tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Re: socket permission catalina.policy question
Date Thu, 17 Oct 2002 17:19:51 GMT
Everything seems fine...What is the exact error? I will try to setup my 
environment similar to you and see if I can reproduce the problem....The 
socket exception is from which component exactly?

-- Jeanfrancois

Andrew Cheng wrote:

>>Euh...Can you post your catalina.policy file? Maybe another permissions
>>is conflicting with the one you try to define. I'm doing some tests here
>>without any problems...
>>
>>-- Jeanfrancois
>>    
>>
>
>Below is my policy file.  (myApplication contains several servlets. Inside a
>privileged block, myServlet calls a method defined in jdom.jar in order to
>check some XML.  This method tries to get the DTD from
>http://the.third.machine:8080/dtd/my.dtd but encounters a socket permission
>exception.) By the way, thanks for sticking with this!
>
>Keep in mind that I am trying to grant boat loads of permissions in order to
>get it to work and when it does work I will take away those unnecessary
>permissions for security's sake.
>
>/* AUTOMATICALLY GENERATED ON Thu Oct 17 11:01:15 EDT 2002*/
>/* DO NOT EDIT */
>
>grant codeBase "file:${java.home}/lib/-" {
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${java.home}/jre/lib/ext/-" {
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${java.home}/../lib/-" {
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${java.home}/lib/ext/-" {
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${catalina.home}/common/-" {
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${catalina.home}/server/-" {
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${catalina.home}/lib/-" {
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${catalina.home}/classes/-" {
>  permission java.security.AllPermission;
>};
>
>grant {
>  permission java.util.PropertyPermission "java.home", "read";
>  permission java.util.PropertyPermission "java.naming.*", "read";
>  permission java.util.PropertyPermission "javax.sql.*", "read";
>  permission java.util.PropertyPermission "os.name", "read";
>  permission java.util.PropertyPermission "os.version", "read";
>  permission java.util.PropertyPermission "os.arch", "read";
>  permission java.util.PropertyPermission "file.separator", "read";
>  permission java.util.PropertyPermission "path.separator", "read";
>  permission java.util.PropertyPermission "line.separator", "read";
>  permission java.util.PropertyPermission "java.version", "read";
>  permission java.util.PropertyPermission "java.vendor", "read";
>  permission java.util.PropertyPermission "java.vendor.url", "read";
>  permission java.util.PropertyPermission "java.class.version", "read";
>  permission java.util.PropertyPermission "java.specification.version",
>"read";
>  permission java.util.PropertyPermission "java.specification.vendor",
>"read";
>  permission java.util.PropertyPermission "java.specification.name", "read";
>  permission java.util.PropertyPermission "java.vm.specification.version",
>"read";
>  permission java.util.PropertyPermission "java.vm.specification.vendor",
>"read";
>  permission java.util.PropertyPermission "java.vm.specification.name",
>"read";
>  permission java.util.PropertyPermission "java.vm.version", "read";
>  permission java.util.PropertyPermission "java.vm.vendor", "read";
>  permission java.util.PropertyPermission "java.vm.name", "read";
>  permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.*";
>  permission java.util.PropertyPermission "jaxp.debug", "read";
>  permission java.net.SocketPermission "the.third.machine:8080", "accept,
>connect, listen, resolve";
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${catalina.home}/myApplication/WEB-INF/lib/jdom.jar!/-"
>{
>  permission java.net.SocketPermission "the.third.machine:8080", "accept,
>connect, listen, resolve";
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${catalina.home}/myApplication/-" {
>  permission java.net.SocketPermission "the.third.machine:8080", "accept,
>connect, listen, resolve";
>};
>
>grant codeBase "file:${catalina.home}/WEB-INF/classes/-" {
>  permission java.net.SocketPermission "the.third.machine:8080", "accept,
>connect, listen, resolve";
>};
>
>grant codeBase "file:${catalina.home}/myApplication/myServlet/lib/jdom.jar"
>{
>  permission java.security.AllPermission;
>  permission java.net.SocketPermission "the.third.machine:8080", "accept,
>connect, listen, resolve";
>};
>
>grant codeBase
>"file:${catalina.home}/myApplication/myServlet/lib/jdom.jar!/-" {
>  permission java.security.AllPermission;
>};
>
>grant codeBase "file:${catalina.home}/myApplication/myServlet/-" {
>  permission java.security.AllPermission;
>  permission java.net.SocketPermission "the.third.machine:8080", "accept,
>connect, listen, resolve";
>};
>
>
>  
>
>>-----Original Message-----
>>From: Jean-Francois Arcand [mailto:jfarcand@apache.org]
>>Sent: Thursday, October 17, 2002 11:41 AM
>>To: Tomcat Users List
>>Subject: Re: socket permission catalina.policy question
>>
>>
>>Euh...Can you post your catalina.policy file? Maybe another permissions
>>is conflicting with the one you try to define. I'm doing some tests here
>>without any problems...
