tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Crecente <dc...@tid.es>
Subject RE: Admin and Manager applications don't work withmodifiedCATALINA_BASE and startup.sh -security
Date Tue, 07 Dec 2004 14:45:39 GMT
I saved my problem with your tip.
Thank you very much.

-----Mensaje original-----
De: Andoni [mailto:andonilist@eurokom.ie]
Enviado el: martes, 30 de noviembre de 2004 12:12
Para: Tomcat Users List
Asunto: Re: Admin and Manager applications don't work
withmodifiedCATALINA_BASE and startup.sh -security


Your problem is this one line:

java.security.AccessControlException: access denied (java.io.FilePermission
/iobox/servicios/desarrollo/mms/webapps/admin/WEB-INF/lib/struts.jar read)

Forget about all the rest.

You have put the following into catalina.policy:

>    catalina.policy in $CATALINA_BASE/conf was modified with:
> grant codeBase
>
"file:/iobox/Sw_comercial/Tomcat/jakarta-tomcat-4.1.31/server/webapps/admin/
> WEB-INF/classes/-" {
>   permission java.security.AllPermission;
> };

I would recommend that you fix the problem by taking out the directory here
and starting with full permissions to be sure everything works then:

grant {
permission java.security.AllPermission;
}

Assuming that this box is not live on the web and that you trust everyone
who has access to it! Then add the directories one at a time, testing as you
go:

grant codeBase "file:/iobox/-" {
permission java.security.AllPermission;
}

Then grow it up until something breaks again.

Andoni.

----- Original Message -----
From: "David Crecente" <dcc65@tid.es>
Newsgroups: gmane.comp.jakarta.tomcat.user
Sent: Tuesday, November 30, 2004 9:03 AM
Subject: Admin and Manager applications don't work with modified
CATALINA_BASE and startup.sh -security


>    Hi all,
>    I have problems to run jakarta-tomcat-4.1.31 with CATALINA_BASE other
> than CATALINA_HOME using security.
>
>    I use "startup.sh -security".
>
>    My CATALINA_HOME is /iobox/Sw_comercial/Tomcat/jakarta-tomcat-4.1.31
>    My CATALINA_BASE is /iobox/servicios/desarrollo/mms
>    My admin.xml is in /iobox/servicios/desarrollo/mms/webapps
>    My manager.xml is in /iobox/servicios/desarrollo/mms/webapps
>
>    admin.xml and manager.xml were modified following
> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/RUNNING.txt
> so, admin.xml has
> <Context path="/admin"
>
docBase="/iobox/Sw_comercial/Tomcat/jakarta-tomcat-4.1.31/server/webapps/adm
> in"
>         debug="0" privileged="true">
> and manager.xml has
> <Context path="/admin"
>
docBase="/iobox/Sw_comercial/Tomcat/jakarta-tomcat-4.1.31/server/webapps/man
> ager"
>         debug="0" privileged="true">
>
>    catalina.policy in $CATALINA_BASE/conf was modified with:
> grant codeBase
>
"file:/iobox/Sw_comercial/Tomcat/jakarta-tomcat-4.1.31/server/webapps/admin/
> WEB-INF/classes/-" {
>   permission java.security.AllPermission;
> };
>
> grant codeBase
>
"file:/iobox/Sw_comercial/Tomcat/jakarta-tomcat-4.1.31/server/webapps/admin/
> WEB-INF/lib/struts.jar" {
>   permission java.security.AllPermission;
> };
>
>    When Tomcat is starting I get the next exception:
> ----- Root Cause -----
> java.security.AccessControlException: access denied
(java.io.FilePermission
> /iobox/servicios/desarrollo/mms/webapps/admin/WEB-INF/lib/struts.jar read)
>         at
>
java.security.AccessControlContext.checkPermission(AccessControlContext.java
> :270)
>
> Any idea will be appreciated.
> Thank you in advance.
>
>
> Full exception is:
> 2004-11-30 09:14:52 StandardWrapper[/admin:default]: Loading container
> servlet default
> 2004-11-30 09:14:52 StandardContext[/admin]: Servlet /admin threw load()
> exception
> javax.servlet.ServletException: Servlet.init() for servlet action threw
> exception
>         at
>
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:91
> 6)
>         at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:776)
>         at
>
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:
> 3363)
>         at
> org.apache.catalina.core.StandardContext.start(StandardContext.java:3586)
>         at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1141)
>         at
> org.apache.catalina.core.StandardHost.start(StandardHost.java:707)
>         at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1141)
>         at
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:316)
>         at
> org.apache.catalina.core.StandardService.start(StandardService.java:450)
>         at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:2143)
>         at org.apache.catalina.startup.Catalina.start(Catalina.java:463)
>         at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
>         at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
> )
>         at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
> .java:25)
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)
> ----- Root Cause -----
> java.security.AccessControlException: access denied
(java.io.FilePermission
> /iobox/servicios/desarrollo/mms/webapps/admin/WEB-INF/lib/struts.jar read)
>         at
>
java.security.AccessControlContext.checkPermission(AccessControlContext.java
> :270)
>         at
> java.security.AccessController.checkPermission(AccessController.java:401)
>         at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
>         at java.lang.SecurityManager.checkRead(SecurityManager.java:887)
>         at java.util.zip.ZipFile.<init>(ZipFile.java:107)
>         at java.util.jar.JarFile.<init>(JarFile.java:117)
>         at java.util.jar.JarFile.<init>(JarFile.java:55)
>         at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:55)
>         at
> sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:40)
>         at
> sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:53)
>         at
>
sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:85)
>         at
>
sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.ja
> va:105)
>         at java.net.URL.openStream(URL.java:960)
>         at
> org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown Source)
>         at org.apache.xerces.impl.XMLEntityManager.startEntity(Unknown
> Source)
>         at org.apache.xerces.impl.XMLEntityManager.startDTDEntity(Unknown
> Source)
>         at org.apache.xerces.impl.XMLDTDScannerImpl.setInputSource(Unknown
> Source)
>         at
>
org.apache.xerces.impl.XMLDocumentScannerImpl$DTDDispatcher.dispatch(Unknown
> Source)
>         at
> org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
> Source)
>         at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
> Source)
>         at org.apache.xerces.parsers.DTDConfiguration.parse(Unknown
Source)
>         at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
>         at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
Source)
>         at org.apache.commons.digester.Digester.parse(Digester.java:1567)
>         at
>
org.apache.struts.action.ActionServlet.initServlet(ActionServlet.java:1433)
>         at
> org.apache.struts.action.ActionServlet.init(ActionServlet.java:466)
>         at
>
org.apache.webapp.admin.ApplicationServlet.init(ApplicationServlet.java:107)
>         at javax.servlet.GenericServlet.init(GenericServlet.java:212)
>         at
>
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:88
> 8)
>         at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:776)
>         at
>
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:
> 3363)
>         at
> org.apache.catalina.core.StandardContext.start(StandardContext.java:3586)
>         at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1141)
>         at
> org.apache.catalina.core.StandardHost.start(StandardHost.java:707)
>         at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1141)
>         at
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:316)
>         at
> org.apache.catalina.core.StandardService.start(StandardService.java:450)
>         at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:2143)
>         at org.apache.catalina.startup.Catalina.start(Catalina.java:463)
>         at org.apache.catalina.startup.Catalina.execute(Catalina.java:350)
>         at org.apache.catalina.startup.Catalina.process(Catalina.java:129)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
> )
>         at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
> .java:25)
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:156)
>
> 2004-11-30 09:14:52 StandardWrapper[/admin:invoker]: Loading container
> servlet invoker


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message