tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Garcia" <alexander00...@msn.com>
Subject Catalina.policy java.security.AllPermission
Date Wed, 08 May 2013 22:18:05 GMT
Hi,
I have a problem with the Catalina’s security manager.

We are using Tomcat 6, with JDK 6 and JSF 2.1 with Spring, JPA and ICEFaces. My app works
very well when I run my app with the security manager disable.

The problem presents when I enable the security manager of Tomcat. My app fails when Tomcat
start giving me the next log:

INFO: Checking whether login URL '/security/login.jsf' is accessible with your configuration
8/05/2013 12:29:11 PM org.springframework.web.context.ContextLoader initWebApplicationContext
INFO: Root WebApplicationContext: initialization completed in 1969 ms
8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start
SEVERE: Falló en arranque del Contexto [/WebRed] debido a errores previos
8/05/2013 12:29:11 PM com.sun.faces.config.ConfigureListener contextDestroyed
SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime
java.lang.NullPointerException
at com.sun.faces.config.ConfigureListener.getInitFacesContext(ConfigureListener.java:740)
at com.sun.faces.config.ConfigureListener.contextDestroyed(ConfigureListener.java:300)
at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4245)
at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4886)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4750)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:146)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:777)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:943)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:563)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1399)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:762)
at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1500)
at org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:252)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:194)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:250)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)

The app works very when I put this line in the Catalina.policy

grant codeBase "file:${catalina.home}/webapps/WebRed/-" {
permission java.security.AllPermission;
};

There was other errors because the permissions, but I have been add some and the lines are
the next:

grant codeBase "file:${catalina.home}/webapps/WebRed/-" {
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.core";
permission java.lang.RuntimePermission "accessClassInPackage.org.springframework.web.context";
permission java.lang.RuntimePermission "accessClassInPackage.org.springframework.web.context.request";
permission java.lang.RuntimePermission "accessClassInPackage.org.springframework.web.filter";
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.faces.config";
permission java.lang.RuntimePermission "accessClassInPackage.org.icefaces.util";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission org.apache.naming.JndiPermission "jndi://localhost/WebRed/*";
permission java.io.FilePermission "/WebRed", "read";
permission java.io.FilePermission "${catalina.home}/webapps/WebRed", "read,write";
permission java.io.FilePermission "${catalina.home}/webapps/WebRed/-", "read,write,delete";
permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory.HashtableImpl",
"read";
permission java.util.PropertyPermission "org.springframework.web.context.request", "read";
permission java.util.PropertyPermission "org.springframework.web.servlet", "read";
permission java.util.PropertyPermission "org.springframework.web.context", "read"; 
permission java.util.PropertyPermission "org.apache.catalina.manager.util", "read";
permission java.util.PropertyPermission "org.apache.catalina.manager", "read";
permission java.util.PropertyPermission "org.apache.catalina", "read";
permission java.util.PropertyPermission "org.apache.catalina.core", "read";
permission java.util.PropertyPermission "spring.security.strategy", "read";
permission java.util.PropertyPermission "com.icesoft.faces.webapp", "read";
permission java.util.PropertyPermission "com.sun.faces.config", "read";
permission java.util.PropertyPermission "javax.faces.webapp", "read";
permission java.util.PropertyPermission "catalina.base", "read";
permission java.util.PropertyPermission "org.icefaces.util", "read";
};

But still the app not works and I do not know what other permissions it needs to run.

As I mentioned I think it’s only permission that are requiered, because with “java.security.AllPermission;”
works very well.

Thank you
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message