>>
>>-- Jeanfrancois
>>
>>Andrew Cheng wrote:
>>
>>    
>>
>>>Sorry, I forgot to mention that a guy on the project decided
>>>to be clever and he put the application in a directory next
>>>to (not inside) webapps.
>>>
>>>So inside ${catalina.home} there is myApplication and there is
>>>webapps.
>>>
>>>Inside myApplication is a bunch of servlets inside their own
>>>directories.
>>>
>>>The servlet I want to grant permission to is myServlet.
>>>
>>>Are you saying to do this?
>>>grant codeBase "file:${catalina.home}/myApplication/myServlet/-" {
>>> permission java.net.SocketPermission "the.third.machine:8080", "accept,
>>>connect,listen, resolve";
>>>};
>>>
>>>I have done it and it still gets a socket permission exception.
>>>
>>>
>>>
>>>
>>>      
>>>
>>>>-----Original Message-----
>>>>
>>>>You need to add
>>>>
>>>>webapps/
>>>>
>>>>after ${catalina.home}/
>>>>
>>>>;-)
>>>>
>>>>-- Jeanfrancois
>>>>
>>>>
>>>>
>>>>Andrew Cheng wrote:
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>>>          
>>>>>
>>>>>>You need to add the something like that:
>>>>>>
>>>>>>grant codeBase "file:${catalina.home}/ <<<your app>>/-"
{
>>>>>>    permission java.net.SocketPermission "dbhost.mycompany.com:5432",
>>>>>>"connect";
>>>>>>    permission java.net.SocketPermission "*.noaa.gov:80", "connect";
>>>>>>};
>>>>>>
>>>>>>-- Jeanfrancois
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>Thanks for the quick reply!
>>>>>But I have *already* done this and it still does not work.
>>>>>
>>>>>the file to download is http://the.third.machine:8080/my.dtd
>>>>>
>>>>>and in catalina.policy I have:
>>>>>
>>>>>grant codeBase "file:${catalina.home}/myApplication/-" {
>>>>>permission java.net.SocketPermission
>>>>>          
>>>>>
>>"the.third.machine:8080", "accept,
>>    
>>
>>>>>connect,
>>>>>listen, resolve";
>>>>>};
>>>>>
>>>>>grant codeBase "file:${catalina.home}/path/to/my.jar" {
>>>>>permission java.security.AllPermission;
>>>>>permission java.net.SocketPermission
>>>>>          
>>>>>
>>"the.third.machine:8080", "accept,
>>    
>>
>>>>>connect,
>>>>>listen, resolve";
>>>>>};
>>>>>
>>>>>grant codeBase "file:${catalina.home}/path/to/my.jar!/-" {
>>>>>permission java.security.AllPermission;
>>>>>};
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Jean-Francois Arcand [mailto:jfarcand@apache.org]
>>>>>>Sent: Thursday, October 17, 2002 10:20 AM
>>>>>>To: Tomcat Users List
>>>>>>Subject: Re: socket permission catalina.policy question
>>>>>>
>>>>>>
>>>>>>You need to add the something like that:
>>>>>>
>>>>>>grant codeBase "file:${catalina.home}/webapps/<<<your app>>/-"
{
>>>>>>    permission java.net.SocketPermission "dbhost.mycompany.com:5432",
>>>>>>"connect";
>>>>>>    permission java.net.SocketPermission "*.noaa.gov:80", "connect";
>>>>>>};
>>>>>>
>>>>>>-- Jeanfrancois
>>>>>>
>>>>>>Andrew Cheng wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>Quick question:
>>>>>>>
>>>>>>>I have an applet that communicates with a servlet.  The
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>servlet tries to
>>>>
>>>>
>>>>        
>>>>
>>>>>>>download a DTD file from a third machine.  It gets a socket
>>>>>>>              
>>>>>>>
>>permission
>>    
>>
>>>>>>>access denied exception.
