commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcel Overdijk" <m.overd...@oravision.nl>
Subject sequrity problem with accessing files
Date Thu, 15 May 2003 07:00:37 GMT
Hello, 
 
I'm having a sequrity problem with accessing files. I received the below
information from Robert.
 
Which do I have to change ?
 
---------------
 
your ISP is running a security manager with a restricted security
policy. 
this policy is preventing dynamic discovery of properties through 
reflection. this prevents beanutils from working correctly.
 
IMHO there is no real security reason why your ISP should have this
policy 
(for non-applets). i would suggest that you learn about security
managers 
and use this information to education your ISP and to lobby for a change
 
to a less restrictive security policy for servlets.
 
- robert
 
---------------
 
Starting service Tomcat-Apache13
Apache Tomcat/4.0.3
WebappLoader[]: Deploying class repositories to work directory
/var/tomcat4/work/defaulthost/_
StandardManager[]: Seeding random number generator class
java.security.SecureRandom
StandardManager[]: Seeding of random number generator has been completed
ContextConfig[]: Missing application web.xml, using defaults only
ContextConfig[]: Added certificates -> request attribute Valve
StandardWrapper[:default]: Loading container servlet default
StandardWrapper[:invoker]: Loading container servlet invoker
register('-//Apache Software Foundation//DTD Struts Configuration
1.0//EN',
'jar:file:/home/virtual/site46/fst/var/www/html/WEB-INF/lib/struts.jar!/
org/apache/struts/resources/struts-config_1_0.dtd'
register('-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN',
'jar:file:/home/virtual/site46/fst/var/www/html/WEB-INF/lib/struts.jar!/
org/apache/struts/resources/web-app_2_2.dtd'
register('-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN',
'jar:file:/home/virtual/site46/fst/var/www/html/WEB-INF/lib/struts.jar!/
org/apache/struts/resources/web-app_2_3.dtd'
resolveEntity('-//Apache Software Foundation//DTD Struts Configuration
1.0//EN', 'http://jakarta.apache.org/struts/dtds/struts-config_1_0.dtd')
 Resolving to alternate DTD
'jar:file:/home/virtual/site46/fst/var/www/html/WEB-INF/lib/struts.jar!/
org/apache/struts/resources/struts-config_1_0.dtd'
New org.apache.struts.action.ActionForward
Set org.apache.struts.action.ActionForward properties
Call
org.apache.struts.tiles.ActionComponentServlet.addForward(ActionForward[
failure])
Pop org.apache.struts.action.ActionForward
New org.apache.struts.action.ActionMapping
Set org.apache.struts.action.ActionMapping properties
Call
org.apache.struts.tiles.ActionComponentServlet.addMapping(ActionMapping[
path=/tiles-admin/reload,
type=org.apache.struts.tiles.actions.ReloadDefinitionsAction])
Pop org.apache.struts.action.ActionMapping
New org.apache.struts.action.ActionMapping
Set org.apache.struts.action.ActionMapping properties
Call
org.apache.struts.tiles.ActionComponentServlet.addMapping(ActionMapping[
path=/tiles-admin/view,
type=org.apache.struts.tiles.actions.ViewDefinitionsAction])
Pop org.apache.struts.action.ActionMapping
New org.apache.struts.action.ActionMapping
Set org.apache.struts.action.ActionMapping properties
Call
org.apache.struts.tiles.ActionComponentServlet.addMapping(ActionMapping[
path=/test, type=org.apache.struts.actions.ForwardAction])
Pop org.apache.struts.action.ActionMapping
New org.apache.struts.action.ActionMapping
Set org.apache.struts.action.ActionMapping properties
Call
org.apache.struts.tiles.ActionComponentServlet.addMapping(ActionMapping[
path=/home, type=org.apache.struts.actions.ForwardAction])
Pop org.apache.struts.action.ActionMapping
New org.apache.struts.action.ActionMapping
Set org.apache.struts.action.ActionMapping properties
Call
org.apache.struts.tiles.ActionComponentServlet.addMapping(ActionMapping[
path=/trends, type=org.apache.struts.actions.ForwardAction])
Pop org.apache.struts.action.ActionMapping
New org.apache.struts.action.ActionMapping
Set org.apache.struts.action.ActionMapping properties
Call
org.apache.struts.tiles.ActionComponentServlet.addMapping(ActionMapping[
path=/productlijn, type=org.apache.struts.actions.ForwardAction])
Pop org.apache.struts.action.ActionMapping
New org.apache.struts.action.ActionMapping
Set org.apache.struts.action.ActionMapping properties
Call
org.apache.struts.tiles.ActionComponentServlet.addMapping(ActionMapping[
path=/prijzen, type=org.apache.struts.actions.ForwardAction])
Pop org.apache.struts.action.ActionMapping
New org.apache.struts.action.ActionMapping
Set org.apache.struts.action.ActionMapping properties
Call
org.apache.struts.tiles.ActionComponentServlet.addMapping(ActionMapping[
