Security Manager

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Security Manager

George Sexton-2
I tried running 5.5.14 with -security specified and got this error:

Using Security Manager
Listening for transport dt_socket at address: 7100
Could not load Logmanager "org.apache.juli.ClassLoaderLogManager"
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
 shutdownHooks)
        at
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:264)
        at
java.security.AccessController.checkPermission(AccessController.java:
427)
        at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)


My solution was to add:

grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.security.AllPermission;
};

To the catalina.policy file. Is this correct?

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Security Manager

George Sexton-2
It also seems to me the policy file should have:

grant codeBase "file:${catalina.base}/shared/-" {
        permission java.security.AllPermission;
};

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
 

> -----Original Message-----
> From: George Sexton [mailto:[hidden email]]
> Sent: Friday, January 20, 2006 11:14 AM
> To: 'Tomcat Developers List'
> Subject: Security Manager
>
> I tried running 5.5.14 with -security specified and got this error:
>
> Using Security Manager
> Listening for transport dt_socket at address: 7100
> Could not load Logmanager "org.apache.juli.ClassLoaderLogManager"
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission
>  shutdownHooks)
>         at
> java.security.AccessControlContext.checkPermission(AccessControlConte
> xt.java:264)
>         at
> java.security.AccessController.checkPermission(AccessController.java:
> 427)
>         at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>
>
> My solution was to add:
>
> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
>         permission java.security.AllPermission;
> };
>
> To the catalina.policy file. Is this correct?
>
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
>  
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Security Manager

George Sexton-2
In reply to this post by George Sexton-2
It also seems to me the policy file should have:

grant codeBase "file:${catalina.base}/shared/-" {
        permission java.security.AllPermission;
};

And

permission java.util.PropertyPermission "java.io.tmpdir", "read";

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
 

> -----Original Message-----
> From: George Sexton [mailto:[hidden email]]
> Sent: Friday, January 20, 2006 11:14 AM
> To: 'Tomcat Developers List'
> Subject: Security Manager
>
> I tried running 5.5.14 with -security specified and got this error:
>
> Using Security Manager
> Listening for transport dt_socket at address: 7100
> Could not load Logmanager "org.apache.juli.ClassLoaderLogManager"
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission
>  shutdownHooks)
>         at
> java.security.AccessControlContext.checkPermission(AccessControlConte
> xt.java:264)
>         at
> java.security.AccessController.checkPermission(AccessController.java:
> 427)
>         at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>
>
> My solution was to add:
>
> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
>         permission java.security.AllPermission;
> };
>
> To the catalina.policy file. Is this correct?
>
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
>  
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Security Manager

George Sexton-2
In reply to this post by George Sexton-2
Yet more. It seems by specification (SRV.3.7.1)

grant {
  permission java.io.FilePermission "${catalina.base}/temp/-", "read,
write","delete";
  permission java.util.PropertyPermission "javax.servlet.context.tempdir",
"read";
};

Really should be set so.

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
 

> -----Original Message-----
> From: George Sexton [mailto:[hidden email]]
> Sent: Friday, January 20, 2006 11:14 AM
> To: 'Tomcat Developers List'
> Subject: Security Manager
>
> I tried running 5.5.14 with -security specified and got this error:
>
> Using Security Manager
> Listening for transport dt_socket at address: 7100
> Could not load Logmanager "org.apache.juli.ClassLoaderLogManager"
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission
>  shutdownHooks)
>         at
> java.security.AccessControlContext.checkPermission(AccessControlConte
> xt.java:264)
>         at
> java.security.AccessController.checkPermission(AccessController.java:
> 427)
>         at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>
>
> My solution was to add:
>
> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
>         permission java.security.AllPermission;
> };
>
> To the catalina.policy file. Is this correct?
>
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
>  
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]