tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Speed <psp...@progeeks.com>
Subject Re: Tomcat 4.0.2-b2 + JSSE + Security Manager
Date Wed, 23 Jan 2002 00:46:06 GMT
Important safety note:

>From experience, there seems to be at least one type of access check
failure that will not be printed with this option.  It bit me when
I was trying to figure out why the automated tests would fail when
run with a security manager.  If I remember correctly it turned out
to be a call to SecurityManager.checkPropertiesAccess().  Individual
property checks would show up in the log, but the check for access
to all properties did not.  

Some portion of the test code (org.apache.tester.ContextListener02)
was using the PropertyEditorManager object to set and retrieve a 
PropertyEditor for Date.class.  For what reason, I can only guess.
(Possibly date to text conversion?)  Anyway, PropertyEditorManager
is really bad security-wise since using it in user-space requires
full access to _all_ system properties.

To make a long post short, if you still have problems after trying
the flags below, try modifying your policy file to give webapps
full property access.  Although I can't imagine that mattering in
your case.

-Paul Speed

Glenn Nielsen wrote:
> 
> Try starting tomcat 4 with -security and the following properties defined:
> 
> -Djava.security.debug=access,failure -Djava.net.debug=ssl
> 
> That should generate alot of debug data to help you track down the source
> of the problem.
> 
> Regards,
> 
> Glenn
> 
> Renato wrote:
> 
> > Hi all,
> >
> > I'm installing Tomcat 4.0.2B2. Everything is fine except for the following:
> >
> > - I try to run a servlet that uses JSSE. If I start Catalina without the '-
> > security' it works fine, if I start with the '-security' it generates the
> > error:
> >
> > java.net.SocketException: SSL implementation not available
> > (...)
> >
> > The JSSE libraries are on ${java.home}/jre/lib/ext and this path has
> > permission to all.
> >
> > I also tried on Tomcat 3.3 and the servlet works with or without the
> > security manager.
> >
> > Any hint ?
> >
> > Thanks
> > Renato - Brazil
> >
> > --
> > To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
> >
> 
> --
> ----------------------------------------------------------------------
> Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
> MOREnet System Programming               |  * if iz ina coment.      |
> Missouri Research and Education Network  |  */                       |
> ----------------------------------------------------------------------
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message