incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph Mocker <m...@fakebelieve.org>
Subject Re: Profile Security NOT WORKING!!!
Date Fri, 01 Apr 2011 14:23:09 GMT
I don't know if George is running with a Security Manager, I doubt it. 
Since the jspwiki.policy file looks like a typical security.policy file 
I thought he might be able to gleam some information about what is going 
on by turning on Security Manager debugging.

If this doesn't make sense, sorry for the suggestion.

   --joe

On 4/1/2011 4:57 AM, Andrew Jaquith wrote:
> We don't support running under a security manager. Lots of permissions 
> needed, and the code isn't segmented properly with doPrivileged() 
> blocks. That could change, but for now that's how it is...
>
> George, as far as your situation goes, it sounds rather unique. Your 
> best bet would be to turn on JPDA debugging and put a breakpoint in 
> the AuthorizationManager code. That will tell you FOR SURE what is 
> going on. If you are up for that, I can help you, but you've got to 
> know your way around Eclipse.
>
> Andrew
>
> On Apr 1, 2011, at 5:56, Florian Holeczek <florian@holeczek.de> wrote:
>
>> Uhm, wait... AFAIK we don't support running under a security manager!
>>
>> @Janne, Andrew: Has that changed?
>>
>> Regards
>> Florian
>>
>>
>> ----- Urspr√ľngliche Mail -----
>> Von: "Joseph Mocker" <mock@fakebelieve.org>
>> An: jspwiki-user@incubator.apache.org
>> Gesendet: Freitag, 1. April 2011 00:23:01
>> Betreff: Re: Profile Security NOT WORKING!!!
>>
>> Not sure the inner workings of how JSPWiki uses jspwiki.properties, but
>> you could try turning on Java security manager debugging and see if that
>> shows up anything. Check out the trouble shooting section of
>>
>>     http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
>>
>> Also, does jspwiki.log show anything?
>>
>> Have you looked through all applicable log files for signs of exceptions
>> or other errors?
>>
>>   --joe
>>
>>
>> On 3/31/2011 2:49 PM, George, Kenneth V [NTK] wrote:
>>> That's fine, and I don't necessarily disagree with you.
>>>
>>> However, although I am running as root (which I probably should not 
>>> be - but this is a simple install), I have not changed any of the 
>>> env. values out-of-the-box for CENTOS 5.5.   Other than me 
>>> specifying JAVA_HOME, no other env. variable is being set.  What is 
>>> very strange about this, is that is happens exactly the same on 2 
>>> different machines, using 2 different OS'es, and 2 slightly 
>>> different JDK's.
>>>
>>> Just for grins, I re-tested again on the Windows installation 
>>> (Tomcat 6.0.32, JDK 1.6.0_24/1.5.0_32).
>>>
>>> After running the Security Configuration Verification page, I still 
>>> get ALL GREENS for JDK 1.6 and mixed GREEN/RED for JDK 1.5.
>>>
>>> -----Original Message-----
>>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>>> Sent: Thursday, March 31, 2011 3:27 PM
>>> To: jspwiki-user@incubator.apache.org
>>> Subject: Re: Profile Security NOT WORKING!!!
>>>
>>> Are there freshly installed JDKs and servers, user accounts?
>>> Are you using JDKs provided by the Linux distro or one you 
>>> downloaded separately from Oracle?
>>> (Its always possible that there is some configuration anywhere in 
>>> the above that is interfering with reading jspwiki.policy.)
>>>
>>> What do the user environment variables look like when you start tomcat?
>>> Do you have any special CATALINA_OPTS or JAVA_OPTS defined in 
>>> catalina.sh?
>>>
>>> It would appear to be something in your environment, as Janne, 
>>> myself and others all have been successful so its got to be 
>>> something in your environment, just need to find it.
>>>
>>> FWIW: I installed tomcat6 ubuntu dist (via apt-get tomcat6) which 
>>> also installed OpenJDK, also worked for me.
>>>
>>>    --joe
>>>
>>> On 3/31/2011 12:34 PM, George, Kenneth V [NTK] wrote:
>>>> Thanks for taking the time to research all of this.
>>>>
>>>> I am not sure why things are not working for me with 2 different 
>>>> machines and flavors 1.6 JDK (which is very frustrating since I 
>>>> think 1.5 is about to go the way of 1.4 - eol).
>>>>
>>>> I enabled the SecurityConfig.jsp and was able to show using 1.6 and 