>>>>>>>
>>>>>>>I have wrapped the line of code in the servlet that downloads
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>the file with
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>a privileged block.
>>>>>>>
>>>>>>>The line of code calls a method inside a jar file.  I have used
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>the policy
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>tool to grant all permissions to this jar file.  I have even
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>tried granting
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>all permissions to all code temporarily!
>>>>>>>
>>>>>>>I have made sure to use the "-security" option when starting
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>tomcat.  I have
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>double checked this by looking at the log file and seeing that
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>the security
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>manager is being used.
>>>>>>>
>>>>>>>However, my servlet still gets a socket permission access denied
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>exception.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>The file I am trying to download is definitely downloadable from
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>the machine
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>that the servlet is running on.  Please tell me what I have
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>forgotten to do.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>Thanks in advance,
>>>>>>>Andrew
>>>>>>>grant {
>>>>>>>permission java.security.AllPermission;
>>>>>>>};
>>>>>>>
>>>>>>>grant codeBase "file:${catalina.home}/_____/-" {
>>>>>>>permission java.net.SocketPermission "_____:8080", "accept, connect,
>>>>>>>listen, resolve";
>>>>>>>};
>>>>>>>
>>>>>>>grant codeBase "file:${catalina.home}/_____/jdom.jar" {
>>>>>>>permission java.security.AllPermission;
>>>>>>>permission java.net.SocketPermission "_____:8080", "accept, connect,
>>>>>>>listen, resolve";
>>>>>>>};
>>>>>>>
>>>>>>>grant codeBase "file:${catalina.home}/_____/jdom.jar!/-" {
>>>>>>>permission java.security.AllPermission;
>>>>>>>};
>>>>>>>
>>>>>>>
>>>>>>>--
>>>>>>>To unsubscribe, e-mail:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>For additional commands, e-mail:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>><mailto:tomcat-user-help@jakarta.apache.org>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>--
>>>>>To unsubscribe, e-mail:
>>>>><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>>>>For additional commands, e-mail:
>>>>><mailto:tomcat-user-help@jakarta.apache.org>
>>>>>
>>>>>
>>>>>--
>>>>>To unsubscribe, e-mail:
>>>>>
>>>>>
>>>>>          
>>>>>
>>><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>>
>>>
>>>      
>>>
>>>>For additional commands, e-mail:
>>>>
>>>>
>>>>        
>>>>
>>><mailto:tomcat-user-help@jakarta.apache.org>
>>>
>>>
>>>      
>>>
>>>>
>>>>
>>>>        
>>>>
>>>--
>>>To unsubscribe, e-mail:
>>>      
>>>
><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>  
>
>>For additional commands, e-mail:
>>    
>>
><mailto:tomcat-user-help@jakarta.apache.org>
>  
>
>>
>>
>>    
>>
>
>
>--
>To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
>
>
>  
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message