axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Baernreuther Rainer <rainer.baernreut...@siemens.com>
Subject AW: Security Manager and Axis
Date Wed, 06 Nov 2002 06:56:46 GMT
Hi Stu,

thanks for your response. I actually solved the problem by switching to
Tomcat 4.1.12. Now it seems to work perfectly. 

Kind regards,
Rainer

> -----Urspr√ľngliche Nachricht-----
> Von: Stuart Halloway (DevelopMentor) [mailto:stu@develop.com]
> Gesendet: Dienstag, 5. November 2002 18:32
> An: axis-user@xml.apache.org
> Betreff: RE: Security Manager and Axis
> 
> 
> Hi Rainer,
> 
> I tried the grant syntax you used and saw the same problem. I 
> also tried
> various combinations of wildcarding and specifying the JARs
> individually, to no avail.
> 
> The debug flag -Djava.security.debug=policy should be helpful 
> here, but
> it is not. Tomcat's WebappClassLoader has a toString 
> implementation that
> triggers a security check. The policy trace then triggers the toString
> implementation, causing an infinite recursion.  
> 
> Given that Tomcat appears to be doing the class loading, you 
> may want to
> ask on the Tomcat list.
> 
> Stu
> 
> ----------------------------------------------------------
> Stuart Halloway         : staff.develop.com/halloway
> DevelopMentor           : www.develop.com
> Essential Java          : www.develop.com/courses/essjava
> ----------------------------------------------------------
> 
> 
> -----Original Message-----
> From: Baernreuther Rainer [mailto:rainer.baernreuther@siemens.com] 
> Sent: Monday, November 04, 2002 9:11 AM
> To: 'axis-user@xml.apache.org'
> Subject: Security Manager and Axis
> 
> Hi all,
> 
> I installed Axis V1.0 on my Tomcat 4.0.1 server by simply copying the
> axis
> directory into my webapps directory. If I start Tomcat without a
> Security
> Manager everything works fine. The trouble begins when the Security
> Manager
> comes into play. During the starting process of Tomcat I get two error
> messages from the Security Manager which I cannot explain. The first
> points
> to missing RuntimePermission for requesting Class Loaders:
> 
> access: access denied (java.lang.RuntimePermission getClassLoader)
> java.lang.Exception: Stack trace
>         at java.lang.Thread.dumpStack(Thread.java:1071)
>         at
> java.security.AccessControlContext.checkPermission(AccessContr
> olContext.
> java
> :259)
>         at
> java.security.AccessController.checkPermission(AccessControlle
> r.java:401
> )
>         at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
>         at
> java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1038)
>         at
> org.apache.commons.discovery.jdk.JDK12Hooks.getSystemClassLoad
> er(JDK12Ho
> oks.
> java:114)
>         at
> org.apache.commons.discovery.resource.ClassLoaders.getLibLoade
> rs(ClassLo
> ader
> s.java:176)
>         at
> org.apache.commons.discovery.tools.DiscoverClass.find(Discover
> Class.java
> :355
> )
>         at
> org.apache.commons.discovery.tools.DiscoverClass.newInstance(D
> iscoverCla
> ss.j
> ava:579)
>         at
> org.apache.commons.discovery.tools.DiscoverSingleton.find(Disc
> overSingle
> ton.
> java:418)
>         at
> org.apache.commons.discovery.tools.DiscoverSingleton.find(Disc
> overSingle
> ton.
> java:378)
>         at
> org.apache.axis.components.logger.LogFactory$1.run(LogFactory.java:84)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at
> org.apache.axis.components.logger.LogFactory.getLogFactory(Log
> Factory.ja
> va:8
> 0)
>         at
> org.apache.axis.components.logger.LogFactory.<clinit>(LogFacto
> ry.java:72
> )
>         at
> org.apache.axis.transport.http.AxisServlet.<clinit>(AxisServle
> t.java:101
> )
>         at java.lang.Class.forName0(Native Method)
>         at java.lang.Class.forName(Class.java:130)
>         at
> org.apache.axis.transport.http.AxisServletBase.class$(AxisServ
> letBase.ja
> va:8
> 7)
>         at
> org.apache.axis.transport.http.AxisServletBase.<clinit>(AxisSe
> rvletBase.
> java
> :94)
>         at 
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
>         at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeCo
> nstructorA
> cces
> sorImpl.java:39)
>         at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Dele
> gatingCons
> truc
> torAccessorImpl.java:27
> )
>         at
> java.lang.reflect.Constructor.newInstance(Constructor.java:274)
>         at java.lang.Class.newInstance0(Class.java:296)
>         at java.lang.Class.newInstance(Class.java:249)
>         at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.
> java:820)
>         at
> org.apache.catalina.core.StandardContext.loadOnStartup(Standar
> dContext.j
> ava:
> 3267)
>         at
> org.apache.catalina.core.StandardContext.start(StandardContext
> .java:3384
> )
>         at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.
> java:785)
>         at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:454)
>         at
> org.apache.catalina.core.StandardHost.install(StandardHost.java:712)
>         at
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:599)
>         at
> org.apache.catalina.startup.HostConfig.start(HostConfig.java:777)
>         at
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConf
> ig.java:46
> 3)
>         at
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(L
> ifecycleSu
> ppor
> t.java:155)
>         at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1131)
>         at
> org.apache.catalina.core.StandardHost.start(StandardHost.java:612)
>         at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
>         at
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:307)
>         at
> org.apache.catalina.core.StandardService.start(StandardService
> .java:388)
>         at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:505)
>         at 
