Kenneth V [NTK] wrote:
>>> That's fine, and I don't necessarily disagree with you.
>>>
>>> However, although I am running as root (which I probably should not
>>> be - but this is a simple install), I have not changed any of the
>>> env. values out-of-the-box for CENTOS 5.5. Other than me
>>> specifying JAVA_HOME, no other env. variable is being set. What is
>>> very strange about this, is that is happens exactly the same on 2
>>> different machines, using 2 different OS'es, and 2 slightly
>>> different JDK's.
>>>
>>> Just for grins, I re-tested again on the Windows installation
>>> (Tomcat 6.0.32, JDK 1.6.0_24/1.5.0_32).
>>>
>>> After running the Security Configuration Verification page, I still
>>> get ALL GREENS for JDK 1.6 and mixed GREEN/RED for JDK 1.5.
>>>
>>> -----Original Message-----
>>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>>> Sent: Thursday, March 31, 2011 3:27 PM
>>> To: jspwiki-user@incubator.apache.org
>>> Subject: Re: Profile Security NOT WORKING!!!
>>>
>>> Are there freshly installed JDKs and servers, user accounts?
>>> Are you using JDKs provided by the Linux distro or one you
>>> downloaded separately from Oracle?
>>> (Its always possible that there is some configuration anywhere in
>>> the above that is interfering with reading jspwiki.policy.)
>>>
>>> What do the user environment variables look like when you start tomcat?
>>> Do you have any special CATALINA_OPTS or JAVA_OPTS defined in
>>> catalina.sh?
>>>
>>> It would appear to be something in your environment, as Janne,
>>> myself and others all have been successful so its got to be
>>> something in your environment, just need to find it.
>>>
>>> FWIW: I installed tomcat6 ubuntu dist (via apt-get tomcat6) which
>>> also installed OpenJDK, also worked for me.
>>>
>>> --joe
>>>
>>> On 3/31/2011 12:34 PM, George, Kenneth V [NTK] wrote:
>>>> Thanks for taking the time to research all of this.
>>>>
>>>> I am not sure why things are not working for me with 2 different
>>>> machines and flavors 1.6 JDK (which is very frustrating since I
>>>> think 1.5 is about to go the way of 1.4 - eol).
>>>>
>>>> I enabled the SecurityConfig.jsp and was able to show using 1.6 and
>>>> Tomcat 6.0.32 I would get ALL GREEN boxes no matter what I would
>>>> set jspwiki.policy to, and would get a mix of GREEN and RED using 1.5.
>>>>
>>>> I was thinking that maybe I should d/l the source and try to build
>>>> the JSPWiki.jar file using 1.6 and see if I get different results.
>>>> Just not sure.
>>>>
>>>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>>>> Sent: Thursday, March 31, 2011 2:16 PM
>>>> To: jspwiki-user@incubator.apache.org
>>>> Subject: Re: Profile Security NOT WORKING!!!
>>>>
>>>> All this commotion got the best of me, so I gave it a spin. Plus
>>>> I'm running 2.4 and I probably should really upgrade.
>>>>
>>>> At any rate, seemed to work for me, here's what I did:
>>>>
>>>> 1. Spun up a new Ubuntu Server 10.10 X64 VM
>>>> 2. Created install folder /app
>>>> 3. Downloaded JDK 1.6.0_24 X64 from Oracle
>>>> 4. Installed Java into /app/jdk1.6.0_24
>>>> 5. export JAVA_HOME=/app/jdk1.6.0_24
>>>> 6. Downloaded Tomcat 6.0.32
>>>> 7. Installed Tomcat in /app/web/apache-tomcat-6.0.32
>>>> 8. Started up Tomcat to make sure its working. It was. Shut it
>>>> down.
>>>> 9. Downloaded JSPWiki 2.8.4
>>>> 10. Installed JSPWiki into /app/web/sites/default/webapps/wiki
>>>> 11. Installed corepages into /app/web/sites/default/webapps/wiki
>>>> 12. Edited jspwiki.properties to fix paths for pageDir and
>>>> storageDir
>>>> 13. Created Tomcat webapp descriptor in
>>>> /app/web/apache-tomcat-6.0.32/conf/Catalina/localhost/wiki.xml
>>>> (attached)
>>>> 14. Started up Tomcat hit the /wiki/Installer.jsp page in browser.
>>>> 15. Restarted Tomcat. Verified I could create files as
>>>> anonymous, and I could login to admin account.
