tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: AccessControlException in Coyote Http11Processor (Tomcat 6.0.14). Bug in Coyote ?
Date Tue, 27 Nov 2007 18:21:20 GMT
Delian Krustev wrote:
> My guess is that either this is a bug in the Coyote HTTP connector or
> the security policy is not strict enough and one of the 
> installed applications (third party, I don't have access to the source)
> modifies the security manager somehow. My modifications
> to the policy do not appear to grant such permissions to the webapps, so if
> the assumption is right it's a bug in the distributed catalina.policy.

Webapps do have some default permissions (files and JNDI) so it is possible
that these are all the app requires to run.

The policy file as is should mean the code has access to the class. Not
sure why it fails.

Can you run the faulty instance with:
-Djava.security.debug=access,failure
and report the failure message.

If you can reproduce this at will then
-Djava.security.debug=all
would be better but it will generate lots of log data

I have also seen problems with policy files where I have had to use
${file.separator} rather than / but that was with java.io.FilePermission on
Windows rather than in the codebase.

Mark



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message