> org.apache.catalina.startup.Catalina.start(Catalina.java:776)
>         at
> org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
>         at
> org.apache.catalina.startup.Catalina.process(Catalina.java:179)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess
> orImpl.jav
> a:39
> )
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth
> odAccessor
> Impl
> .java:25)
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) 
> 
> The second failure points to a missing property permission:
> 
> access: access denied (java.util.PropertyPermission
> org.apache.commons.discovery.log.level read)
> java.lang.Exception: Stack trace
>         at java.lang.Thread.dumpStack(Thread.java:1071)
>         at
> java.security.AccessControlContext.checkPermission(AccessContr
> olContext.
> java
> :259)
>         at
> java.security.AccessController.checkPermission(AccessControlle
> r.java:401
> )
>         at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
>         at
> java.lang.SecurityManager.checkPropertyAccess(SecurityManager.
> java:1291)
>         at java.lang.System.getProperty(System.java:572)
>         at
> org.apache.commons.discovery.log.SimpleLog.<clinit>(SimpleLog.
> java:155)
>         at
> org.apache.commons.discovery.log.DiscoveryLogFactory._newLog(D
> iscoveryLo
> gFac
> tory.java:142)
>         at
> org.apache.commons.discovery.log.DiscoveryLogFactory.<clinit>(
> DiscoveryL
> ogFa
> ctory.java:105)
>         at
> org.apache.commons.discovery.resource.DiscoverResources.<clini
> t>(Discove
> rRes
> ources.java:82)
>         at
> org.apache.commons.discovery.tools.ResourceUtils.getResource(R
> esourceUti
> ls.j
> ava:122)
>         at
> org.apache.commons.discovery.tools.ResourceUtils.loadPropertie
> s(Resource
> Util
> s.java:175)
>         at
> org.apache.commons.discovery.tools.PropertiesHolder.getPropert
> ies(Proper
> ties
> Holder.java:102)
>         at
> org.apache.commons.discovery.tools.DiscoverClass.find(Discover
> Class.java
> :360
> )
>         at
> org.apache.commons.discovery.tools.DiscoverClass.newInstance(D
> iscoverCla
> ss.j
> ava:579)
>         at
> org.apache.commons.discovery.tools.DiscoverSingleton.find(Disc
> overSingle
> ton.
> java:418)
>         at
> org.apache.commons.discovery.tools.DiscoverSingleton.find(Disc
> overSingle
> ton.
> java:378)
>         at
> org.apache.axis.components.logger.LogFactory$1.run(LogFactory.java:84)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at
> org.apache.axis.components.logger.LogFactory.getLogFactory(Log
> Factory.ja
> va:8
> 0)
>         at
> org.apache.axis.components.logger.LogFactory.<clinit>(LogFacto
> ry.java:72
> )
>         at
> org.apache.axis.transport.http.AxisServlet.<clinit>(AxisServle
> t.java:101
> )
>         at java.lang.Class.forName0(Native Method)
>         at java.lang.Class.forName(Class.java:130)
>         at
> org.apache.axis.transport.http.AxisServletBase.class$(AxisServ
> letBase.ja
> va:8
> 7)
>         at
> org.apache.axis.transport.http.AxisServletBase.<clinit>(AxisSe
> rvletBase.
> java
> :94)
>         at 
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
>         at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeCo
> nstructorA
> cces
> sorImpl.java:39)
>         at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Dele
> gatingCons
> truc
> torAccessorImpl.java:27
> )
>         at
> java.lang.reflect.Constructor.newInstance(Constructor.java:274)
>         at java.lang.Class.newInstance0(Class.java:296)
>         at java.lang.Class.newInstance(Class.java:249)
>         at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.
> java:820)
>         at
> org.apache.catalina.core.StandardContext.loadOnStartup(Standar
> dContext.j
> ava:
> 3267)
>         at
> org.apache.catalina.core.StandardContext.start(StandardContext
> .java:3384
> )
>         at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.
> java:785)
>         at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:454)
>         at
> org.apache.catalina.core.StandardHost.install(StandardHost.java:712)
>         at
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:599)
>         at
> org.apache.catalina.startup.HostConfig.start(HostConfig.java:777)
>         at
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConf
> ig.java:46
> 3)
>         at
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(L
> ifecycleSu
> ppor
> t.java:155)
>         at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1131)
>         at
> org.apache.catalina.core.StandardHost.start(StandardHost.java:612)
>         at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
>         at
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:307)
>         at
> org.apache.catalina.core.StandardService.start(StandardService
> .java:388)
>         at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:505)
>         at 
> org.apache.catalina.startup.Catalina.start(Catalina.java:776)
>         at
> org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
>         at
> org.apache.catalina.startup.Catalina.process(Catalina.java:179)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess
> orImpl.jav
> a:39
> )
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth
> odAccessor
> Impl
> .java:25)
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
> 
> I have already added the following entry to the property file
> catalina.policy:
> 
> grant codeBase "file:${catalina.home}/webapps/axis/-" {
>         permission java.security.AllPermission;
> };
> 
> From my point of view all the class files mentioned in the above stack
> traces are covered by the policy file and all class files should have
> AllPermission.
> Can anybody explain to me what I'm doing wrong. Are there still other
> jar
> files that have to be added to the policy file?
> 
> Thanks for your help in advance.
> 
> Rainer
> 

Mime
View raw message