tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aditya <adi...@grot.org>
Subject Re: DO NOT REPLY [Bug 13907] - security manager does not give read permission on a context by default
Date Fri, 25 Oct 2002 06:08:13 GMT
> On Thu, 24 Oct 2002 22:59:59 -0500, Glenn Nielsen <glenn@mail.more.net> said:
> Gettting the latest version from CVS won't fix your problem. I still
> think the problem is somewhere in your configuration.

I've installed the 4.1.12 tarball from the website and am running it
without modification other than adding the test jsp to
webapps/examples/jsp/test.jsp

I've now tried it under:

 Solaris/JDK1.4 with 4.1.12-LE 
 FreeBSD/JDK1.3.1 with 4.1.12
 Debian/JDK1.3.1 with 4.1.12

with the same result.

> You might try posting the SecurityManager debug output when the
> FilePermission read is denied.  Including the stack trace and the
> ProtectionDomain which failed.

Okay, here goes -- as I mentioned before, I see this as the exception:

org.apache.jasper.JasperException: access denied (java.io.FilePermission /usr/local/tomcat/webapps/examples/test2.new
read)

and with the following CATALINA_OPTS=-Djava.security.debug=access,failure I get this in logs/catalina.out:

access: access denied (java.io.FilePermission /usr/local/tomcat/webapps/examples/test2.new
read)
java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1071)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:259)
        at java.security.AccessController.checkPermission(AccessController.java:401)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:887)
        at java.io.File.exists(File.java:677)
        at org.apache.jsp.test_jsp._jspService(test_jsp.java:53)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:204)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:98)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:471)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:256)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:361)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:563)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:535)
        at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:638)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
        at java.lang.Thread.run(Thread.java:536)
access: access allowed (java.util.PropertyPermission java.security.debug read)
access: domain that failed ProtectionDomain  (file:/usr/local/tomcat/webapps/examples/ <no
certificates>)
 null
 <no principals>
 java.security.Permissions@17aece8 (
 (java.io.FilePermission /usr/local/tomcat/work/Standalone/localhost/examples/- read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission jaxp.debug read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission javax.sql.* read)
 (java.util.PropertyPermission java.naming.* read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.home read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission os.arch read)
 (java.lang.RuntimePermission accessClassInPackage.sun.beans.*)
 (java.lang.RuntimePermission accessClassInPackage.sun.beans)
 (java.lang.RuntimePermission getAttribute)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.util.*)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime.*)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.util)
)

Hope that helps?

Thanks,
Adi

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message