tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 22032] New: - missing security-policy in default-configuration
Date Thu, 31 Jul 2003 20:24:10 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22032>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22032

missing security-policy in default-configuration

           Summary: missing security-policy in default-configuration
           Product: Tomcat 5
           Version: 5.0.5
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: mezger@gmx.de


when starting tomcat 5.0.5 with security-manager enabled (standard distribution,
no configuration-changes, just catalina.sh start -security), it throws an
java.security.AccessControlException when accessing any jsp-page (even
index.jsp). Adding the following lines to conf/catalina.policy resolved the
problem for me:

permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.runtime";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.juntime.*";
permission java.lang.RuntimePermission
"defineClassInPackage.org.apache.jasper.runtime";
permission java.lang.RuntimePermission
"defineClassInPackage.org.apache.jasper.runtime.*";

The stack-trace of the excepion is:

java.security.AccessControlException: access denied (java.lang.RuntimePermission
accessClassInPackage.org.apache.jasper.runtime)
        at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
        at java.security.AccessController.checkPermission(AccessController.java:401)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
        at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1513)
        at java.lang.ClassLoader$1.run(ClassLoader.java:326)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:324)
        at java.lang.ClassLoader.defineClass0(Native Method)
        at java.lang.ClassLoader.defineClass(ClassLoader.java:502)
        at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
        at
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1657)
        at
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:882)
        at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1345)
        at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1225)
        at org.apache.catalina.core.StandardWrapper$1.run(StandardWrapper.java:951)
        at java.security.AccessController.doPrivileged(Native Method)
        at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:947)
        at
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:701)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:183)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
        at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:256)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:210)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:190)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:175)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156)
        at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:974)
        at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:207)
        at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:637)
        at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:488)
        at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:568)
        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:631)
        at java.lang.Thread.run(Thread.java:536)

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message