incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <Janne.Jalka...@ecyrd.com>
Subject Re: JSPWiki seems to be accessing from /WEB-INF regardless of java.security.policy value
Date Wed, 21 Nov 2007 22:51:12 GMT

Hi!

Did you try

-Djava.security.policy==C:/path/jspwiki.policy?

I.e. double = -marks?

findConfigFile() really is meant to find only the local config file,  
so it's actually doing exactly what it should be doing.

The new local policy in 2.5 works in the way that we first check the  
global policy, and if that does not give permission, we check the  
local policy.  So you can "override" permissions in a local policy.   
I put the quotation marks because the local policy cannot restrict  
over global policy - it can only give more permissions.

The NPE is a bit odd though - it should survive a missing local  
policy.  This is clearly a bug (and should be filed...)

/Janne

On 22 Nov 2007, at 00:36, Dave Wolf wrote:

> Hi,
>
> This has been making me crazy for over a week -- I have added -
> Djava.security.policy=C:/<path>/jspwiki.policy to the Tomcat Java
> Configuration. The path is being read as I added a JSP Page to  
> display the
> value of java.security.policy. The correct value is returned. I'm  
> running
> the latest cvs version (2.5.157) on WinXP and Tomcat 5.5.
>
> When I look at the jspwiki.log, I see the following (notice blue  
> highlighted
> text):
>  11-21@14:20:04 INFO com.ecyrd.jspwiki.WikiEngine  -
> *******************************************
>  11-21@14:20:04 INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki
> 2.5.157-cvsstarting. Whee!
>  11-21@14:20:04 INFO com.ecyrd.jspwiki.WikiEngine  - Servlet  
> container:
> Apache Tomcat/5.5.25
>  11-21@14:20:04 INFO com.ecyrd.jspwiki.WikiEngine   - JSPWiki working
> directory is 'C:\WebContent\Wiki\tmp'
>  11-21@14:20:04 INFO  
> com.ecyrd.jspwiki.providers.AbstractFileProvider  -
> Wikipages are read from 'C:\WebContent\Wiki\Content'
>  11-21@14:20:04 INFO com.ecyrd.jspwiki.plugin.PluginManager  -  
> Registering
> plugins
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.diff.DifferenceManager   -  
> Using
> difference provider: TraditionalDiffProvider
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider   
> - Lucene
> enabled, cache will be in: C:\WebContent\Wiki\tmp\lucene
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: JSPWiki Lucene Indexer.
>  11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.search.LuceneSearchProvider   - Files
> found in Lucene directory, not reindexing.
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: WatchDog for 'Wiki'.
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.EditorManager   -  
> Registering
> editor modules
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.AuthenticationManager   
> - Checking
> JAAS configuration...
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.AuthenticationManager   
> - JAAS
> already configured by some other application (leaving it alone...)
>  11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Examining jndi:/localhost/Wiki/WEB-INF/web.xml
>  11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - JSPWiki is using custom authentication.
>  11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Authorizer WebContainerAuthorizer initialized successfully.
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.AuthorizationManager   -
> Initialized local security policy: C:\servers\Apache\Tomcat
> 5.5\webapps\Wiki\WEB-INF\jspwiki.policy
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.authorize.GroupManager  -
> Attempting to load group database class
> com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase
>  11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase  -
> XML group database at C:\WebContent\Wiki\groupdatabase.xml
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.authorize.GroupManager   
> - Group
> database initialized.
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.authorize.GroupManager  -
> Authorizer GroupManager initialized successfully; loaded 1 group(s).
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -  
> Using
> JDK 1.5 Platform MBeanServer
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> com.sun.jmx.mbeanserver.JmxMBeanServer
>   11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> DefaultDomain
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> Registered new admin bean Core bean
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager   -
> Registered new admin bean User administration
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> Registered new admin bean Search manager
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager   -
> Registered new admin bean Plugins
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> Registered new admin bean WikiWizard
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> Registered new admin bean Plain editor
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.WikiEngine  - Cannot find  
> property
> file for filters (this is okay, expected to find it as:
> '/WEB-INF/filters.xml')
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.render.RenderingManager   -  
> Rendering
> content with com.ecyrd.jspwiki.render.XHTMLRenderer.
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ReferenceManager  - Starting  
> cross
> reference scan of WikiPages
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.UserManager   -  
> Attempting to
