You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Alban Espié-Guillon <al...@ow2.org> on 2022/12/21 17:20:32 UTC
tomcat9 access denied /var/lib/tomcat9/conf/web.xml
Hello,
I'm very new to tomcat, forgive me if I did not found my answer
elsewhere, i'm currently out of of ideas.
I'm trying to setup a standalone tomcat9 (9.0.31-1~deb10u7) on Debian
11, with security manager enabled.
I'm seeing in catalina logs the following stacktrace (full stacktrace
provided in attachment):
37 21-Dec-2022 16:12:04.587 SEVERE [main]
org.apache.tomcat.util.descriptor.web.WebXmlParser.parseWebXml Parse
error in application web.xml file at [file:/var/lib/tomcat9/conf/web.xml]
38 java.security.AccessControlException: access denied
("java.lang.RuntimePermission"
"accessClassInPackage.org.apache.tomcat.util.buf")
Disabling the security manager makes it disappear, but I don't
understand why tomcat has an issue reading
/var/lib/tomcat9/conf/web.xml, which is a simlink to
/etc/tomcat9/web.xml, and I did not edit the file as you see:
# ll /etc/tomcat9/web.xml
-rw-r----- 1 root tomcat 169K Feb 5 2020 /etc/tomcat9/web.xml
I tried to add the following policy in case of it could help:
grant codeBase "file:/var/lib/tomcat9/conf/web.xml" {
permission java.security.AllPermission;
};
But the error was still logged.
--
Alban Espié-Guillon
OW2 System Administrator
Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml
Posted by Mark Thomas <ma...@apache.org>.
The security manager is deprecated in newer versions of Java. If you are
new to Tomcat, whatever problem using the security manager is intended
to solve, I'd strongly encourage you to find an alternative solution.
The codebase refers to the JAR trying to read the file, not the file the
JAR is trying to read.
I suspect the Debian distribution hasn't updated the catalina.policy
file to take account of the way Debian redistributes the Tomcat files
around the file system. If you really do want to use the security
manager, you'll need to take that up with the Debian folks.
Mark
On 21/12/2022 17:20, Alban Espié-Guillon wrote:
> Hello,
>
> I'm very new to tomcat, forgive me if I did not found my answer
> elsewhere, i'm currently out of of ideas.
>
> I'm trying to setup a standalone tomcat9 (9.0.31-1~deb10u7) on Debian
> 11, with security manager enabled.
>
> I'm seeing in catalina logs the following stacktrace (full stacktrace
> provided in attachment):
>
> 37 21-Dec-2022 16:12:04.587 SEVERE [main]
> org.apache.tomcat.util.descriptor.web.WebXmlParser.parseWebXml Parse
> error in application web.xml file at [file:/var/lib/tomcat9/conf/web.xml]
> 38 java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission"
> "accessClassInPackage.org.apache.tomcat.util.buf")
>
> Disabling the security manager makes it disappear, but I don't
> understand why tomcat has an issue reading
> /var/lib/tomcat9/conf/web.xml, which is a simlink to
> /etc/tomcat9/web.xml, and I did not edit the file as you see:
>
> # ll /etc/tomcat9/web.xml
> -rw-r----- 1 root tomcat 169K Feb 5 2020 /etc/tomcat9/web.xml
>
> I tried to add the following policy in case of it could help:
>
> grant codeBase "file:/var/lib/tomcat9/conf/web.xml" {
> permission java.security.AllPermission;
> };
>
> But the error was still logged.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org