uima-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stergos D. Afantenos" <stergos.afante...@univ-nantes.fr>
Subject Re: Simple Rest Server
Date Wed, 17 Jun 2009 14:52:16 GMT
Dear Roberto,

thank you very much for your comments. Actually I had already tried
what you suggested several days ago, but I was still getting some
exceptions, albeit somewhat different from the ones that I was
receiving before.

Trying once again what you suggested I realized that since I had just
before launched Tomcat as a root with a command of my own (see my
initial mail), the pears had been extracted and the created folders
belonged to the root user. Thus, when I launched once again Tomcat via
the normal procedure (/etc/init.d/tomcat5.5 restart), even with the
option TOMCAT5_SECURITY=no, Tomcat could not read or write to the
extracted folders since they did not belong to the Tomcat user. Once I
realized what was going on, I deleted those folders and kept the
option TOMCAT5_SECURITY=no.

As a consequence all my web services now work without any problems.
Since I have performed all the tests locally, all that I need to do
now is to convince our server administrator that Tomcat should run by
default without the security manager turned on ... wish me good luck
!!

In any case thanks a lot for your suggestion. For the moment the
problem seems to have been solved, or more precisely it seems to have
been shoveled under the rug.

In case that I stumble over a better solution I will keep you informed.

Best,
Stergos D. Afantenos

On Tue, Jun 16, 2009 at 2:13 PM, Roberto
Franchini<ro.franchini@gmail.com> wrote:
> On Mon, Jun 15, 2009 at 6:53 PM, Stergos D. Afantenos <
> stergos.afantenos@univ-nantes.fr> wrote:
>
>> Dear all,
>>
>> [cut]
>
>
>
>> java.security.AccessControlException: access denied
>> (java.util.PropertyPermission * read,write)
>>
>>  java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
>>
>>  java.security.AccessController.checkPermission(AccessController.java:553)
>>        java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>>
>>  java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1269)
>>        java.beans.Introspector.setBeanInfoSearchPath(Introspector.java:316)
>>
>>  org.apache.uima.impl.UIMAFramework_impl._initialize(UIMAFramework_impl.java:167)
>>        org.apache.uima.UIMAFramework.<clinit>(UIMAFramework.java:1180)
>>        org.apache.uima.simpleserver.Service.<clinit>(Service.java:71)
>>
>>  org.apache.uima.simpleserver.servlet.SimpleServerServlet.init(SimpleServerServlet.java:229)
>>        javax.servlet.GenericServlet.init(GenericServlet.java:211)
>>        sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>>  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>
>>  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>        java.lang.reflect.Method.invoke(Method.java:616)
>>
>>  org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
>>        java.security.AccessController.doPrivileged(Native Method)
>>        javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
>>
>>  org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
>>
>>  org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
>>
>>  org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115)
>>
>>  org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>>
>>  org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>>
>>  org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
>>
>>  org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
>>
>>  org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>>
>>  org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>>
>>  org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>>
>>  org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
>>        java.lang.Thread.run(Thread.java:636)
>>
>>
>>
>> My guess is that I should explicitly grand some permicssions to the
>> Simple Rest Server via the various
>> /usr/share/tomcat5.5/conf/policy.d/*.policy files, but no matter what
>> I change, the SimpleRestServer stubbornly refuses to start up.
>>
>> In case that you have any idea of what might be going on, I would be
>> very happy to hear from you.
>>
>>
> On ubuntu, and debian too of course, tomcat runs with java security manager
> enabled by default.
> The simplest way is to disable it. Open the /etc/defautl/tomcat5.5 and set
> the variable to no
> ....
> # Use the Java security manager? (yes/no, default: yes)
> # WARNING: Do not disable the security manager unless you understand
> # the consequences!
> # NOTE: java-gcj-compat-dev currently doesn't support a security
> # manager.
> TOMCAT5_SECURITY=no
>
>
> The default file is the right place where to set JAVA_OPTS, such as heap or
> system properties.
> The policy file is generated at startup (/etc/init.d/tomcat5.5) :
> ....
>  # Create catalina.policy (for the security manager)
>
>                rm -f "$CATALINA_BASE/conf/catalina.policy"
>                umask 022
>                echo "// AUTO-GENERATED FILE -- DO NOT EDIT!" \
>                        > "$CATALINA_BASE/conf/catalina.policy"
>                echo "// Edit the files in /etc/tomcat5.5/policy.d/ instead"
> \
>                        >> "$CATALINA_BASE/conf/catalina.policy"
>                echo ""  >> "$CATALINA_BASE/conf/catalina.policy"
>                cat /etc/tomcat5.5/policy.d/*.policy \
>                        >> "$CATALINA_BASE/conf/catalina.policy"
>
>  ....
>
> I hope this will help you
> R.
>
>
> --
> Roberto Franchini
> http://www.celi.it
> http://www.blogmeter.it
> http://www.memesphere.it
> Tel +39-011-6600814
> jabber:ro.franchini@gmail.com
> <jabber%3Aro.franchini@gmail.com>skype:ro.franchini
>

Mime
View raw message