You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2009/12/02 00:57:29 UTC
DO NOT REPLY [Bug 48323] New: AccessControlException on AJP
connector, in security mode
https://issues.apache.org/bugzilla/show_bug.cgi?id=48323
Summary: AccessControlException on AJP connector, in security
mode
Product: Tomcat 6
Version: 6.0.20
Platform: PC
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
AssignedTo: dev@tomcat.apache.org
ReportedBy: alexis.hassler@sewatech.fr
I started Tomcat in security mode. Everything is fine when accessing via an
HTTP connector, either directly or via a reverse proxy. If I first access via
an AJP connector, I have the following exception :
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessClassInPackage.org.apache.coyote)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
java.security.AccessController.checkPermission(AccessController.java:546)
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:298)
java.lang.ClassLoader.loadClass(ClassLoader.java:300)
java.lang.ClassLoader.loadClass(ClassLoader.java:252)
java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
org.apache.jk.common.JkInputStream.appendHead(JkInputStream.java:283)
org.apache.jk.core.MsgContext.action(MsgContext.java:266)
org.apache.coyote.Response.action(Response.java:183)
org.apache.coyote.Response.sendHeaders(Response.java:379)
org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:305)
org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:273)
org.apache.catalina.connector.CoyoteOutputStream.close(CoyoteOutputStream.java:104)
...
This exception happens only at the first call. The second call is OK.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 48323] AccessControlException on AJP connector, in
security mode
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48323
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #2 from Mark Thomas <ma...@apache.org> 2010-02-12 23:17:31 UTC ---
This works for me with the latest 6.0.x. I suspect the fix for bug47963
refactored the code in such a way as to avoid this issue.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 48323] AccessControlException on AJP connector, in
security mode
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48323
--- Comment #1 from Alexis Hassler <al...@sewatech.fr> 2009-12-01 16:04:40 UTC ---
OK, I fixed it by adding these three lines in catalina.policy :
grant {
...
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.coyote";
permission java.util.PropertyPermission
"org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER", "read";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.util.buf";
};
Maybe it could be provided by default...
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org