incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <andrew.jaqu...@mac.com>
Subject Re: JSPWiki seems to be accessing from /WEB-INF regardless of java.security.policy value
Date Wed, 21 Nov 2007 22:51:33 GMT
Dave,

The 2.5 builds look for a "local" policy file that is expected to be  
in WEB-INF. When making authorization decisions, JSPWiki checks the  
global policy (the one set by java.security.policy) first. If the  
permission isn't granted, it checks the local policy.

Why did you delete the local policy (WEB-INF\jspwiki.policy)? The  
AuthorizationManager code assumes it's there. It's probably a bug if  
we don't handle its absence gracefully, so yes, a patch would be most  
welcome.

Andrew

On Nov 21, 2007, at 5:36 PM, Dave Wolf wrote:

> Hi,
>
> This has been making me crazy for over a week -- I have added -
> Djava.security.policy=C:/<path>/jspwiki.policy to the Tomcat Java
> Configuration. The path is being read as I added a JSP Page to  
> display the
> value of java.security.policy. The correct value is returned. I'm  
> running
> the latest cvs version (2.5.157) on WinXP and Tomcat 5.5.
>
> When I look at the jspwiki.log, I see the following (notice blue  
> highlighted
> text):
> 11-21@14:20:04 INFO com.ecyrd.jspwiki.WikiEngine  -
> *******************************************
> 11-21@14:20:04 INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki
> 2.5.157-cvsstarting. Whee!
> 11-21@14:20:04 INFO com.ecyrd.jspwiki.WikiEngine  - Servlet container:
> Apache Tomcat/5.5.25
> 11-21@14:20:04 INFO com.ecyrd.jspwiki.WikiEngine   - JSPWiki working
> directory is 'C:\WebContent\Wiki\tmp'
> 11-21@14:20:04 INFO  
> com.ecyrd.jspwiki.providers.AbstractFileProvider  -
> Wikipages are read from 'C:\WebContent\Wiki\Content'
> 11-21@14:20:04 INFO com.ecyrd.jspwiki.plugin.PluginManager  -  
> Registering
> plugins
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.diff.DifferenceManager   - Using
> difference provider: TraditionalDiffProvider
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider  -  
> Lucene
> enabled, cache will be in: C:\WebContent\Wiki\tmp\lucene
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: JSPWiki Lucene Indexer.
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider    
> - Files
> found in Lucene directory, not reindexing.
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: WatchDog for 'Wiki'.
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.EditorManager   - Registering
> editor modules
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.AuthenticationManager  -  
> Checking
> JAAS configuration...
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.AuthenticationManager  -  
> JAAS
> already configured by some other application (leaving it alone...)
> 11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Examining jndi:/localhost/Wiki/WEB-INF/web.xml
> 11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - JSPWiki is using custom authentication.
> 11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Authorizer WebContainerAuthorizer initialized successfully.
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.AuthorizationManager   -
> Initialized local security policy: C:\servers\Apache\Tomcat
> 5.5\webapps\Wiki\WEB-INF\jspwiki.policy
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.authorize.GroupManager  -
> Attempting to load group database class
> com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase
> 11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.auth.authorize.XMLGroupDatabase  -
> XML group database at C:\WebContent\Wiki\groupdatabase.xml
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.authorize.GroupManager  -  
> Group
> database initialized.
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.authorize.GroupManager  -
> Authorizer GroupManager initialized successfully; loaded 1 group(s).
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -  
> Using
> JDK 1.5 Platform MBeanServer
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> com.sun.jmx.mbeanserver.JmxMBeanServer
>  11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> DefaultDomain
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> Registered new admin bean Core bean
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager   -
> Registered new admin bean User administration
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> Registered new admin bean Search manager
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager   -
> Registered new admin bean Plugins
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> Registered new admin bean WikiWizard
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ui.admin.AdminBeanManager  -
> Registered new admin bean Plain editor
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.WikiEngine  - Cannot find  
> property
> file for filters (this is okay, expected to find it as:
> '/WEB-INF/filters.xml')
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.render.RenderingManager   -  
> Rendering
> content with com.ecyrd.jspwiki.render.XHTMLRenderer.
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ReferenceManager  - Starting  
> cross
> reference scan of WikiPages
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.UserManager   -  
> Attempting to
