tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <gl...@mail.more.net>
Subject Re: Security manager and request.getParameter() access error
Date Sun, 20 Oct 2002 11:54:29 GMT
Check your catalina.policy and see if the following 4 permissions are
granted in the default policy:

   // Required for sevlets and JSP's
   permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
   permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util.*";
   permission java.lang.RuntimePermission "defineClassInPackage.org.apache.catalina.util";
   permission java.lang.RuntimePermission "defineClassInPackage.org.apache.catalina.util.*";

Java 1.4 is more picky about the RuntimePermission accessClassInPackage and
defineClassInPackage permissions.

Regards,

Glenn

Dala wrote:
> When I use the security manager in Tomcat (4.1.12-LE-jdk1.4) some  strange
> problems occur.
> When I execute the following simple JSP code:
> <% request.getParameter("foo"); %>
> 
> I get the following exception:
> org.apache.jasper.JasperException: org/apache/catalina/util/ParameterMap
> 	at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2
> 48)
> 	at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
> 	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> 	at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
> FilterChain
> ...
> 
> I also start tomcat with security debub info enabled (i.e.
> CATALINA_OPTS=-Djava.security.debug=failure) but the log files do not
> report any errors, except for the exception of course.
> 
> I use the standard policy rules as stated in the file catalina.policy. I
> even tried to grant the additional following rules, but nothing have helped
> so far:
>    permission java.lang.RuntimePermission
> "accessClassInPackage.javax.servlet";
>    permission java.lang.RuntimePermission
> "accessClassInPackage.javax.servlet.*";
> 
> If I grant all permissions (i.e. permission java.security.AllPermission;) to
> my code base, then everything works fine.
> 
> What is the problem?
> Have I missed something obvious here?
> 
> /Tommy
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>




--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message