>>>> 16. Changed WEB-INF/jspwiki.policy (attached) file so that only
>>>> logged in users can create/modify pages.
>>>> 17. Restarted Tomcat. Verified I could not created/modify pages
>>>> until I logged in.
>>>> Seemed pretty straight forward to me. Much easier than getting
>>>> JSPWiki 2.4 with a custom jspwiki.policy to work with Sun Java
>>>> System Web Server 7.0.
>>>>
>>>> :-)
>>>>
>>>> The Security Configuration Verifier showed the exact permissions
>>>> of what I could do.
>>>>
>>>> --joe
>>>>
>>>>
>>>> On 3/31/2011 6:28 AM, George, Kenneth V [NTK] wrote:
>>>>
>>>> ...AND...on my test machine (local) I am using 1.6.0_24
>>>>
>>>>
>>>>
>>>> C:\Documents and Settings\kvg6037>java -version
>>>>
>>>> java version "1.6.0_24"
>>>>
>>>> Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
>>>>
>>>> Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode, sharing)
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>>
>>>> From: Janne Jalkanen [mailto:Janne.Jalkanen@ecyrd.com]
>>>>
>>>> Sent: Thursday, March 31, 2011 1:42 AM
>>>>
>>>> To:
>>>> jspwiki-user@incubator.apache.org<mailto:jspwiki-user@incubator.apache
>>>> .org>
>>>>
>>>> Subject: Re: Profile Security NOT WORKING!!!
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This is odd, since I'm running on same JSPWiki, Ubuntu 10.04,
>>>> Tomcat 6.0.32 (which is BTW a recommended upgrade; Chrome 10 breaks
>>>> on occasion otherwise), and I have jspwiki.policy working. However,
>>>> I am running OpenJDK 6b20-1.9.7-0ubuntu1~10.04.1.
>>>>
>>>>
>>>>
>>>> Is it possible that for some reason Sun JDK's built-in policy
>>>> management is kicking in here? Or that it might just be broken in
>>>> some odd fashion. Can you try OpenJDK and see if that works for you?
>>>>
>>>>
>>>>
>>>> /Janne
>>>>
>>>>
>>>> ________________________________
>>>>
>>>> This e-mail may contain Sprint Nextel proprietary information
>>>> intended for the sole use of the recipient(s). Any use by others is
>>>> prohibited. If you are not the intended recipient, please contact
>>>> the sender and delete all copies of the message.
>>>>
>>>
>>>
>>> ________________________________
>>>
>>> This e-mail may contain Sprint Nextel proprietary information
>>> intended for the sole use of the recipient(s). Any use by others is
>>> prohibited. If you are not the intended recipient, please contact
>>> the sender and delete all copies of the message.
>>>
>>
Re: Profile Security NOT WORKING!!!
Posted by Andrew Jaquith <an...@gmail.com>.
We don't support running under a security manager. Lots of permissions
needed, and the code isn't segmented properly with doPrivileged()
blocks. That could change, but for now that's how it is...
George, as far as your situation goes, it sounds rather unique. Your
best bet would be to turn on JPDA debugging and put a breakpoint in
the AuthorizationManager code. That will tell you FOR SURE what is
going on. If you are up for that, I can help you, but you've got to
know your way around Eclipse.
Andrew
On Apr 1, 2011, at 5:56, Florian Holeczek <fl...@holeczek.de> wrote:
> Uhm, wait... AFAIK we don't support running under a security manager!
>
> @Janne, Andrew: Has that changed?
>
> Regards
> Florian
>
>
> ----- Ursprüngliche Mail -----
> Von: "Joseph Mocker" <mo...@fakebelieve.org>
> An: jspwiki-user@incubator.apache.org
> Gesendet: Freitag, 1. April 2011 00:23:01
> Betreff: Re: Profile Security NOT WORKING!!!
>
> Not sure the inner workings of how JSPWiki uses jspwiki.properties,
> but
> you could try turning on Java security manager debugging and see if
> that
> shows up anything. Check out the trouble shooting section of
>
> http://tomcat.apache.org/tomcat-6.0-doc/security-manager-
> howto.html
>
> Also, does jspwiki.log show anything?
>
> Have you looked through all applicable log files for signs of
> exceptions
> or other errors?
>
> --joe
>
>
> On 3/31/2011 2:49 PM, George, Kenneth V [NTK] wrote:
>> That's fine, and I don't necessarily disagree with you.