> load user database class com.ecyrd.jspwiki.auth.user.XMLUserDatabase
> 11-21@14:20:05 INFO  
> com.ecyrd.jspwiki.auth.user.AbstractUserDatabase  - XML
> user database at C:\WebContent\Wiki\userdatabase.xml
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.auth.UserManager  - UserDatabase
> initialized.
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.ReferenceManager  - Cross  
> reference
> scan done in 0:00: 00.203
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.WikiEngine  - WikiEngine  
> configured.
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: JSPWiki RSS Generator.
> 11-21@14 :20:05 INFO com.ecyrd.jspwiki.WikiEngine  - Root path for  
> this
> Wiki is: 'C:\servers\Apache\Tomcat 5.5\webapps\Wiki\'
> 11-21@14:20:05 INFO com.ecyrd.jspwiki.WikiServlet  - WikiServlet
> initialized.
>
> JSPWiki seems to be sourcing the jspwiki.policy from the
> /webapps/Wiki/WEB-INF/jspwiki.policy file. If I remove the file,  
> then the
> following appears in the log file:
>
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki
> 2.5.157-cvsstarting. Whee!
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.WikiEngine  - Servlet container:
> Apache Tomcat/5.5.25
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki working
> directory is 'C:\WebContent\Wiki\tmp'
> 11-21@14:52:38 INFO  
> com.ecyrd.jspwiki.providers.AbstractFileProvider  -
> Wikipages are read from 'C:\WebContent\Wiki\Content'
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.plugin.PluginManager  -  
> Registering
> plugins
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.diff.DifferenceManager  - Using
> difference provider: TraditionalDiffProvider
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider  -  
> Lucene
> enabled, cache will be in: C:\WebContent\Wiki\tmp\lucene
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: JSPWiki Lucene Indexer.
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider  -  
> Files
> found in Lucene directory, not reindexing.
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: WatchDog for 'Wiki'.
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.ui.EditorManager  - Registering
> editor modules
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.auth.AuthenticationManager  -
> Checking JAAS configuration...
> 11-21@14:52:38 INFO com.ecyrd.jspwiki.auth.AuthenticationManager  -  
> JAAS
> already configured by some other application (leaving it alone...)
> 11-21@14:52:38 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Examining jndi:/localhost/Wiki/WEB-INF/web.xml
> 11-21@14:52:38 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - JSPWiki is using custom authentication.
> 11-21@14:52:38 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Authorizer WebContainerAuthorizer initialized successfully.
> 11-21@14:52:38 FATAL com.ecyrd.jspwiki.WikiEngine  - Failed to start
> managers.
> java.lang.NullPointerException
>    at com.ecyrd.jspwiki.auth.AuthorizationManager.initialize(
> AuthorizationManager.java:408)
>    at com.ecyrd.jspwiki.WikiEngine.initialize(WikiEngine.java:532)
>    at com.ecyrd.jspwiki.WikiEngine.<init>(WikiEngine.java:386)
>    at com.ecyrd.jspwiki.WikiEngine.getInstance(WikiEngine.java:334)
>    at  
> com.ecyrd.jspwiki.ui.WikiServletFilter.init(WikiServletFilter.java
> :55)
>    at org.apache.catalina.core.ApplicationFilterConfig.getFilter(
> ApplicationFilterConfig.java:221)
>    at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(
> ApplicationFilterConfig.java:302)
>    at org.apache.catalina.core.ApplicationFilterConfig.<init>(
> ApplicationFilterConfig.java:78)
>    at org.apache.catalina.core.StandardContext.filterStart(
> StandardContext.java:3635)
>    at  
> org.apache.catalina.core.StandardContext.start(StandardContext.java
> :4222)
>    at org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:760)
>    at  
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java
> :740)
>    at  
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>    at org.apache.catalina.startup.HostConfig.deployDescriptor(
> HostConfig.java:626)
>    at org.apache.catalina.startup.HostConfig.deployDescriptors(
> HostConfig.java:553)
>    at  
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java
> :488)
>    at org.apache.catalina.startup.HostConfig.start(HostConfig.java: 
> 1138)
>    at  
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java
> :311)
>    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(
> LifecycleSupport.java:120)
>    at  
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>    at org.apache.catalina.core.StandardHost.start(StandardHost.java: 
> 736)
>    at  
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>    at  
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java
> :443)
>    at  
> org.apache.catalina.core.StandardService.start(StandardService.java
> :448)
>    at  
> org.apache.catalina.core.StandardServer.start(StandardServer.java
> :700)
>    at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>    at java.lang.reflect.Method.invoke(Unknown Source)
>    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.WikiEngine  -
> *******************************************
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki
> 2.5.157-cvsstarting. Whee!