path=/contact, type=org.apache.struts.actions.ForwardAction])
Pop org.apache.struts.action.ActionMapping
register('-//Apache Software Foundation//DTD Struts Configuration
1.0//EN',
'jar:file:/home/virtual/site46/fst/var/www/html/WEB-INF/lib/struts.jar!/
org/apache/struts/resources/struts-config_1_0.dtd'
register('-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN',
'jar:file:/home/virtual/site46/fst/var/www/html/WEB-INF/lib/struts.jar!/
org/apache/struts/resources/web-app_2_2.dtd'
register('-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN',
'jar:file:/home/virtual/site46/fst/var/www/html/WEB-INF/lib/struts.jar!/
org/apache/struts/resources/web-app_2_3.dtd'
resolveEntity('-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN',
'http://java.sun.com/j2ee/dtds/web-app_2_2.dtd')
 Resolving to alternate DTD
'jar:file:/home/virtual/site46/fst/var/www/html/WEB-INF/lib/struts.jar!/
org/apache/struts/resources/web-app_2_2.dtd'
Call
org.apache.struts.tiles.ActionComponentServlet.addServletMapping(action/
java.lang.String,*.do/java.lang.String)
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)  at
java.security.AccessControlContext.checkPermission(AccessControlContext.
java:270)
 at
java.security.AccessController.checkPermission(AccessController.java:401
)
 at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
 at
java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
 at java.lang.Class.checkMemberAccess(Class.java:1401)
 at java.lang.Class.getDeclaredMethods(Class.java:1101)
 at
org.apache.commons.beanutils.MappedPropertyDescriptor$1.run(MappedProper
tyDescriptor.java:381)
 at java.security.AccessController.doPrivileged(Native Method)  at
org.apache.commons.beanutils.MappedPropertyDescriptor.getPublicDeclaredM
ethods(MappedPropertyDescriptor.java:378)
 at
org.apache.commons.beanutils.MappedPropertyDescriptor.internalFindMethod
(MappedPropertyDescriptor.java:448)
 at
org.apache.commons.beanutils.MappedPropertyDescriptor.findMethod(MappedP
ropertyDescriptor.java:522)
 at
org.apache.commons.beanutils.MappedPropertyDescriptor.<init>(MappedPrope
rtyDescriptor.java:149)
 at
org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor(Propert
yUtils.java:886)
 at
org.apache.commons.beanutils.BeanUtils.setProperty(BeanUtils.java:846)
 at org.apache.commons.beanutils.BeanUtils.populate(BeanUtils.java:726)
 at
org.apache.struts.tiles.DefinitionsFactoryConfig.populate(DefinitionsFac
toryConfig.java:355)
 at
org.apache.struts.tiles.DefinitionsUtil.populateDefinitionsFactoryConfig
(DefinitionsUtil.java:391)
 at
org.apache.struts.tiles.DefinitionsUtil.readFactoryConfig(DefinitionsUti
l.java:410)
 at
org.apache.struts.tiles.DefinitionsUtil.createDefinitionsFactory(Definit
ionsUtil.java:213)
 at
org.apache.struts.tiles.DefinitionsUtil.createDefinitionsFactory(Definit
ionsUtil.java:248)
 at
org.apache.struts.tiles.ActionComponentServlet.initComponentDefinitionsM
apping(ActionComponentServlet.java:136)
 at
org.apache.struts.tiles.ActionComponentServlet.init(ActionComponentServl
et.java:109)
 at javax.servlet.GenericServlet.init(GenericServlet.java:258)
 at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.jav
a:916)
 at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:808)
 at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.j
ava:3266)
 at
org.apache.catalina.core.StandardContext.start(StandardContext.java:3395
)
 at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
 at org.apache.catalina.core.StandardHost.start(StandardHost.java:614)
 at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
 at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343)
 at
org.apache.catalina.core.StandardService.start(StandardService.java:388)
 at
org.apache.catalina.core.StandardServer.start(StandardServer.java:506)
 at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
 at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
 at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)  at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
 at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:324)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
Ajp13Connector[8009] Opening server socket on host IP address 127.0.0.1
Ajp13Connector[8009] Starting background thread Ajp13Processor[8009][0]
Starting background thread Ajp13Processor[8009][1] Starting background
thread Ajp13Processor[8009][2] Starting background thread
Ajp13Processor[8009][3] Starting background thread
Ajp13Processor[8009][4] Starting background thread

 

Met vriendelijke groet,


Marcel Overdijk




 

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message