tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Seaman, Sloan" <Sloan.Sea...@ptilabs.com>
Subject SecurityManager
Date Fri, 27 Aug 2004 12:14:30 GMT
> I'm trying to get an application I have to use the SecurityManager object
> from Tomcat.
> 
> I've added the -security to my startup so that it is enabled.
> 
> When I do a System.getSecurityManager() it returns a null object.
> 
> If I try and create my own SecurityManager and set it via
> System.setSecurityManager, I get:
> 004-08-26 14:07:47 StandardContext[/clinicalTrials]Exception starting
> filter SessionFilter
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission getClassLoader)
> 	at
> java.security.AccessControlContext.checkPermission(AccessControlContext.ja
> va:269)
> 	at
> java.security.AccessController.checkPermission(AccessController.java:401)
> 	at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
> 	at java.lang.Thread.getContextClassLoader(Thread.java:1182)
> 	at
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
> erConfig.java:207)
> 	at
> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
> ilterConfig.java:308)
> 	at
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
> onfig.java:79)
> 
> The only info I have added to the catalina.policy file is:
> grant {
>     permission javax.security.auth.AuthPermission "createLoginContext";
>     permission javax.security.auth.AuthPermission "doAs";
>     permission javax.security.auth.AuthPermission "doAsPrivileged";
>     permission javax.security.auth.AuthPermission "modifyPrincipals";
>     permission javax.security.auth.AuthPermission "getSubject"; 
> };
> 
> grant principal com.ptilabs.commons.jaas.authentication.ldap.LDAPPrincipal
> "_app_Clinical_Trials" {
> 	permission com.ptilabs.commons.jaas.authorization.URLPermission
> "/clinicalTrials/app/*";
> };
> 
> Can someone tell me what I am doing wrong?  
> 
> I have a command line version for testing that works fine.  It is when I
> try and do things under Tomcat that everything blows up.
> 
> Thanks!
> 
> --
> Sloan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message