Tomcat 9.0 with security manager reports access denied

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Tomcat 9.0 with security manager reports access denied

Kai Hofmann
Hello,

I try to activate the security manager for my own Application within
Tomcat 9.0.x. The problem ist that I got 2 different access denied's
that should (from my point of view) not happen. So this might be a bug -
but I am not 100% sure.

To make a long story short I have put all information into a
stackoverflow question:

https://stackoverflow.com/questions/54254003/tomcat-9-0-with-security-manager-reports-access-denied

Maybe someone could help me with this problem?

Thanks in advance

  Kai

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Tomcat 9.0 with security manager reports access denied

Mark Thomas-2
On 24/01/2019 12:19, Kai Hofmann wrote:

> Hello,
>
> I try to activate the security manager for my own Application within
> Tomcat 9.0.x. The problem ist that I got 2 different access denied's
> that should (from my point of view) not happen. So this might be a bug -
> but I am not 100% sure.
>
> To make a long story short I have put all information into a
> stackoverflow question:
>
> https://stackoverflow.com/questions/54254003/tomcat-9-0-with-security-manager-reports-access-denied
>
> Maybe someone could help me with this problem?

Strange.

The failures might be related to running as a Windows service but I
don't immediately see how. I wonder if there is a configuration issue.

I ran a similar test locally on Linux and I don't see those failures. I
did see a couple of other minor issues that I am in the process of fixing.

Once I've finished fixing the issues I can see on Linux, I'll install
the latest 9.0.x code as a Windows service and see if I can reproduce
any of those failures.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Tomcat 9.0 with security manager reports access denied

Mark Thomas-2
On 25/01/2019 11:12, Mark Thomas wrote:

> On 24/01/2019 12:19, Kai Hofmann wrote:
>> Hello,
>>
>> I try to activate the security manager for my own Application within
>> Tomcat 9.0.x. The problem ist that I got 2 different access denied's
>> that should (from my point of view) not happen. So this might be a bug -
>> but I am not 100% sure.
>>
>> To make a long story short I have put all information into a
>> stackoverflow question:
>>
>> https://stackoverflow.com/questions/54254003/tomcat-9-0-with-security-manager-reports-access-denied
>>
>> Maybe someone could help me with this problem?
>
> Strange.
>
> The failures might be related to running as a Windows service but I
> don't immediately see how. I wonder if there is a configuration issue.
>
> I ran a similar test locally on Linux and I don't see those failures. I
> did see a couple of other minor issues that I am in the process of fixing.
>
> Once I've finished fixing the issues I can see on Linux, I'll install
> the latest 9.0.x code as a Windows service and see if I can reproduce
> any of those failures.

I see some additional instances of "denied" but not the ones you saw,

I did notice that the security policy file was not configured correctly.
"==" is required when setting catalina.policy

I'll look into getting the additional failures I've observed fixed but
it would help if you could provide the steps to reproduce the failures
you see from a clean Tomcat install.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Tomcat 9.0 with security manager reports access denied

Mark Thomas-2
On 25/01/2019 20:34, Mark Thomas wrote:

> On 25/01/2019 11:12, Mark Thomas wrote:
>> On 24/01/2019 12:19, Kai Hofmann wrote:
>>> Hello,
>>>
>>> I try to activate the security manager for my own Application within
>>> Tomcat 9.0.x. The problem ist that I got 2 different access denied's
>>> that should (from my point of view) not happen. So this might be a bug -
>>> but I am not 100% sure.
>>>
>>> To make a long story short I have put all information into a
>>> stackoverflow question:
>>>
>>> https://stackoverflow.com/questions/54254003/tomcat-9-0-with-security-manager-reports-access-denied
>>>
>>> Maybe someone could help me with this problem?
>>
>> Strange.
>>
>> The failures might be related to running as a Windows service but I
>> don't immediately see how. I wonder if there is a configuration issue.
>>
>> I ran a similar test locally on Linux and I don't see those failures. I
>> did see a couple of other minor issues that I am in the process of fixing.
>>
>> Once I've finished fixing the issues I can see on Linux, I'll install
>> the latest 9.0.x code as a Windows service and see if I can reproduce
>> any of those failures.
>
> I see some additional instances of "denied" but not the ones you saw,
>
> I did notice that the security policy file was not configured correctly.
> "==" is required when setting catalina.policy
>
> I'll look into getting the additional failures I've observed fixed but
> it would help if you could provide the steps to reproduce the failures
> you see from a clean Tomcat install.

The additional failures are expected. java.beans.Introspector is trying
to load classes that don't exist and they fail.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Tomcat 9.0 with security manager reports access denied

Kai Hofmann
Am 25.01.2019 um 21:58 schrieb Mark Thomas:

> On 25/01/2019 20:34, Mark Thomas wrote:
>> On 25/01/2019 11:12, Mark Thomas wrote:
>>> On 24/01/2019 12:19, Kai Hofmann wrote:
>>>> Hello,
>>>>
>>>> I try to activate the security manager for my own Application within
>>>> Tomcat 9.0.x. The problem ist that I got 2 different access denied's
>>>> that should (from my point of view) not happen. So this might be a bug -
>>>> but I am not 100% sure.
>>>>
>>>> To make a long story short I have put all information into a
>>>> stackoverflow question:
>>>>
>>>> https://stackoverflow.com/questions/54254003/tomcat-9-0-with-security-manager-reports-access-denied
>>>>
>>>> Maybe someone could help me with this problem?
>>>
>>> Strange.
>>>
>>> The failures might be related to running as a Windows service but I
>>> don't immediately see how. I wonder if there is a configuration issue.
>>>
>>> I ran a similar test locally on Linux and I don't see those failures. I
>>> did see a couple of other minor issues that I am in the process of fixing.
>>>
>>> Once I've finished fixing the issues I can see on Linux, I'll install
>>> the latest 9.0.x code as a Windows service and see if I can reproduce
>>> any of those failures.
>>
>> I see some additional instances of "denied" but not the ones you saw,
>>
>> I did notice that the security policy file was not configured correctly.
>> "==" is required when setting catalina.policy
>>
>> I'll look into getting the additional failures I've observed fixed but
>> it would help if you could provide the steps to reproduce the failures
>> you see from a clean Tomcat install.
>
> The additional failures are expected. java.beans.Introspector is trying
> to load classes that don't exist and they fail.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

Dear Mark,

thanks for the hint with the '==' for the catalina.policy definition.
This fixed one of my exceptions.

The seconds exception could then be fixed with adding

permission java.util.PropertyPermission
"org.apache.juli.logging.UserDataHelper.CONFIG", "read";

to the policies.

So every thing works here on windows as service ;-)

Greetings

  PowerStat


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]