You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Michal Kwiatek <Mi...@cern.ch> on 2005/01/14 10:58:12 UTC
xalan problem with security manager
Hi all,
I can't make xalan work when I run tomcat with security manager.
All I get is java.lang.ExceptionInInitializerError (see stack trace
below).
It works fine without security manager.
Has any of you used xalan on tomcat with secuirity manager? What
privileges should I grant to the code?
I tried:
grant {
permission java.util.PropertyPermission "*", "read";
permission java.net.SocketPermission "*", "connect";
permission java.lang.RuntimePermission "getClassLoader";
};
grant {
permission java.io.FilePermission "${catalina.home}/temp/*", "read,
write, delete";
};
But it doesn't help. Any ideas?
Thank you very much in advance,
Michal.
My setup is tomcat 5.0.28 on jdk 1.4.2_06, it behaves the same on win xp
or linux.
Here's the code:
File xmlFileObj = new File(xmlFile);
File xslFileObj = new File(xslFile);
this.out = out;
TransformerFactory tFactory =
TransformerFactory.newInstance();
Transformer transformer = tFactory.newTransformer(new
StreamSource(xslFileObj));
transformer.setParameter("serviceName", serviceName);
transformer.transform(new StreamSource(xmlFileObj), new
StreamResult(out));
out.flush();
And the stack trace.
javax.servlet.ServletException
org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageCont
extImpl.java:825)
org.apache.jasper.runtime.PageContextImpl.access$1100(PageContextImpl.ja
va:64)
org.apache.jasper.runtime.PageContextImpl$12.run(PageContextImpl.java:74
5)
java.security.AccessController.doPrivileged(Native Method)
org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContex
tImpl.java:743)
org.apache.jsp.tree_jsp._jspService(tree_jsp.java:98)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.ja
va:324)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:268)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.jav
a:157)
root cause
java.lang.ExceptionInInitializerError
java.lang.Class.forName0(Native Method)
java.lang.Class.forName(Class.java:141)
org.apache.xalan.serialize.SerializerFactory.getSerializer(SerializerFac
tory.java:131)
org.apache.xalan.transformer.TransformerImpl.createResultContentHandler(
TransformerImpl.java:1048)
org.apache.xalan.transformer.TransformerImpl.createResultContentHandler(
TransformerImpl.java:975)
org.apache.xalan.transformer.TransformerImpl.transform(TransformerImpl.j
ava:1124)
org.apache.xalan.transformer.TransformerImpl.transform(TransformerImpl.j
ava:1107)
circeos.xml.XslHtmlConverter.Display(XslHtmlConverter.java:29)
org.apache.jsp.tree_jsp._jspService(tree_jsp.java:84)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.ja
va:324)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:268)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.jav
a:157)
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: xalan problem with security manager
Posted by Greg Lappen <gr...@lapcominc.com>.
Michael-
If you suspect the error is related to the security manager, run tomcat
with the following environment variable set:
export CATALINA_OPTS=-Djava.security.debug=access:failure
This will put logging for the security manager in your catalina.out
file (or your applications log file if you defined a new logger for
your webapp). It will show all the access checks (in short form) and a
stack trace and domain that caused the failure when a failure occurs.
It will tell you what permission was denied, and the codebase it was
denied to.
I used it extensively yesterday to set up my security policy. For more
info see
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/security-manager-
howto.html
Greg
On Jan 14, 2005, at 4:58 AM, Michal Kwiatek wrote:
> Hi all,
>
> I can't make xalan work when I run tomcat with security manager.
> All I get is java.lang.ExceptionInInitializerError (see stack trace
> below).
> It works fine without security manager.
>
> Has any of you used xalan on tomcat with secuirity manager? What
> privileges should I grant to the code?
>
> I tried:
>
> grant {
> permission java.util.PropertyPermission "*", "read";
> permission java.net.SocketPermission "*", "connect";
> permission java.lang.RuntimePermission "getClassLoader";
> };
>
> grant {
> permission java.io.FilePermission "${catalina.home}/temp/*", "read,
> write, delete";
> };
>
> But it doesn't help. Any ideas?
>
> Thank you very much in advance,
> Michal.
>
> My setup is tomcat 5.0.28 on jdk 1.4.2_06, it behaves the same on win
> xp
> or linux.
>
> Here's the code:
>
> File xmlFileObj = new File(xmlFile);
> File xslFileObj = new File(xslFile);
> this.out = out;
> TransformerFactory tFactory =
> TransformerFactory.newInstance();
> Transformer transformer = tFactory.newTransformer(new
> StreamSource(xslFileObj));
> transformer.setParameter("serviceName", serviceName);
> transformer.transform(new StreamSource(xmlFileObj), new
> StreamResult(out));
> out.flush();
>
> And the stack trace.
>
> javax.servlet.ServletException
>
> org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageCon
> t
> extImpl.java:825)
>
> org.apache.jasper.runtime.PageContextImpl.access$1100(PageContextImpl.j
> a
> va:64)
>
> org.apache.jasper.runtime.PageContextImpl$12.run(PageContextImpl.java:
> 74
> 5)
> java.security.AccessController.doPrivileged(Native Method)
>
> org.apache.jasper.runtime.PageContextImpl.handlePageException(PageConte
> x
> tImpl.java:743)
> org.apache.jsp.tree_jsp._jspService(tree_jsp.java:98)
>
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.j
> a
> va:324)
>
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:
> 292)
>
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
> v
> a:39)
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
> r
> Impl.java:25)
> java.lang.reflect.Method.invoke(Method.java:324)
>
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
> java.security.AccessController.doPrivileged(Native Method)
> javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
>
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:
> 268)
>
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.ja
> v
> a:157)
>
> root cause
>
> java.lang.ExceptionInInitializerError
> java.lang.Class.forName0(Native Method)
> java.lang.Class.forName(Class.java:141)
>
> org.apache.xalan.serialize.SerializerFactory.getSerializer(SerializerFa
> c
> tory.java:131)
>
> org.apache.xalan.transformer.TransformerImpl.createResultContentHandler
> (
> TransformerImpl.java:1048)
>
> org.apache.xalan.transformer.TransformerImpl.createResultContentHandler
> (
> TransformerImpl.java:975)
>
> org.apache.xalan.transformer.TransformerImpl.transform(TransformerImpl.
> j
> ava:1124)
>
> org.apache.xalan.transformer.TransformerImpl.transform(TransformerImpl.
> j
> ava:1107)
> circeos.xml.XslHtmlConverter.Display(XslHtmlConverter.java:29)
> org.apache.jsp.tree_jsp._jspService(tree_jsp.java:84)
>
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.j
> a
> va:324)
>
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:
> 292)
>
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
> v
> a:39)
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
> r
> Impl.java:25)
> java.lang.reflect.Method.invoke(Method.java:324)
>
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
> java.security.AccessController.doPrivileged(Native Method)
> javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
>
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:
> 268)
>
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.ja
> v
> a:157)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>