> load user database class com.ecyrd.jspwiki.auth.user.XMLUserDatabase
>  11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.auth.user.AbstractUserDatabase  - XML
> user database at C:\WebContent\Wiki\userdatabase.xml
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.UserManager  -  
> UserDatabase
> initialized.
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ReferenceManager  - Cross  
> reference
> scan done in 0:00: 00.203
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.WikiEngine  - WikiEngine  
> configured.
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: JSPWiki RSS Generator.
>  11-21@14 :20:05 INFO com.ecyrd.jspwiki.WikiEngine  - Root path for  
> this
> Wiki is: 'C:\servers\Apache\Tomcat 5.5\webapps\Wiki\'
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.WikiServlet  - WikiServlet
> initialized.
>
> JSPWiki seems to be sourcing the jspwiki.policy from the
> /webapps/Wiki/WEB-INF/jspwiki.policy file. If I remove the file,  
> then the
> following appears in the log file:
>
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki
> 2.5.157-cvsstarting. Whee!
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.WikiEngine  - Servlet  
> container:
> Apache Tomcat/5.5.25
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki working
> directory is 'C:\WebContent\Wiki\tmp'
>  11-21@14:52:38 INFO  
> com.ecyrd.jspwiki.providers.AbstractFileProvider  -
> Wikipages are read from 'C:\WebContent\Wiki\Content'
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.plugin.PluginManager  -  
> Registering
> plugins
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.diff.DifferenceManager  - Using
> difference provider: TraditionalDiffProvider
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider   
> - Lucene
> enabled, cache will be in: C:\WebContent\Wiki\tmp\lucene
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: JSPWiki Lucene Indexer.
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider   
> - Files
> found in Lucene directory, not reindexing.
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: WatchDog for 'Wiki'.
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.ui.EditorManager  - Registering
> editor modules
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.auth.AuthenticationManager  -
> Checking JAAS configuration...
>  11-21@14:52:38 INFO com.ecyrd.jspwiki.auth.AuthenticationManager   
> - JAAS
> already configured by some other application (leaving it alone...)
>  11-21@14:52:38 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Examining jndi:/localhost/Wiki/WEB-INF/web.xml
>  11-21@14:52:38 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - JSPWiki is using custom authentication.
>  11-21@14:52:38 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Authorizer WebContainerAuthorizer initialized successfully.
>  11-21@14:52:38 FATAL com.ecyrd.jspwiki.WikiEngine  - Failed to start
> managers.
>  java.lang.NullPointerException
>     at com.ecyrd.jspwiki.auth.AuthorizationManager.initialize(
> AuthorizationManager.java:408)
>     at com.ecyrd.jspwiki.WikiEngine.initialize(WikiEngine.java:532)
>     at com.ecyrd.jspwiki.WikiEngine.<init>(WikiEngine.java:386)
>     at com.ecyrd.jspwiki.WikiEngine.getInstance(WikiEngine.java:334)
>     at com.ecyrd.jspwiki.ui.WikiServletFilter.init 
> (WikiServletFilter.java
> :55)
>     at org.apache.catalina.core.ApplicationFilterConfig.getFilter(
> ApplicationFilterConfig.java:221)
>     at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(
> ApplicationFilterConfig.java:302)
>     at org.apache.catalina.core.ApplicationFilterConfig.<init>(
> ApplicationFilterConfig.java:78)
>     at org.apache.catalina.core.StandardContext.filterStart(
> StandardContext.java:3635)
>     at org.apache.catalina.core.StandardContext.start 
> (StandardContext.java
> :4222)
>     at org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:760)
>     at org.apache.catalina.core.ContainerBase.addChild 
> (ContainerBase.java
> :740)
>     at org.apache.catalina.core.StandardHost.addChild 
> (StandardHost.java:544)
>     at org.apache.catalina.startup.HostConfig.deployDescriptor(
> HostConfig.java:626)
>     at org.apache.catalina.startup.HostConfig.deployDescriptors(
> HostConfig.java:553)
>     at org.apache.catalina.startup.HostConfig.deployApps 
> (HostConfig.java
> :488)
>     at org.apache.catalina.startup.HostConfig.start(HostConfig.java: 
> 1138)
>     at org.apache.catalina.startup.HostConfig.lifecycleEvent 
> (HostConfig.java
> :311)
>     at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(
> LifecycleSupport.java:120)
>     at org.apache.catalina.core.ContainerBase.start 
> (ContainerBase.java:1022)
>     at org.apache.catalina.core.StandardHost.start 
> (StandardHost.java:736)
>     at org.apache.catalina.core.ContainerBase.start 
> (ContainerBase.java:1014)
>     at org.apache.catalina.core.StandardEngine.start 
> (StandardEngine.java
> :443)
>     at org.apache.catalina.core.StandardService.start 
> (StandardService.java
> :448)
>     at org.apache.catalina.core.StandardServer.start 
> (StandardServer.java
> :700)
>     at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>     at java.lang.reflect.Method.invoke(Unknown Source)
>     at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>     at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.WikiEngine  -
> *******************************************
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki
> 2.5.157-cvsstarting. Whee!
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.WikiEngine  - Servlet  
> container:
> Apache Tomcat/5.5.25
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki working
> directory is 'C:\WebContent\Wiki\tmp'
>  11-21@14:52:39 INFO  
> com.ecyrd.jspwiki.providers.AbstractFileProvider  -
> Wikipages are read from 'C:\WebContent\Wiki\Content'
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.plugin.PluginManager  -  
> Registering
> plugins
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.diff.DifferenceManager  - Using
> difference provider: TraditionalDiffProvider
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider   
> - Lucene
> enabled, cache will be in: C:\WebContent\Wiki\tmp\lucene
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.ui.EditorManager  - Registering
> editor modules
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: JSPWiki Lucene Indexer.
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider   
> - Files
> found in Lucene directory, not reindexing.
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.auth.AuthenticationManager  -
> Checking JAAS configuration...
>  11-21@14:52:39 INFO com.ecyrd.jspwiki.auth.AuthenticationManager   
> - JAAS
> already configured by some other application (leaving it alone...)
>  11-21@14:52:39 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Examining jndi:/localhost/Wiki/WEB-INF/web.xml
>  11-21@14:52:39 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - JSPWiki is using custom authentication.
>  11-21@14:52:39 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Authorizer WebContainerAuthorizer initialized successfully.
>  11-21@14:52:39 FATAL com.ecyrd.jspwiki.WikiEngine  - Failed to start
> managers.
>  java.lang.NullPointerException
>     at com.ecyrd.jspwiki.auth.AuthorizationManager.initialize(
> AuthorizationManager.java:408)
>     at com.ecyrd.jspwiki.WikiEngine.initialize(WikiEngine.java:532)
>     at com.ecyrd.jspwiki.WikiEngine.<init>(WikiEngine.java:386)
>     at com.ecyrd.jspwiki.WikiEngine.getInstance(WikiEngine.java:334)
>     at com.ecyrd.jspwiki.ui.WikiServletFilter.init 
> (WikiServletFilter.java
> :55)
>     at org.apache.catalina.core.ApplicationFilterConfig.getFilter(
> ApplicationFilterConfig.java:221)
>     at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(
> ApplicationFilterConfig.java:302)
>     at org.apache.catalina.core.ApplicationFilterConfig.<init>(
> ApplicationFilterConfig.java:78)
>     at org.apache.catalina.core.StandardContext.filterStart(
> StandardContext.java:3635)
>     at org.apache.catalina.core.StandardContext.start 
> (StandardContext.java
> :4222)
>     at org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:760)
>     at org.apache.catalina.core.ContainerBase.addChild 
> (ContainerBase.java
> :740)
>     at org.apache.catalina.core.StandardHost.addChild 
> (StandardHost.java:544)
>     at org.apache.catalina.startup.HostConfig.deployDescriptor(
> HostConfig.java:626)
>     at org.apache.catalina.startup.HostConfig.deployDescriptors(
> HostConfig.java:553)
>     at org.apache.catalina.startup.HostConfig.deployApps 
> (HostConfig.java
> :488)
>     at org.apache.catalina.startup.HostConfig.start(HostConfig.java: 
> 1138)
>     at org.apache.catalina.startup.HostConfig.lifecycleEvent 
> (HostConfig.java
> :311)
>     at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(
> LifecycleSupport.java:120)
>     at org.apache.catalina.core.ContainerBase.start 
> (ContainerBase.java:1022)
>     at org.apache.catalina.core.StandardHost.start 
> (StandardHost.java:736)
>     at org.apache.catalina.core.ContainerBase.start 
> (ContainerBase.java:1014)
>     at org.apache.catalina.core.StandardEngine.start 
> (StandardEngine.java
> :443)
>     at org.apache.catalina.core.StandardService.start 
> (StandardService.java
> :448)
>     at org.apache.catalina.core.StandardServer.start 
> (StandardServer.java
> :700)
>     at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>     at java.lang.reflect.Method.invoke(Unknown Source)
>     at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>     at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> 11-21@14:52:40 ERROR com.ecyrd.jspwiki.util.WikiBackgroundThread  -
> Background thread error
>  java.lang.NullPointerException
>     at com.ecyrd.jspwiki.util.WatchDog.enterState(WatchDog.java:231)
>     at
> com.ecyrd.jspwiki.search.LuceneSearchProvider 
> $LuceneUpdater.backgroundTask(
> LuceneSearchProvider.java:712)
>     at com.ecyrd.jspwiki.util.WikiBackgroundThread.run(
> WikiBackgroundThread.java:139)
> 11-21@14:52:40 ERROR com.ecyrd.jspwiki.util.WikiBackgroundThread  -
> Background thread error
>  java.lang.NullPointerException
>     at com.ecyrd.jspwiki.util.WatchDog.enterState(WatchDog.java:231)
>     at
> com.ecyrd.jspwiki.search.LuceneSearchProvider 
> $LuceneUpdater.backgroundTask(
> LuceneSearchProvider.java:712)
>     at com.ecyrd.jspwiki.util.WikiBackgroundThread.run(
> WikiBackgroundThread.java:139
>
> It looks like AuthenticationManager.findConfigFile is only going to  
> find the
> default policy file when it is available (which would seem to be  
> incorrect).
> There seems to be no provision for getting the file from the
> java.security.policy variable.
>
> I'd be happy to attempt to create a patch, if its deemed that I'm  
> on the
> right track.
>
> Regards,
>
> -- 
> Dave Wolf


Mime
View raw message