>>>> Tomcat 6.0.32  I would get ALL GREEN boxes no matter what I would 
>>>> set jspwiki.policy to, and would get a mix of GREEN and RED using 1.5.
>>>>
>>>> I was thinking that maybe I should d/l the source and try to build 
>>>> the JSPWiki.jar file using 1.6 and see if I get different results.  
>>>> Just not sure.
>>>>
>>>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>>>> Sent: Thursday, March 31, 2011 2:16 PM
>>>> To: jspwiki-user@incubator.apache.org
>>>> Subject: Re: Profile Security NOT WORKING!!!
>>>>
>>>> All this commotion got the best of me, so I gave it a spin. Plus 
>>>> I'm running 2.4 and I probably should really upgrade.
>>>>
>>>> At any rate, seemed to work for me, here's what I did:
>>>>
>>>>    1.  Spun up a new Ubuntu Server 10.10 X64 VM
>>>>    2.  Created install folder /app
>>>>    3.  Downloaded JDK 1.6.0_24 X64 from Oracle
>>>>    4.  Installed Java into /app/jdk1.6.0_24
>>>>    5.  export JAVA_HOME=/app/jdk1.6.0_24
>>>>    6.  Downloaded Tomcat 6.0.32
>>>>    7.  Installed Tomcat in /app/web/apache-tomcat-6.0.32
>>>>    8.  Started up Tomcat to make sure its working. It was. Shut it 
>>>> down.
>>>>    9.  Downloaded JSPWiki 2.8.4
>>>>    10. Installed JSPWiki into /app/web/sites/default/webapps/wiki
>>>>    11. Installed corepages into /app/web/sites/default/webapps/wiki
>>>>    12. Edited jspwiki.properties to fix paths for pageDir and 
>>>> storageDir
>>>>    13. Created Tomcat webapp descriptor in 
>>>> /app/web/apache-tomcat-6.0.32/conf/Catalina/localhost/wiki.xml 
>>>> (attached)
>>>>    14. Started up Tomcat hit the /wiki/Installer.jsp page in browser.
>>>>    15. Restarted Tomcat. Verified I could create files as 
>>>> anonymous, and I could login to admin account.
>>>>    16. Changed WEB-INF/jspwiki.policy (attached) file so that only 
>>>> logged in users can create/modify pages.
>>>>    17. Restarted Tomcat. Verified I could not created/modify pages 
>>>> until I logged in.
>>>> Seemed pretty straight forward to me. Much easier than getting 
>>>> JSPWiki 2.4 with a custom jspwiki.policy to work with Sun Java 
>>>> System Web Server 7.0.
>>>>
>>>> :-)
>>>>
>>>>   The Security Configuration Verifier showed the exact permissions 
>>>> of what I could do.
>>>>
>>>>    --joe
>>>>
>>>>
>>>> On 3/31/2011 6:28 AM, George, Kenneth V [NTK] wrote:
>>>>
>>>> ...AND...on my test machine (local) I am using  1.6.0_24
>>>>
>>>>
>>>>
>>>> C:\Documents and Settings\kvg6037>java -version
>>>>
>>>> java version "1.6.0_24"
>>>>
>>>> Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
>>>>
>>>> Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode, sharing)
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>>
>>>> From: Janne Jalkanen [mailto:Janne.Jalkanen@ecyrd.com]
>>>>
>>>> Sent: Thursday, March 31, 2011 1:42 AM
>>>>
>>>> To:
>>>> jspwiki-user@incubator.apache.org<mailto:jspwiki-user@incubator.apache
>>>> .org>
>>>>
>>>> Subject: Re: Profile Security NOT WORKING!!!
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> This is odd, since I'm running on same JSPWiki, Ubuntu 10.04, 
>>>> Tomcat 6.0.32 (which is BTW a recommended upgrade; Chrome 10 breaks 
>>>> on occasion otherwise), and I have jspwiki.policy working. However, 
>>>> I am running OpenJDK 6b20-1.9.7-0ubuntu1~10.04.1.
>>>>
>>>>
>>>>
>>>> Is it possible that for some reason Sun JDK's built-in policy 
>>>> management is kicking in here? Or that it might just be broken in 
>>>> some odd fashion. Can you try OpenJDK and see if that works for you?
>>>>
>>>>
>>>>
>>>> /Janne
>>>>
>>>>
>>>> ________________________________
>>>>
>>>> This e-mail may contain Sprint Nextel proprietary information 
>>>> intended for the sole use of the recipient(s). Any use by others is 
>>>> prohibited. If you are not the intended recipient, please contact 
>>>> the sender and delete all copies of the message.
>>>>
>>>
>>>
>>> ________________________________
>>>
>>> This e-mail may contain Sprint Nextel proprietary information 
>>> intended for the sole use of the recipient(s). Any use by others is 
>>> prohibited. If you are not the intended recipient, please contact 
>>> the sender and delete all copies of the message.
>>>
>>


Mime
View raw message