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.WikiEngine  - Servlet container:
> Apache Tomcat/5.5.25
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.WikiEngine  - JSPWiki working
> directory is 'C:\WebContent\Wiki\tmp'
> 11-21@14:52:39 INFO  
> com.ecyrd.jspwiki.providers.AbstractFileProvider  -
> Wikipages are read from 'C:\WebContent\Wiki\Content'
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.plugin.PluginManager  -  
> Registering
> plugins
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.diff.DifferenceManager  - Using
> difference provider: TraditionalDiffProvider
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider  -  
> Lucene
> enabled, cache will be in: C:\WebContent\Wiki\tmp\lucene
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.ui.EditorManager  - Registering
> editor modules
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.util.WikiBackgroundThread  -  
> Starting
> up background thread: JSPWiki Lucene Indexer.
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.search.LuceneSearchProvider  -  
> Files
> found in Lucene directory, not reindexing.
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.auth.AuthenticationManager  -
> Checking JAAS configuration...
> 11-21@14:52:39 INFO com.ecyrd.jspwiki.auth.AuthenticationManager  -  
> JAAS
> already configured by some other application (leaving it alone...)
> 11-21@14:52:39 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Examining jndi:/localhost/Wiki/WEB-INF/web.xml
> 11-21@14:52:39 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - JSPWiki is using custom authentication.
> 11-21@14:52:39 INFO  
> com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
> - Authorizer WebContainerAuthorizer initialized successfully.
> 11-21@14:52:39 FATAL com.ecyrd.jspwiki.WikiEngine  - Failed to start
> managers.
> java.lang.NullPointerException
>    at com.ecyrd.jspwiki.auth.AuthorizationManager.initialize(
> AuthorizationManager.java:408)
>    at com.ecyrd.jspwiki.WikiEngine.initialize(WikiEngine.java:532)
>    at com.ecyrd.jspwiki.WikiEngine.<init>(WikiEngine.java:386)
>    at com.ecyrd.jspwiki.WikiEngine.getInstance(WikiEngine.java:334)
>    at  
> com.ecyrd.jspwiki.ui.WikiServletFilter.init(WikiServletFilter.java
> :55)
>    at org.apache.catalina.core.ApplicationFilterConfig.getFilter(
> ApplicationFilterConfig.java:221)
>    at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(
> ApplicationFilterConfig.java:302)
>    at org.apache.catalina.core.ApplicationFilterConfig.<init>(
> ApplicationFilterConfig.java:78)
>    at org.apache.catalina.core.StandardContext.filterStart(
> StandardContext.java:3635)
>    at  
> org.apache.catalina.core.StandardContext.start(StandardContext.java
> :4222)
>    at org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:760)
>    at  
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java
> :740)
>    at  
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>    at org.apache.catalina.startup.HostConfig.deployDescriptor(
> HostConfig.java:626)
>    at org.apache.catalina.startup.HostConfig.deployDescriptors(
> HostConfig.java:553)
>    at  
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java
> :488)
>    at org.apache.catalina.startup.HostConfig.start(HostConfig.java: 
> 1138)
>    at  
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java
> :311)
>    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(
> LifecycleSupport.java:120)
>    at  
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>    at org.apache.catalina.core.StandardHost.start(StandardHost.java: 
> 736)
>    at  
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>    at  
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java
> :443)
>    at  
> org.apache.catalina.core.StandardService.start(StandardService.java
> :448)
>    at  
> org.apache.catalina.core.StandardServer.start(StandardServer.java
> :700)
>    at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>    at java.lang.reflect.Method.invoke(Unknown Source)
>    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
> 11-21@14:52:40 ERROR com.ecyrd.jspwiki.util.WikiBackgroundThread  -
> Background thread error
> java.lang.NullPointerException
>    at com.ecyrd.jspwiki.util.WatchDog.enterState(WatchDog.java:231)
>    at
> com.ecyrd.jspwiki.search.LuceneSearchProvider 
> $LuceneUpdater.backgroundTask(
> LuceneSearchProvider.java:712)
>    at com.ecyrd.jspwiki.util.WikiBackgroundThread.run(
> WikiBackgroundThread.java:139)
> 11-21@14:52:40 ERROR com.ecyrd.jspwiki.util.WikiBackgroundThread  -
> Background thread error
> java.lang.NullPointerException
>    at com.ecyrd.jspwiki.util.WatchDog.enterState(WatchDog.java:231)
>    at
> com.ecyrd.jspwiki.search.LuceneSearchProvider 
> $LuceneUpdater.backgroundTask(
> LuceneSearchProvider.java:712)
>    at com.ecyrd.jspwiki.util.WikiBackgroundThread.run(
> WikiBackgroundThread.java:139
>
> It looks like AuthenticationManager.findConfigFile is only going to  
> find the
> default policy file when it is available (which would seem to be  
> incorrect).
> There seems to be no provision for getting the file from the
> java.security.policy variable.
>
> I'd be happy to attempt to create a patch, if its deemed that I'm on  
> the
> right track.
>
> Regards,
>
> -- 
> Dave Wolf


Mime
View raw message