https://issues.apache.org/bugzilla/show_bug.cgi?id=53368
Priority: P2
Bug ID: 53368
Assignee: dev@tomcat.apache.org
Summary: Running with SecurityManager: WebSocket examples need
accessClassInPackage permission
Severity: minor
Classification: Unclassified
OS: Windows XP
Reporter: knst.koli...@gmail.com
Hardware: PC
Status: NEW
Version: 7.0.27
Component: Catalina
Product: Tomcat 7
WebSocket examples fail to work if Tomcat 7 is run with SecurityManager
enabled.
They start to work correctly with the following change the policy file:
Index: catalina.policy
===================================================================
--- catalina.policy (revision 1346679)
+++ catalina.policy (working copy)
@@ -188,6 +188,7 @@
// Applications using Comet need to be able to access this package
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.comet";
+ permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.websocket";
};
Steps to reproduce:
1. Start "catalina.bat start -security"
2. Go to "Echo" websocket example:
http://localhost:8080/examples/websocket/echo.html
3. Click "(.) streams", then click "[Connect]" button.
Expected: The following message in "console" area:
Info: WebSocket connection opened.
Actual: The following message is printed:
Info: WebSocket connection closed.
The following exception is written to catalina*.log:
[[[
06.06.2012 4:54:20 org.apache.catalina.loader.WebappClassLoader findClass
WARNING: WebappClassLoader.findClassInternal(websocket.echo.EchoStream)
security exception: access denied (java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina.websocket)
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina.websocket)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at
java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
at java.lang.ClassLoader$1.run(ClassLoader.java:330)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:328)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2889)
at
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1170)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1678)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1556)
at
org.apache.catalina.core.StandardWrapper.servletSecurityAnnotationScan(StandardWrapper.java:1215)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:461)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:573)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
]]]
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
