On Sun, 2008-01-06 at 11:43 +0000, [EMAIL PROTECTED] wrote: > // These permissions apply to the logging API > grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { > - permission java.security.AllPermission; > + permission java.util.PropertyPermission > "java.util.logging.config.class", "read"; > + permission java.util.PropertyPermission > "java.util.logging.config.file", "read"; > + permission java.lang.RuntimePermission "shutdownHooks"; > + permission java.io.FilePermission > "${catalina.base}${file.separator}conf${file.separator}logging.properties", > "read"; > + permission java.util.PropertyPermission "catalina.base", "read"; > + permission java.util.logging.LoggingPermission "control"; > + permission java.io.FilePermission > "${catalina.base}${file.separator}logs", "read, write"; > + permission java.io.FilePermission > "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; > + permission java.lang.RuntimePermission "getClassLoader"; > + // To enable per context logging configuration, permit read access > to the appropriate file. > + // Be sure that the logging configuration is secure before enabling > such access > + // eg for the examples web application: > + // permission java.io.FilePermission > "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", > "read"; > };
On my platform [Linux + IcedTea], with the new policy in place, I get an error initializing a timestamp used by the FileHandler (why such a class ends up using a file like this is a mystery): Handler error java.lang.NullPointerException at java.security.AccessControlContext.checkPermission(AccessControlContext.java:330) at java.security.AccessController.checkPermission(AccessController.java:556) at java.lang.SecurityManager.checkPermission(SecurityManager.java:550) at java.lang.SecurityManager.checkRead(SecurityManager.java:889) at java.io.File.exists(File.java:749) at sun.util.calendar.ZoneInfoFile.readZoneInfoFile(ZoneInfoFile.java:1034) at sun.util.calendar.ZoneInfoFile.createZoneInfo(ZoneInfoFile.java:575) at sun.util.calendar.ZoneInfoFile.getZoneInfo(ZoneInfoFile.java:545) at sun.util.calendar.ZoneInfo.getTimeZone(ZoneInfo.java:600) at java.util.TimeZone.getTimeZone(TimeZone.java:487) at java.util.TimeZone.setDefaultZone(TimeZone.java:584) at java.util.TimeZone.getDefaultRef(TimeZone.java:551) at java.util.Date.normalize(Date.java:1194) at java.util.Date.getYear(Date.java:650) at java.sql.Timestamp.toString(Timestamp.java:291) at org.apache.juli.FileHandler.configure(FileHandler.java:189) Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]