tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat Security Limitation
Date Wed, 10 Oct 2012 13:20:34 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mouradk,

On 10/10/12 7:49 AM, Mouradk wrote:
> I am running a servlet that reads and writes to an remote instance
> of = Hbase/Hadoop on ec2. When the security manager is off, all is
> fine. But = when the manager is on, write and read operations
> fail.
> 
> I have the following permissions on my 04webapps.policy file:

04webapps.policy isn't a file I recognize as one that Tomcat reads. Is
this something that your local installation supports in some way?

> permission java.net.SocketPermission = 
> "ip-10-234-X-X.eu-west-1.compute.internal:*", "connect,resolve"; 
> permission java.net.SocketPermission "10.234.X.X:*", = 
> "connect,resolve"; =20 (10.234.X.X) being the address of the remote
> instance with Hbase.
> 
> I cannot track anything in the logs. No error or exception,the app
> just = freezes.

Try adding this to CATALINA_OPTS:

  -Djava.security.debug=all

This will give you a whole bunch of information about what the
SecurityManager is doing, including dumping errors when security
checks fail.

If you only want to see failures (which is usually the case), try this:

  -Djava.security.debug=access:failure

If you want to know the full range of options in your environment, run:

  java -Djava.security.debug=help

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlB1diIACgkQ9CaO5/Lv0PARYACeNGI54lL44lGSbOOArxtZ3sYB
0A8An2CM1W90Yh08C0yNMc1n8wmcR/7D
=O6NC
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message