tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <gl...@mail.more.net>
Subject Re: socket permission catalina.policy question
Date Thu, 17 Oct 2002 16:24:25 GMT
Start Tomcat with the java property -Djava.security.debug=access,failure
defined, then review all the debug output.

More information on how the Tomcat SecurityManager works can be found at:

http://kinetic.more.net/web/javaserver/security.shtml

Regards,

Glenn

Andrew Cheng wrote:
> Quick question:
> 
> I have an applet that communicates with a servlet.  The servlet tries to
> download a DTD file from a third machine.  It gets a socket permission
> access denied exception.
> 
> I have wrapped the line of code in the servlet that downloads the file with
> a privileged block.
> 
> The line of code calls a method inside a jar file.  I have used the policy
> tool to grant all permissions to this jar file.  I have even tried granting
> all permissions to all code temporarily!
> 
> I have made sure to use the "-security" option when starting tomcat.  I have
> double checked this by looking at the log file and seeing that the security
> manager is being used.
> 
> However, my servlet still gets a socket permission access denied exception.
> The file I am trying to download is definitely downloadable from the machine
> that the servlet is running on.  Please tell me what I have forgotten to do.
> 
> Thanks in advance,
> Andrew
> grant {
>   permission java.security.AllPermission;
> };
> 
> grant codeBase "file:${catalina.home}/_____/-" {
>   permission java.net.SocketPermission "_____:8080", "accept, connect,
> listen, resolve";
> };
> 
> grant codeBase "file:${catalina.home}/_____/jdom.jar" {
>   permission java.security.AllPermission;
>   permission java.net.SocketPermission "_____:8080", "accept, connect,
> listen, resolve";
> };
> 
> grant codeBase "file:${catalina.home}/_____/jdom.jar!/-" {
>   permission java.security.AllPermission;
> };
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


-- 
----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message