tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From juraj Lenharcik <juraj.lenhar...@datainput.de>
Subject AW: catalina.policy
Date Fri, 22 Feb 2002 18:30:55 GMT
Hi,

I have tried something like 

grant codebase "file:${catalina.home}/webapps/auth/WEB-INF/lib/-" {

but it always comes this exception. The calling class is in the jar archive.



$ log4j:WARN Caught Exception while in Loader.getResource. This may be
innocuous
.
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
 getClassLoader)
        at
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:270)
        at
java.security.AccessController.checkPermission(AccessController.java:
401)
        at
java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
        at java.lang.ClassLoader.getParent(ClassLoader.java:708)
        at
org.apache.catalina.loader.WebappClassLoader.toString(WebappClassLoad
er.java:807)
        at java.lang.String.valueOf(String.java:2173)
        at java.lang.StringBuffer.append(StringBuffer.java:369)
        at org.apache.log4j.helpers.Loader.getResource(Loader.java:78)
        at org.apache.log4j.Category.<clinit>(Category.java:138)
        at di.config.startup.Log4jInit.<clinit>(Log4jInit.java:35)
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 

juraj




-----Urspr√ľngliche Nachricht-----
Von: rsequeira@transentric.com [mailto:rsequeira@transentric.com]
Gesendet: Freitag, 22. Februar 2002 19:21
An: Tomcat Users List
Betreff: Re: catalina.policy



Try running tomcat with
CATALINA_OPTS=-Djava.security.debug=access,failure

It should help pinpoint which class is trying to access the D:
\server\jakarta-tomcat-4.0.2-b2\webapps\auth\WEB-INF\log4j.lcf file

Thanks.
RS





juraj Lenharcik <juraj.lenharcik@datainput.de> on 02/22/2002 10:57:35 AM

Please respond to "Tomcat Users List" <tomcat-user@jakarta.apache.org>

To:   "Tomcat-User@Jakarta. Apache. Org (E-Mail)"
      <tomcat-user@jakarta.apache.org>
cc:

Subject:  catalina.policy

Hello,

I run catalina (TC 4.0.2-b2) with the security manager. After starting I
get
a java.security.AccessControlException. I have extended the catalina.policy
with:

// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
....

   permission java.io.FilePermission
"${catalina.home}/webapps/auth/WEB-INF/log4j.lcf", "read,write";
   permission java.lang.RuntimePermission "getClassLoader";
...
};

then it runs fine. But when I say:

grant codebase "file:${catalina.home}/webapps/auth/WEB-INF/lib/DIAA.jar" {
   // for log4j things important
   permission java.io.FilePermission
"${catalina.home}/webapps/auth/WEB-INF/log4j.lcf", "read,write";
   permission java.lang.RuntimePermission "getClassLoader";
};

I get the exception.

$ Using CATALINA_BASE: D:\server\jakarta-tomcat-4.0.2-b2
Using CATALINA_HOME: D:\server\jakarta-tomcat-4.0.2-b2
Using CLASSPATH:
D:\server\jakarta-tomcat-4.0.2-b2\bin\bootstrap.jar;C:\j2sd
k1.4.0\lib\tools.jar
Using JAVA_HOME:     C:\j2sdk1.4.0

.....

... in die Log4J Configdatei -------------------------------------------
java.secur
ity.AccessControlException: access denied (java.io.FilePermission
D:\server\jaka
rta-tomcat-4.0.2-b2\webapps\auth\WEB-INF\log4j.lcf write)

Have someone an idea why?

thanks
juraj


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>









--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message