>>
>> However, although I am running as root (which I probably should not
>> be - but this is a simple install), I have not changed any of the
>> env. values out-of-the-box for CENTOS 5.5. Other than me
>> specifying JAVA_HOME, no other env. variable is being set. What is
>> very strange about this, is that is happens exactly the same on 2
>> different machines, using 2 different OS'es, and 2 slightly
>> different JDK's.
>>
>> Just for grins, I re-tested again on the Windows installation
>> (Tomcat 6.0.32, JDK 1.6.0_24/1.5.0_32).
>>
>> After running the Security Configuration Verification page, I still
>> get ALL GREENS for JDK 1.6 and mixed GREEN/RED for JDK 1.5.
>>
>> -----Original Message-----
>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>> Sent: Thursday, March 31, 2011 3:27 PM
>> To: jspwiki-user@incubator.apache.org
>> Subject: Re: Profile Security NOT WORKING!!!
>>
>> Are there freshly installed JDKs and servers, user accounts?
>> Are you using JDKs provided by the Linux distro or one you
>> downloaded separately from Oracle?
>> (Its always possible that there is some configuration anywhere in
>> the above that is interfering with reading jspwiki.policy.)
>>
>> What do the user environment variables look like when you start
>> tomcat?
>> Do you have any special CATALINA_OPTS or JAVA_OPTS defined in
>> catalina.sh?
>>
>> It would appear to be something in your environment, as Janne,
>> myself and others all have been successful so its got to be
>> something in your environment, just need to find it.
>>
>> FWIW: I installed tomcat6 ubuntu dist (via apt-get tomcat6) which
>> also installed OpenJDK, also worked for me.
>>
>> --joe
>>
>> On 3/31/2011 12:34 PM, George, Kenneth V [NTK] wrote:
>>> Thanks for taking the time to research all of this.
>>>
>>> I am not sure why things are not working for me with 2 different
>>> machines and flavors 1.6 JDK (which is very frustrating since I
>>> think 1.5 is about to go the way of 1.4 - eol).
>>>
>>> I enabled the SecurityConfig.jsp and was able to show using 1.6
>>> and Tomcat 6.0.32 I would get ALL GREEN boxes no matter what I
>>> would set jspwiki.policy to, and would get a mix of GREEN and RED
>>> using 1.5.
>>>
>>> I was thinking that maybe I should d/l the source and try to build
>>> the JSPWiki.jar file using 1.6 and see if I get different
>>> results. Just not sure.
>>>
>>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>>> Sent: Thursday, March 31, 2011 2:16 PM
>>> To: jspwiki-user@incubator.apache.org
>>> Subject: Re: Profile Security NOT WORKING!!!
>>>
>>> All this commotion got the best of me, so I gave it a spin. Plus
>>> I'm running 2.4 and I probably should really upgrade.
>>>
>>> At any rate, seemed to work for me, here's what I did:
>>>
>>> 1. Spun up a new Ubuntu Server 10.10 X64 VM
>>> 2. Created install folder /app
>>> 3. Downloaded JDK 1.6.0_24 X64 from Oracle
>>> 4. Installed Java into /app/jdk1.6.0_24
>>> 5. export JAVA_HOME=/app/jdk1.6.0_24
>>> 6. Downloaded Tomcat 6.0.32
>>> 7. Installed Tomcat in /app/web/apache-tomcat-6.0.32
>>> 8. Started up Tomcat to make sure its working. It was. Shut it
>>> down.
>>> 9. Downloaded JSPWiki 2.8.4
>>> 10. Installed JSPWiki into /app/web/sites/default/webapps/wiki
>>> 11. Installed corepages into /app/web/sites/default/webapps/wiki
>>> 12. Edited jspwiki.properties to fix paths for pageDir and
>>> storageDir
>>> 13. Created Tomcat webapp descriptor in /app/web/apache-
>>> tomcat-6.0.32/conf/Catalina/localhost/wiki.xml (attached)
>>> 14. Started up Tomcat hit the /wiki/Installer.jsp page in
>>> browser.
>>> 15. Restarted Tomcat. Verified I could create files as
>>> anonymous, and I could login to admin account.
>>> 16. Changed WEB-INF/jspwiki.policy (attached) file so that only
>>> logged in users can create/modify pages.
>>> 17. Restarted Tomcat. Verified I could not created/modify pages
>>> until I logged in.
>>> Seemed pretty straight forward to me. Much easier than getting
>>> JSPWiki 2.4 with a custom jspwiki.policy to work with Sun Java
>>> System Web Server 7.0.
>>>
>>> :-)
>>>
>>> The Security Configuration Verifier showed the exact permissions
>>> of what I could do.
>>>
>>> --joe
>>>
>>>
>>> On 3/31/2011 6:28 AM, George, Kenneth V [NTK] wrote:
>>>
>>> ...AND...on my test machine (local) I am using 1.6.0_24
>>>
>>>
>>>
>>> C:\Documents and Settings\kvg6037>java -version
>>>
>>> java version "1.6.0_24"
>>>
>>> Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
>>>
>>> Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode, sharing)
>>>
>>>
>>>
>>> -----Original Message-----
>>>
>>> From: Janne Jalkanen [mailto:Janne.Jalkanen@ecyrd.com]
>>>
>>> Sent: Thursday, March 31, 2011 1:42 AM
>>>
>>> To:
>>> jspwiki-user@incubator.apache.org<mailto:jspwiki-user@incubator.apache
>>> .org>
>>>
>>> Subject: Re: Profile Security NOT WORKING!!!
>>>
>>>
>>>
>>>
>>>
>>> This is odd, since I'm running on same JSPWiki, Ubuntu 10.04,
>>> Tomcat 6.0.32 (which is BTW a recommended upgrade; Chrome 10
>>> breaks on occasion otherwise), and I have jspwiki.policy working.
>>> However, I am running OpenJDK 6b20-1.9.7-0ubuntu1~10.04.1.
>>>
>>>
>>>
>>> Is it possible that for some reason Sun JDK's built-in policy
>>> management is kicking in here? Or that it might just be broken in
>>> some odd fashion. Can you try OpenJDK and see if that works for you?
>>>
>>>
>>>
>>> /Janne
>>>
>>>
>>> ________________________________
>>>
>>> This e-mail may contain Sprint Nextel proprietary information
>>> intended for the sole use of the recipient(s). Any use by others
>>> is prohibited. If you are not the intended recipient, please
>>> contact the sender and delete all copies of the message.
>>>
>>
>>
>> ________________________________
>>
>> This e-mail may contain Sprint Nextel proprietary information
>> intended for the sole use of the recipient(s). Any use by others is
>> prohibited. If you are not the intended recipient, please contact
>> the sender and delete all copies of the message.
>>
>
Re: Profile Security NOT WORKING!!!
Posted by Florian Holeczek <fl...@holeczek.de>.
Uhm, wait... AFAIK we don't support running under a security manager!
@Janne, Andrew: Has that changed?
Regards
Florian
----- Ursprüngliche Mail -----
Von: "Joseph Mocker" <mo...@fakebelieve.org>
An: jspwiki-user@incubator.apache.org
Gesendet: Freitag, 1. April 2011 00:23:01
Betreff: Re: Profile Security NOT WORKING!!!
Not sure the inner workings of how JSPWiki uses jspwiki.properties, but
you could try turning on Java security manager debugging and see if that
shows up anything. Check out the trouble shooting section of
http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
Also, does jspwiki.log show anything?
Have you looked through all applicable log files for signs of exceptions
or other errors?
--joe
On 3/31/2011 2:49 PM, George, Kenneth V [NTK] wrote:
> That's fine, and I don't necessarily disagree with you.
>
> However, although I am running as root (which I probably should not be - but this is a simple install), I have not changed any of the env. values out-of-the-box for CENTOS 5.5. Other than me specifying JAVA_HOME, no other env. variable is being set. What is very strange about this, is that is happens exactly the same on 2 different machines, using 2 different OS'es, and 2 slightly different JDK's.
>
> Just for grins, I re-tested again on the Windows installation (Tomcat 6.0.32, JDK 1.6.0_24/1.5.0_32).
>
> After running the Security Configuration Verification page, I still get ALL GREENS for JDK 1.6 and mixed GREEN/RED for JDK 1.5.
>
> -----Original Message-----
> From: Joseph Mocker [mailto:mock@fakebelieve.org]
> Sent: Thursday, March 31, 2011 3:27 PM
> To: jspwiki-user@incubator.apache.org
> Subject: Re: Profile Security NOT WORKING!!!
>
> Are there freshly installed JDKs and servers, user accounts?
> Are you using JDKs provided by the Linux distro or one you downloaded separately from Oracle?
> (Its always possible that there is some configuration anywhere in the above that is interfering with reading jspwiki.policy.)
>
> What do the user environment variables look like when you start tomcat?
> Do you have any special CATALINA_OPTS or JAVA_OPTS defined in catalina.sh?
>
> It would appear to be something in your environment, as Janne, myself and others all have been successful so its got to be something in your environment, just need to find it.
