tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shilpa Nalgonda" <snalgo...@mypublisher.com>
Subject RE: java.security.AccessControlException: access denied
Date Tue, 24 Aug 2004 20:49:34 GMT
I am using -security option to run TC.
I am not quite sure about the syntax of the policy file, i should check
that,
but can u suggest me what is the correct syntax ?
and also i will try to read this file using some test.jsp and let you know.
thanks.

-----Original Message-----
From: Benjamin Armintor [mailto:Ben.Armintor@austin.utexas.edu]
Sent: Tuesday, August 24, 2004 4:42 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied


You shouldn't need to add it anywhere else: Permissions are cumulative,
so if that file permission is in a grant{} block, all the code running
under the jvm will have it.  You mentioned making the changes to
java.policy as well: This should be unnecessary, as the catalina.policy
file is the only one in effect if you start TC with the -security
option.  The situation as you're describing it sounds right, but since I
know from experience that the security manager works just fine in 4.1.x,
something is getting left out.

Are you using the -security option to get the security manager, or are
you using some parameters in $JAVA_OPTS?
Are you certain about the syntax of your policy file (although that
usually fails more dramatically than this)?
Can you write a test JSP or servlet that reads a file out of that
directory?

Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: b.armintor@its.utexas.edu



-----Original Message-----
From: Shilpa Nalgonda [mailto:snalgonda@mypublisher.com]
Sent: Tuesday, August 24, 2004 3:10 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied


No certs is a directory.  shall i add it in other place other than the
general grant block.

-----Original Message-----
From: Benjamin Armintor [mailto:Ben.Armintor@austin.utexas.edu]
Sent: Tuesday, August 24, 2004 4:09 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied


If "certs" is a file and not a directory, take off the "\\-" at the end
of the permission url.

Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: b.armintor@its.utexas.edu



-----Original Message-----
From: Shilpa Nalgonda [mailto:snalgonda@mypublisher.com]
Sent: Tuesday, August 24, 2004 2:50 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied


I added the below line in the general grant{} block.
permission java.io.FilePermission "C:\\Program Files\\Apache
Group\\Tomcat 4.1\\certs\\-", "read";

I tried placing the certs file in other directory too where there is no
whitespace issue.  But i still have the problem. can you think of
anything else?


-----Original Message-----
From: Benjamin Armintor [mailto:Ben.Armintor@austin.utexas.edu]
Sent: Tuesday, August 24, 2004 3:32 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied


Where did you add the permission in the catalina.policy file?  In a
general "grant{}" block? If not, it's possible that your code doesn't
have the permission.

It may also be the case that the whitespace in the filepath causes
problems, but someone who actually runs on Windows could tell you better
than I.

Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: b.armintor@its.utexas.edu



-----Original Message-----
From: Shilpa Nalgonda [mailto:snalgonda@mypublisher.com]
Sent: Tuesday, August 24, 2004 1:51 PM
To: tomcat-user@jakarta.apache.org
Subject: java.security.AccessControlException: access denied



I am running Tomcat4.1.30 on windows 2000, with security option turned
on. My java application which is using JDK 1.4, connects to the the
credit card authorizing company called verisign, and returns the
approval authorization code. I have installed the digital certificate on
$TOMCAT_HOME\certs directory. There are read permissions on the cert
file. But still for some reason the verisign is not able to read the
cert file due to the below error.

RESULT=-31&RESPMSG=The certificate chain did not validate, no local
certificate found, java.security.AccessControlException: access denied
(java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs
read)

However when i run Tomcat server without security, everything is file.
Somehow tomcat is restricting the permission to read the cert file.

Verisign uses Jsse.jar to do the security authentication.
I have modofied both java.policy and catalina.policy to grant permission
on the cert file as below. permission java.io.FilePermission
"C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-", "read";

But this does not help, is there anything else i should do to the
server.xml file...

How does the security manager runs in Tomcat4.1
Please help...



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message