portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor (JIRA)" <jetspeed-...@jakarta.apache.org>
Subject [jira] Created: (JS2-205) Using Tomcat Security Policy breaks RdbmsPolicy
Date Wed, 02 Feb 2005 05:51:17 GMT
Using Tomcat Security Policy breaks RdbmsPolicy
-----------------------------------------------

         Key: JS2-205
         URL: http://issues.apache.org/jira/browse/JS2-205
     Project: Jetspeed 2
        Type: Bug
  Components: Security  
    Versions: 2.0-M2    
    Reporter: David Sean Taylor
 Assigned to: David Sean Taylor 
     Fix For: 2.0-M2


I set my Tomcat Security policy to:

grant {
   permission java.security.AllPermission;
}; 

Start Tomcat 5.0.31 as:

catalina run -security

And it gets a stack overflow from recursive loop in policy setup:

        at java.security.AccessController.checkPermission(AccessController.java:
401)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
        at javax.security.auth.Subject.getSubject(Subject.java:251)
        at org.apache.jetspeed.security.impl.RdbmsPolicy.getPermissions(RdbmsPol
icy.java:90)
        at java.security.Policy.getPermissions(Policy.java:343)
        at java.security.Policy.implies(Policy.java:397)
        at java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
        at java.security.AccessControlContext.checkPermission(AccessControlConte

As an interim fix, if you don't need the Rdbms Policy,
In the jetspeed-spring.xml, comment out:

  <!-- Security: RDBMS Policy implementation for JAAS -->
  <!--
  <bean id="org.apache.jetspeed.security.impl.RdbmsPolicy" 
  	   class="org.apache.jetspeed.security.impl.RdbmsPolicy"
  >  	   
  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg>
 	   
  </bean>
  -->
  <!-- Security: Authorization Provider -->
  <!--
  <bean id="org.apache.jetspeed.security.AuthorizationProvider" 
  	   class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl"
  >  	   
  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg>
  
  </bean>
  -->


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message