>
> FWIW: I installed tomcat6 ubuntu dist (via apt-get tomcat6) which also installed OpenJDK, also worked for me.
>
> --joe
>
> On 3/31/2011 12:34 PM, George, Kenneth V [NTK] wrote:
>> Thanks for taking the time to research all of this.
>>
>> I am not sure why things are not working for me with 2 different machines and flavors 1.6 JDK (which is very frustrating since I think 1.5 is about to go the way of 1.4 - eol).
>>
>> I enabled the SecurityConfig.jsp and was able to show using 1.6 and Tomcat 6.0.32 I would get ALL GREEN boxes no matter what I would set jspwiki.policy to, and would get a mix of GREEN and RED using 1.5.
>>
>> I was thinking that maybe I should d/l the source and try to build the JSPWiki.jar file using 1.6 and see if I get different results. Just not sure.
>>
>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>> Sent: Thursday, March 31, 2011 2:16 PM
>> To: jspwiki-user@incubator.apache.org
>> Subject: Re: Profile Security NOT WORKING!!!
>>
>> All this commotion got the best of me, so I gave it a spin. Plus I'm running 2.4 and I probably should really upgrade.
>>
>> At any rate, seemed to work for me, here's what I did:
>>
>> 1. Spun up a new Ubuntu Server 10.10 X64 VM
>> 2. Created install folder /app
>> 3. Downloaded JDK 1.6.0_24 X64 from Oracle
>> 4. Installed Java into /app/jdk1.6.0_24
>> 5. export JAVA_HOME=/app/jdk1.6.0_24
>> 6. Downloaded Tomcat 6.0.32
>> 7. Installed Tomcat in /app/web/apache-tomcat-6.0.32
>> 8. Started up Tomcat to make sure its working. It was. Shut it down.
>> 9. Downloaded JSPWiki 2.8.4
>> 10. Installed JSPWiki into /app/web/sites/default/webapps/wiki
>> 11. Installed corepages into /app/web/sites/default/webapps/wiki
>> 12. Edited jspwiki.properties to fix paths for pageDir and storageDir
>> 13. Created Tomcat webapp descriptor in /app/web/apache-tomcat-6.0.32/conf/Catalina/localhost/wiki.xml (attached)
>> 14. Started up Tomcat hit the /wiki/Installer.jsp page in browser.
>> 15. Restarted Tomcat. Verified I could create files as anonymous, and I could login to admin account.
>> 16. Changed WEB-INF/jspwiki.policy (attached) file so that only logged in users can create/modify pages.
>> 17. Restarted Tomcat. Verified I could not created/modify pages until I logged in.
>> Seemed pretty straight forward to me. Much easier than getting JSPWiki 2.4 with a custom jspwiki.policy to work with Sun Java System Web Server 7.0.
>>
>> :-)
>>
>> The Security Configuration Verifier showed the exact permissions of what I could do.
>>
>> --joe
>>
>>
>> On 3/31/2011 6:28 AM, George, Kenneth V [NTK] wrote:
>>
>> ...AND...on my test machine (local) I am using 1.6.0_24
>>
>>
>>
>> C:\Documents and Settings\kvg6037>java -version
>>
>> java version "1.6.0_24"
>>
>> Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
>>
>> Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode, sharing)
>>
>>
>>
>> -----Original Message-----
>>
>> From: Janne Jalkanen [mailto:Janne.Jalkanen@ecyrd.com]
>>
>> Sent: Thursday, March 31, 2011 1:42 AM
>>
>> To:
>> jspwiki-user@incubator.apache.org<mailto:jspwiki-user@incubator.apache
>> .org>
>>
>> Subject: Re: Profile Security NOT WORKING!!!
>>
>>
>>
>>
>>
>> This is odd, since I'm running on same JSPWiki, Ubuntu 10.04, Tomcat 6.0.32 (which is BTW a recommended upgrade; Chrome 10 breaks on occasion otherwise), and I have jspwiki.policy working. However, I am running OpenJDK 6b20-1.9.7-0ubuntu1~10.04.1.
>>
>>
>>
>> Is it possible that for some reason Sun JDK's built-in policy management is kicking in here? Or that it might just be broken in some odd fashion. Can you try OpenJDK and see if that works for you?
>>
>>
>>
>> /Janne
>>
>>
>> ________________________________
>>
>> This e-mail may contain Sprint Nextel proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.
>>
>
>
> ________________________________
>
> This e-mail may contain Sprint Nextel proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.
>