tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lloyd A Duke ...@lloyd-duke.net>
Subject Security for tomact 4.0.3
Date Wed, 26 Feb 2003 16:19:27 GMT
All,
I have been wrestling with this for a week, to no avail. <sigh>

I am trying to run tomcat with the security flag on. (Win2K)

I have added the following to my catilina.policy

grant codeBase 
"file:C:/dev/jakarta-tomcat-4.0.3/webapps/ROOT/WEB-INF/lib/site.jar" {
     permission java.util.PropertyPermission 
"javax.xml.parsers.SAXParserFactory", "read";
     permission java.util.PropertyPermission "false", "read";
     permission java.net.SocketPermission "127.0.0.1:8080", 
"connect,resolve";
     permission java.io.FilePermission "/home/-", "read,write";
     permission java.io.FilePermission 
"\\home\\virtual\\site64\\fst\\var\\www\\html\\WEB-INF\\logs", "read,write";
};


I get the following from my dump of the security debugger.


policy:   codeBase 
file:C:/dev/jakarta-tomcat-4.0.3/webapps/ROOT/WEB-INF/lib/site.jar

policy:

policy:   (java.util.PropertyPermission 
javax.xml.parsers.SAXParserFactory read)

policy:   (java.util.PropertyPermission false read)

policy:   (java.net.SocketPermission 127.0.0.1:8080 connect,resolve)

policy:   (java.io.FilePermission /home/- read,write)

policy:   (java.io.FilePermission 
\home\virtual\site64\fst\var\www\html\WEB-INF\logs read,write)

policy:


access: access denied (java.io.FilePermission 
\home\virtual\site64\fst\var\www\html\WEB-INF\logs read)

java.lang.Exception: Stack trace

	at java.lang.Thread.dumpStack(Thread.java:997)

	at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:261)

	at 
java.security.AccessController.checkPermission(AccessController.java:399)

	at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)

	at java.lang.SecurityManager.checkRead(SecurityManager.java:890)

	at java.io.File.exists(File.java:546)

	at java.io.File.mkdirs(File.java:978)

	at site.appobj.LogThread.<init>(LogThread.java:30)

	at site.appobj.Logger.startup(Logger.java:52)

	at site.appobj.Logger.init(Logger.java:40)

	at site.appobj.Logger.init(Logger.java:23)

	at site.listener.ContextListener.startLogger(ContextListener.java:92)

	at 
site.listener.ContextListener.contextInitialized(ContextListener.java:50)

	at 
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3175)

	at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:3378)

	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)

	at org.apache.catalina.core.StandardHost.start(StandardHost.java:614)

	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)

	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343)

	at org.apache.catalina.core.StandardService.start(StandardService.java:388)

	at org.apache.catalina.core.StandardServer.start(StandardServer.java:506)

	at org.apache.catalina.startup.Catalina.start(Catalina.java:781)

	at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)

	at org.apache.catalina.startup.Catalina.process(Catalina.java:179)

	at java.lang.reflect.Method.invoke(Native Method)

	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)

access: domain that failed ProtectionDomain 
(jar:file:C:/dev/jakarta-tomcat-4.0.3/webapps/ROOT/WEB-INF/lib/site.jar!/site/appobj/LogThread.class

<no certificates>)
java.security.Permissions@315d34 (
  (java.io.FilePermission 
C:\dev\jakarta-tomcat-4.0.3\webapps\ROOT\WEB-INF\lib\site.jar read)
  (java.io.FilePermission C:\dev\jakarta-tomcat-4.0.3\webapps\ROOT\- read)
  (java.io.FilePermission 
C:\dev\jakarta-tomcat-4.0.3\webapps\ROOT\WEB-INF\lib\- read)
  (java.net.SocketPermission localhost:1024- listen,resolve)
  (org.apache.naming.JndiPermission jndi:/localhost/WEB-INF/classes/*)
  (org.apache.naming.JndiPermission jndi:/localhost/WEB-INF/lib/*)
  (org.apache.naming.JndiPermission jndi:/localhost/*)
  (java.lang.RuntimePermission stopThread)
  (java.util.PropertyPermission java.vendor read)
  (java.util.PropertyPermission java.specification.version read)
  (java.util.PropertyPermission line.separator read)
  (java.util.PropertyPermission java.class.version read)
  (java.util.PropertyPermission java.specification.name read)
  (java.util.PropertyPermission java.vendor.url read)
  (java.util.PropertyPermission java.vm.version read)
  (java.util.PropertyPermission os.name read)
  (java.util.PropertyPermission os.arch read)
  (java.util.PropertyPermission os.version read)
  (java.util.PropertyPermission java.version read)
  (java.util.PropertyPermission java.vm.specification.version read)
  (java.util.PropertyPermission java.vm.specification.name read)
  (java.util.PropertyPermission java.specification.vendor read)
  (java.util.PropertyPermission java.vm.vendor read)
  (java.util.PropertyPermission file.separator read)
  (java.util.PropertyPermission path.separator read)
  (java.util.PropertyPermission java.vm.name read)
  (java.util.PropertyPermission java.vm.specification.vendor read)
)



any idea why tomcat isnt applying these permissions?



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message