On Sun, 2008-01-06 at 11:43 +0000, [EMAIL PROTECTED] wrote:
> // These permissions apply to the logging API
> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
> - permission java.security.AllPermission;
> + permission java.util.PropertyPermission
> "java.util.logging.config.class", "read";
> + permission java.util.PropertyPermission
> "java.util.logging.config.file", "read";
> + permission java.lang.RuntimePermission "shutdownHooks";
> + permission java.io.FilePermission
> "${catalina.base}${file.separator}conf${file.separator}logging.properties",
> "read";
> + permission java.util.PropertyPermission "catalina.base", "read";
> + permission java.util.logging.LoggingPermission "control";
> + permission java.io.FilePermission
> "${catalina.base}${file.separator}logs", "read, write";
> + permission java.io.FilePermission
> "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
> + permission java.lang.RuntimePermission "getClassLoader";
> + // To enable per context logging configuration, permit read access
> to the appropriate file.
> + // Be sure that the logging configuration is secure before enabling
> such access
> + // eg for the examples web application:
> + // permission java.io.FilePermission
> "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
> "read";
> };
On my platform [Linux + IcedTea], with the new policy in place, I get an
error initializing a timestamp used by the FileHandler (why such a class
ends up using a file like this is a mystery):
Handler error
java.lang.NullPointerException
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:330)
at
java.security.AccessController.checkPermission(AccessController.java:556)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:550)
at java.lang.SecurityManager.checkRead(SecurityManager.java:889)
at java.io.File.exists(File.java:749)
at
sun.util.calendar.ZoneInfoFile.readZoneInfoFile(ZoneInfoFile.java:1034)
at
sun.util.calendar.ZoneInfoFile.createZoneInfo(ZoneInfoFile.java:575)
at
sun.util.calendar.ZoneInfoFile.getZoneInfo(ZoneInfoFile.java:545)
at sun.util.calendar.ZoneInfo.getTimeZone(ZoneInfo.java:600)
at java.util.TimeZone.getTimeZone(TimeZone.java:487)
at java.util.TimeZone.setDefaultZone(TimeZone.java:584)
at java.util.TimeZone.getDefaultRef(TimeZone.java:551)
at java.util.Date.normalize(Date.java:1194)
at java.util.Date.getYear(Date.java:650)
at java.sql.Timestamp.toString(Timestamp.java:291)
at org.apache.juli.FileHandler.configure(FileHandler.java:189)
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
