Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 70533 invoked from network); 26 Oct 2002 06:40:53 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 26 Oct 2002 06:40:53 -0000 Received: (qmail 26867 invoked by uid 97); 26 Oct 2002 06:41:37 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 26826 invoked by uid 97); 26 Oct 2002 06:41:36 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 26803 invoked by uid 98); 26 Oct 2002 06:41:35 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) Date: Fri, 25 Oct 2002 23:40:35 -0700 From: Aditya To: Tomcat Developers List Cc: glenn@mail.more.net Subject: Re: DO NOT REPLY [Bug 13907] - security manager does not give read permission on a context by default Message-ID: <20021026064035.GA41799@mighty.grot.org> References: <20021024100347.14089.qmail@nagoya.betaversion.org> <20021024160505.GD20225@mighty.grot.org> <3DB8C1BF.9080108@mail.more.net> <3DB949CC.3020906@mail.more.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3DB949CC.3020906@mail.more.net> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Glenn, On Fri, Oct 25, 2002 at 08:40:28AM -0500, Glenn Nielsen wrote: > I suspect that for some reason the Context does not have a context > directory. Add FWIW, I'm not running the context from a WAR file -- it's just the examples context that comes with the default install. > String docBase = context.getRealPath("/"); to your test jsp and see if it > returns null. could you fully qualify the "context" Class -- if it's the same as: pageContext.getServletContext().getRealPath("/"); then docBase returns /usr/local/tomcat/webapps/examples/ correctly. ie. if I have just the following in the JSP: String fullPath = pageContext.getServletContext().getRealPath("/test2.new"); out.println("
fullPath: " + fullPath); String docBase = pageContext.getServletContext().getRealPath("/"); out.println("
docBase: " + docBase); I correctly get: fullPath: /usr/local/tomcat/webapps/examples/test2.new docBase: /usr/local/tomcat/webapps/examples/ however when I add: java.io.File foo = new java.io.File(fullPath); if (foo.exists()) out.println("Exists: " + fullPath); else { out.println("does not exist"); } to the JSP I get the old: java.io.FilePermission /usr/local/tomcat/webapps/examples/test2.new read the debug output is appended below (let me know if you want more) -- I set all the debug flats in server.xml to 9. > Also try setting the debug attributes in your server.xml to 9 and capture > the debug output. from localhost_examples_log: 2002-10-25 14:25:19 Authenticator[/examples]: Security checking request GET /examples/jsp/test.jsp 2002-10-25 14:25:19 Authenticator[/examples]: Checking constraint 'SecurityConstraint[Protected Area]' against GET /jsp/test.jsp --> false 2002-10-25 14:25:19 Authenticator[/examples]: No applicable constraint located 2002-10-25 14:25:19 Authenticator[/examples]: Not subject to any constraint 2002-10-25 14:25:19 StandardContext[/examples]: Mapping contextPath='/examples' with requestURI='/examples/jsp/test.jsp' and relativeURI='/jsp/test.jsp' 2002-10-25 14:25:19 StandardContext[/examples]: Trying exact match 2002-10-25 14:25:19 StandardContext[/examples]: Trying prefix match 2002-10-25 14:25:19 StandardContext[/examples]: Trying extension match 2002-10-25 14:25:19 StandardContext[/examples]: Mapped to servlet 'jsp' with servlet path '/jsp/test.jsp' and path info 'null' and update=true 2002-10-25 14:25:27 StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception org.apache.jasper.JasperException: access denied (java.io.FilePermission /usr/local/tomcat/webapps/examples/test2.new read) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:248) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:98) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:471) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:256) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:361) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:563) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:535) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:638) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533) at java.lang.Thread.run(Thread.java:536) ----- Root Cause ----- java.security.AccessControlException: access denied (java.io.FilePermission /usr/local/tomcat/webapps/examples/test2.new read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270) at java.security.AccessController.checkPermission(AccessController.java:401) at java.lang.SecurityManager.checkPermission(SecurityManager.java:542) at java.lang.SecurityManager.checkRead(SecurityManager.java:887) at java.io.File.exists(File.java:677) at org.apache.jsp.test_jsp._jspService(test_jsp.java:64) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:204) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:98) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:471) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:256) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:361) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:563) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:535) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:638) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533) at java.lang.Thread.run(Thread.java:536) and catalina.out: access: access allowed (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime) access: access allowed (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime) access: access allowed (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime) access: access allowed (java.lang.RuntimePermission defineClassInPackage.org.apache.jasper.runtime) access: access allowed (java.io.FilePermission /usr/local/tomcat/webapps/examples/WEB-INF/classes/o rg/apache/jasper/runtime/HttpJspBase.class read) access: access allowed (java.io.FilePermission /usr/local/tomcat/webapps/examples/WEB-INF/classes/o rg/apache/jasper/runtime/HttpJspBase.class read) access: access allowed (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime) access: access allowed (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime) access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks) access: access denied (java.io.FilePermission /usr/local/tomcat/webapps/examples/test2.new read) java.lang.Exception: Stack trace at java.lang.Thread.dumpStack(Thread.java:1071) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:259) at java.security.AccessController.checkPermission(AccessController.java:401) at java.lang.SecurityManager.checkPermission(SecurityManager.java:542) at java.lang.SecurityManager.checkRead(SecurityManager.java:887) at java.io.File.exists(File.java:677) at org.apache.jsp.test_jsp._jspService(test_jsp.java:64) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:204) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain. java:247) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:9 8) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172 ) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(Standa rdPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(Standa rdPipeline.java:643) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:471) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(Standa rdPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(Standa rdPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(Standa rdPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(Standa rdPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(Standa rdPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:256) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:361) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:563) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:535) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:638) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533) at java.lang.Thread.run(Thread.java:536) access: access allowed (java.util.PropertyPermission java.security.debug read) access: domain that failed ProtectionDomain (file:/usr/local/tomcat/webapps/examples/ ) null java.security.Permissions@425743 ( (java.io.FilePermission /usr/local/tomcat/work/Standalone/localhost/examples/- read) (java.util.PropertyPermission java.specification.vendor read) (java.util.PropertyPermission java.vm.specification.vendor read) (java.util.PropertyPermission path.separator read) (java.util.PropertyPermission java.vm.name read) (java.util.PropertyPermission java.class.version read) (java.util.PropertyPermission java.vendor.url read) (java.util.PropertyPermission os.name read) (java.util.PropertyPermission jaxp.debug read) (java.util.PropertyPermission java.vendor read) (java.util.PropertyPermission java.vm.vendor read) (java.util.PropertyPermission file.separator read) (java.util.PropertyPermission javax.sql.* read) (java.util.PropertyPermission java.naming.* read) (java.util.PropertyPermission os.version read) (java.util.PropertyPermission java.vm.version read) (java.util.PropertyPermission java.version read) (java.util.PropertyPermission line.separator read) (java.util.PropertyPermission java.home read) (java.util.PropertyPermission java.vm.specification.version read) (java.util.PropertyPermission java.specification.name read) (java.util.PropertyPermission java.vm.specification.name read) (java.util.PropertyPermission java.specification.version read) (java.util.PropertyPermission os.arch read) (java.lang.RuntimePermission accessClassInPackage.sun.beans.*) (java.lang.RuntimePermission accessClassInPackage.sun.beans) (java.lang.RuntimePermission getAttribute) (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.util.*) (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime) (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime.*) (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.util) ) Thanks, Adi -- To unsubscribe, e-mail: For additional commands, e-mail: