tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Daly <d...@ctc.com>
Subject Re: java.util.PropertyPermission
Date Tue, 25 Jul 2006 19:56:13 GMT
I have those entries.  Those are the default entries included with
Tomcat (which I'm using 5.5.9).

In my years administering Tomcat, I have always created additional
entries and not touched the default entries.  The entries I add are per
application running under that certain Tomcat instance.

It now appears that I'm getting JAR files in the work folder that are
requesting permissions, and it doesn't realize that they came from the
application that already was granted that permission.

Is that normal?  I need to explicitly set those permissions all of a sudden?
--

Propes, Barry L wrote:
> I think you need to not remove the code, but add an additional one?
>
> My policy file looks like so. Without having touched it.
>
>
> // These permissions are granted by default to all web applications
> // In addition, a web application will be given a read FilePermission
> // and JndiPermission for all files and directories in its document root.
> grant { 
>         // Required for JNDI lookup of named JDBC DataSource's and
>         // javamail named MimePart DataSource used to send mail
>         permission java.util.PropertyPermission "java.home", "read";
>         permission java.util.PropertyPermission "java.naming.*", "read";
>         permission java.util.PropertyPermission "javax.sql.*", "read";
>
>         // OS Specific properties to allow read access
> 	permission java.util.PropertyPermission "os.name", "read";
> 	permission java.util.PropertyPermission "os.version", "read";
> 	permission java.util.PropertyPermission "os.arch", "read";
> 	permission java.util.PropertyPermission "file.separator", "read";
> 	permission java.util.PropertyPermission "path.separator", "read";
> 	permission java.util.PropertyPermission "line.separator", "read";
>
>         // JVM properties to allow read access
>         permission java.util.PropertyPermission "java.version", "read";
>         permission java.util.PropertyPermission "java.vendor", "read";
>         permission java.util.PropertyPermission "java.vendor.url", "read";
>         permission java.util.PropertyPermission "java.class.version", "read";
> 	permission java.util.PropertyPermission "java.specification.version", "read";
> 	permission java.util.PropertyPermission "java.specification.vendor", "read";
> 	permission java.util.PropertyPermission "java.specification.name", "read";
>
> 	permission java.util.PropertyPermission "java.vm.specification.version", "read";
> 	permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
> 	permission java.util.PropertyPermission "java.vm.specification.name", "read";
> 	permission java.util.PropertyPermission "java.vm.version", "read";
> 	permission java.util.PropertyPermission "java.vm.vendor", "read";
> 	permission java.util.PropertyPermission "java.vm.name", "read";
>
>
> Which version are you using?
>
> -----Original Message-----
> From: Ryan Daly [mailto:daly@ctc.com]
> Sent: Tuesday, July 25, 2006 2:43 PM
> To: Propes, Barry L
> Subject: Re: java.util.PropertyPermission
>
>
> Well, I removed some to verify that the block was being picked up.  When
> I remove lines from:
>
> //grant codeBase "file:/usr/local/apache/vhosts/www/webapp/ART/-" {
>
> I started seeing more 'access denied' messages.  It appears that the
> codeBase block is being picked up.
> --
>
> Propes, Barry L wrote:
>   
>> sorry, I think I may have worded that incorrectly. Did you add any more grant statements
to the file?
>>
>> -----Original Message-----
>> From: Ryan Daly [mailto:daly@ctc.com]
>> Sent: Tuesday, July 25, 2006 2:35 PM
>> To: Tomcat Users List
>> Cc: Propes, Barry L
>> Subject: Re: java.util.PropertyPermission
>>
>>
>> I'm not following what you're suggesting.
>> --
>>
>> Propes, Barry L wrote:
>>     
>>> isn't that because the permission object picks all of that up as one item, and
overrides your separate setting?
>>>
>>> I would think it would. Wouldn't you need to create an entire new object or not
for that to work?
>>>
>>> -----Original Message-----
>>> From: Ryan Daly [mailto:daly@ctc.com]
>>> Sent: Tuesday, July 25, 2006 2:01 PM
>>> To: Tomcat Users List
>>> Subject: java.util.PropertyPermission
>>>
>>>
>>> All:
>>>
>>> I have started seeing problems with using the
>>> java.util.PropertyPermission setting in the catalina.policy file.
>>>
>>> I have the following line:
>>>
>>> permission java.util.PropertyPermission "*", "read,write";
>>>
>>> If that's in my policy entry for the specific web application, it does
>>> not get picked up.  If I have that in the area that gets applied to all
>>> web applications, it seems to work just fine.
>>>
>>> Has anyone else seen this?  Is this a bug or did something change that
>>> would make me have to modify the policy file in some way?
>>>
>>> Thanks.
>>> --
>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>>       
>>     
>
>
>
>   

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message