tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mouradk <mourad...@gmail.com>
Subject Re: Tomcat Security Limitation
Date Wed, 10 Oct 2012 16:35:45 GMT
Dear all,

Thanks all for your reply. I managed to get the debug logs on and those logs of interest were
set to WARN (warnings), they gave me an indication to the required security settings and I
finally got it to work !!

I am experiencing another problem now. But at least I got Tomcat security manager out of the
way…..I hope!

Many thanks,

Mourad

On 10 Oct 2012, at 15:37, André Warnier <aw@ice-sa.com> wrote:

> Mouradk wrote:
>> Hi Chris,
>> I am using Tomcat6 on ubuntu 10.10. I suppose when you say CATALINA_OPTS you mean
that in /usr/share/tomcat6/bin/catalina.sh .
>> I have added this as such:
>> CATALINA_OPTS="$CATALINA_OPTS $JPDA_OPTS, -Djava.security.debug=all"
>> I have also set the logging level to FINE in $CATALINA_HOME/conf/logging.properties
>> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = FINE
>> But not getting debug messages?
> 
> Mouradk,
> 
> Each Linux distribution has different ways of "packaging" software like Tomcat, and the
people on this list do not all have the same system, and they do not necessarily know which
files you are talking about on /your/ system.
> (These packages have a tendency to spread the software and the settings over many directories
and files; and they all do it differently).
> 
> For that reason, most people here will tend to refer to the "standard" Tomcat distribution,
which is the one that you can download from the Tomcat website, and which is know to all (and
is much simpler in terms of file structure).
> 
> The following info is thus only because I happen to have Tomcat running under Linux Debian
(similar to Ubuntu), and can compare things with my system.
> 
> Then,
> 
> - in general, if you want to follow how the Tomcat6 package starts Tomcat under Ubuntu/Debian,
look at the /etc/init.d/tomcat6 script.  That is the one that pulls in all the other ones,
sets the options, etc..
> - in the line you show above, there is a (wrong) comma after "$JPDA_OPTS".  Remove it.
> - you should generally not modify the catalina.sh script
> - if you make changes to environment variables like CATALINA_OPTS, put them in the separate
script "setenv.sh", which you will also find in the /usr/share/tomcat6/bin/ directory.  This
will be read by the catalina.sh script at startup of Tomcat.
> Add the line as :
> CATALINA_OPTS="$CATALINA_OPTS -Djava.security.debug=all"
> - under Ubuntu (as under Debian), you probably need to edit another file in order to
have the JVM start with the Java security manager enabled.  I don't know for Ubuntu, but under
Debian it would be /etc/default/tomcat6 and it should have a line like :
> TOMCAT_SECURITY=yes (or no)
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message