incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George, Kenneth V [NTK]" <Kenneth.V.Geo...@sprint.com>
Subject RE: Profile Security NOT WORKING!!!
Date Fri, 01 Apr 2011 14:57:37 GMT
Ok, I found the issue (at it TOTALLY was my fault)!

What clued me in was this...

" We don't support running under a security manager. Lots of permissions needed, and the code
isn't segmented properly with doPrivileged() blocks. That could change, but for now that's
how it is..."

I went back and looked and sure enough, I was starting the TOMCAT container with '-security'
because on the system that I use, there was another app that we needed to set security information
to use RMI over to our data server.  When I checked, I WAS also setting security on my local
machine (which I use Eclipse) because that server config. is being used to develop that app.

BUT, the 1.5 instance, I had not setup using the security manager (locally) - so it worked.

Ugh....this is TOTALLY my fault guys.

Thanks for helping through this.

- Ken

-----Original Message-----
From: Andrew Jaquith [mailto:andrew.r.jaquith@gmail.com]
Sent: Friday, April 01, 2011 6:58 AM
To: jspwiki-user@incubator.apache.org
Cc: jspwiki-user@incubator.apache.org
Subject: Re: Profile Security NOT WORKING!!!

We don't support running under a security manager. Lots of permissions needed, and the code
isn't segmented properly with doPrivileged() blocks. That could change, but for now that's
how it is...

George, as far as your situation goes, it sounds rather unique. Your best bet would be to
turn on JPDA debugging and put a breakpoint in the AuthorizationManager code. That will tell
you FOR SURE what is going on. If you are up for that, I can help you, but you've got to know
your way around Eclipse.

Andrew

On Apr 1, 2011, at 5:56, Florian Holeczek <florian@holeczek.de> wrote:

> Uhm, wait... AFAIK we don't support running under a security manager!
>
> @Janne, Andrew: Has that changed?
>
> Regards
> Florian
>
>
> ----- Urspr√ľngliche Mail -----
> Von: "Joseph Mocker" <mock@fakebelieve.org>
> An: jspwiki-user@incubator.apache.org
> Gesendet: Freitag, 1. April 2011 00:23:01
> Betreff: Re: Profile Security NOT WORKING!!!
>
> Not sure the inner workings of how JSPWiki uses jspwiki.properties,
> but you could try turning on Java security manager debugging and see
> if that shows up anything. Check out the trouble shooting section of
>
>     http://tomcat.apache.org/tomcat-6.0-doc/security-manager-
> howto.html
>
> Also, does jspwiki.log show anything?
>
> Have you looked through all applicable log files for signs of
> exceptions or other errors?
>
>   --joe
>
>
> On 3/31/2011 2:49 PM, George, Kenneth V [NTK] wrote:
>> That's fine, and I don't necessarily disagree with you.
>>
>> However, although I am running as root (which I probably should not
>> be - but this is a simple install), I have not changed any of the
>> env. values out-of-the-box for CENTOS 5.5.   Other than me
>> specifying JAVA_HOME, no other env. variable is being set.  What is
>> very strange about this, is that is happens exactly the same on 2
>> different machines, using 2 different OS'es, and 2 slightly different
>> JDK's.
>>
>> Just for grins, I re-tested again on the Windows installation (Tomcat
>> 6.0.32, JDK 1.6.0_24/1.5.0_32).
>>
>> After running the Security Configuration Verification page, I still
>> get ALL GREENS for JDK 1.6 and mixed GREEN/RED for JDK 1.5.
>>
>> -----Original Message-----
>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>> Sent: Thursday, March 31, 2011 3:27 PM
>> To: jspwiki-user@incubator.apache.org
>> Subject: Re: Profile Security NOT WORKING!!!
>>
>> Are there freshly installed JDKs and servers, user accounts?
>> Are you using JDKs provided by the Linux distro or one you downloaded
>> separately from Oracle?
>> (Its always possible that there is some configuration anywhere in the
>> above that is interfering with reading jspwiki.policy.)
>>
>> What do the user environment variables look like when you start
>> tomcat?
>> Do you have any special CATALINA_OPTS or JAVA_OPTS defined in
>> catalina.sh?
>>
>> It would appear to be something in your environment, as Janne, myself
>> and others all have been successful so its got to be something in
>> your environment, just need to find it.
>>
>> FWIW: I installed tomcat6 ubuntu dist (via apt-get tomcat6) which
>> also installed OpenJDK, also worked for me.
>>
>>    --joe
>>
>> On 3/31/2011 12:34 PM, George, Kenneth V [NTK] wrote:
>>> Thanks for taking the time to research all of this.
>>>
>>> I am not sure why things are not working for me with 2 different
>>> machines and flavors 1.6 JDK (which is very frustrating since I
>>> think 1.5 is about to go the way of 1.4 - eol).
>>>
>>> I enabled the SecurityConfig.jsp and was able to show using 1.6 and
>>> Tomcat 6.0.32  I would get ALL GREEN boxes no matter what I would
>>> set jspwiki.policy to, and would get a mix of GREEN and RED using
>>> 1.5.
>>>
>>> I was thinking that maybe I should d/l the source and try to build
>>> the JSPWiki.jar file using 1.6 and see if I get different results.
>>> Just not sure.
>>>
>>> From: Joseph Mocker [mailto:mock@fakebelieve.org]
>>> Sent: Thursday, March 31, 2011 2:16 PM
>>> To: jspwiki-user@incubator.apache.org
>>> Subject: Re: Profile Security NOT WORKING!!!
>>>
>>> All this commotion got the best of me, so I gave it a spin. Plus I'm
>>> running 2.4 and I probably should really upgrade.
>>>
>>> At any rate, seemed to work for me, here's what I did:
>>>
>>>    1.  Spun up a new Ubuntu Server 10.10 X64 VM
>>>    2.  Created install folder /app
>>>    3.  Downloaded JDK 1.6.0_24 X64 from Oracle
>>>    4.  Installed Java into /app/jdk1.6.0_24
>>>    5.  export JAVA_HOME=/app/jdk1.6.0_24
>>>    6.  Downloaded Tomcat 6.0.32
>>>    7.  Installed Tomcat in /app/web/apache-tomcat-6.0.32
>>>    8.  Started up Tomcat to make sure its working. It was. Shut it
>>> down.
>>>    9.  Downloaded JSPWiki 2.8.4
>>>    10. Installed JSPWiki into /app/web/sites/default/webapps/wiki
>>>    11. Installed corepages into /app/web/sites/default/webapps/wiki
>>>    12. Edited jspwiki.properties to fix paths for pageDir and
>>> storageDir
>>>    13. Created Tomcat webapp descriptor in /app/web/apache-
>>> tomcat-6.0.32/conf/Catalina/localhost/wiki.xml (attached)
>>>    14. Started up Tomcat hit the /wiki/Installer.jsp page in
>>> browser.
>>>    15. Restarted Tomcat. Verified I could create files as anonymous,
>>> and I could login to admin account.
>>>    16. Changed WEB-INF/jspwiki.policy (attached) file so that only
>>> logged in users can create/modify pages.
>>>    17. Restarted Tomcat. Verified I could not created/modify pages
>>> until I logged in.
>>> Seemed pretty straight forward to me. Much easier than getting
>>> JSPWiki 2.4 with a custom jspwiki.policy to work with Sun Java
>>> System Web Server 7.0.
>>>
>>> :-)
>>>
>>>   The Security Configuration Verifier showed the exact permissions
>>> of what I could do.
>>>
>>>    --joe
>>>
>>>
>>> On 3/31/2011 6:28 AM, George, Kenneth V [NTK] wrote:
>>>
>>> ...AND...on my test machine (local) I am using  1.6.0_24
>>>
>>>
>>>
>>> C:\Documents and Settings\kvg6037>java -version
>>>
>>> java version "1.6.0_24"
>>>
>>> Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
>>>
>>> Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode, sharing)
>>>
>>>
>>>
>>> -----Original Message-----
>>>
>>> From: Janne Jalkanen [mailto:Janne.Jalkanen@ecyrd.com]
>>>
>>> Sent: Thursday, March 31, 2011 1:42 AM
>>>
>>> To:
>>> jspwiki-user@incubator.apache.org<mailto:jspwiki-user@incubator.apache
>>> .org>
>>>
>>> Subject: Re: Profile Security NOT WORKING!!!
>>>
>>>
>>>
>>>
>>>
>>> This is odd, since I'm running on same JSPWiki, Ubuntu 10.04,
>>> Tomcat 6.0.32 (which is BTW a recommended upgrade; Chrome 10
>>> breaks on occasion otherwise), and I have jspwiki.policy working.
>>> However, I am running OpenJDK 6b20-1.9.7-0ubuntu1~10.04.1.
>>>
>>>
>>>
>>> Is it possible that for some reason Sun JDK's built-in policy
>>> management is kicking in here? Or that it might just be broken in
>>> some odd fashion. Can you try OpenJDK and see if that works for you?
>>>
>>>
>>>
>>> /Janne
>>>
>>>
>>> ________________________________
>>>
>>> This e-mail may contain Sprint Nextel proprietary information
>>> intended for the sole use of the recipient(s). Any use by others
>>> is prohibited. If you are not the intended recipient, please
>>> contact the sender and delete all copies of the message.
>>>
>>
>>
>> ________________________________
>>
>> This e-mail may contain Sprint Nextel proprietary information
>> intended for the sole use of the recipient(s). Any use by others is
>> prohibited. If you are not the intended recipient, please contact
>> the sender and delete all copies of the message.
>>
>


________________________________

This e-mail may contain Sprint Nextel proprietary information intended for the sole use of
the recipient(s). Any use by others is prohibited. If you are not the intended recipient,
please contact the sender and delete all copies of the message.
Mime
View raw message