tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Gainty" <mgai...@hotmail.com>
Subject Re: java.util.PropertyPermission
Date Tue, 25 Jul 2006 21:00:23 GMT
If the log4j classes are not specifically located in /usr/local/apache/vhosts/www/webapps/DHS
then You need to grant a minimum of read,execute access to Log4j librariesin catalina.policy
//lets assume you dropped your log4j.jar in %CATALINA_HOME%/shared/lib
//catalina.policy
grant codeBase "file:${catalina.home}/shared/lib/log4j.jar" {
      permission java.util.PropertyPermission "org.apache.log4j.*", "read,execute";";
};
M-
*********************************************************************
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed.  If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy.  Thank you.



----- Original Message ----- 
From: "Ryan Daly" <daly@ctc.com>
To: "Martin Gainty" <mgainty@hotmail.com>
Cc: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, July 25, 2006 4:03 PM
Subject: Re: java.util.PropertyPermission


> Sure.  I have the following in my policy file:
> 
> // ========== DHS ==========
> grant codeBase "file:/usr/local/apache/vhosts/www/webapp/DHS/-"
> {
>  // Runtime permissions
>  permission java.util.PropertyPermission "*", "read,write";
>  permission java.lang.RuntimePermission "accessDeclaredMembers";
>  permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
>  permission java.lang.RuntimePermission "stopThread";
>  permission java.lang.RuntimePermission "setContextClassLoader";
>  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
> };
> 
> Yet, in catalina.out, I see:
> 
> access: access denied (java.util.PropertyPermission
> log4j.defaultInitOverride read)
> --
> 
> Martin Gainty wrote:
>> can you provide the specific example where a webapp doesnt apply permissions from
catalina.policy 
>> M-
>> *********************************************************************
>> This email message and any files transmitted with it contain confidential
>> information intended only for the person(s) to whom this email message is
>> addressed.  If you have received this email message in error, please notify
>> the sender immediately by telephone or email and destroy the original
>> message without making a copy.  Thank you.
>> 
>> 
>> 
>> ----- Original Message ----- 
>> From: "Ryan Daly" <daly@ctc.com>
>> To: "Tomcat Users List" <users@tomcat.apache.org>
>> Cc: "Propes, Barry L" <barry.l.propes@citigroup.com>
>> Sent: Tuesday, July 25, 2006 3:34 PM
>> Subject: Re: java.util.PropertyPermission
>> 
>> 
>>> I'm not following what you're suggesting.
>>> --
>>>
>>> Propes, Barry L wrote:
>>>> isn't that because the permission object picks all of that up as one item,
and overrides your separate setting?
>>>>
>>>> I would think it would. Wouldn't you need to create an entire new object
or not for that to work?
>>>>
>>>> -----Original Message-----
>>>> From: Ryan Daly [mailto:daly@ctc.com]
>>>> Sent: Tuesday, July 25, 2006 2:01 PM
>>>> To: Tomcat Users List
>>>> Subject: java.util.PropertyPermission
>>>>
>>>>
>>>> All:
>>>>
>>>> I have started seeing problems with using the
>>>> java.util.PropertyPermission setting in the catalina.policy file.
>>>>
>>>> I have the following line:
>>>>
>>>> permission java.util.PropertyPermission "*", "read,write";
>>>>
>>>> If that's in my policy entry for the specific web application, it does
>>>> not get picked up.  If I have that in the area that gets applied to all
>>>> web applications, it seems to work just fine.
>>>>
>>>> Has anyone else seen this?  Is this a bug or did something change that
>>>> would make me have to modify the policy file in some way?
>>>>
>>>> Thanks.
>>>> --
>>>>
>>>> ---------------------------------------------------------------------
>>>> To start a new topic, e-mail: users@tomcat.apache.org
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>> 
>> 
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
>
Mime
View raw message