https://issues.apache.org/bugzilla/show_bug.cgi?id=53368
Priority: P2 Bug ID: 53368 Assignee: dev@tomcat.apache.org Summary: Running with SecurityManager: WebSocket examples need accessClassInPackage permission Severity: minor Classification: Unclassified OS: Windows XP Reporter: knst.koli...@gmail.com Hardware: PC Status: NEW Version: 7.0.27 Component: Catalina Product: Tomcat 7 WebSocket examples fail to work if Tomcat 7 is run with SecurityManager enabled. They start to work correctly with the following change the policy file: Index: catalina.policy =================================================================== --- catalina.policy (revision 1346679) +++ catalina.policy (working copy) @@ -188,6 +188,7 @@ // Applications using Comet need to be able to access this package permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.websocket"; }; Steps to reproduce: 1. Start "catalina.bat start -security" 2. Go to "Echo" websocket example: http://localhost:8080/examples/websocket/echo.html 3. Click "(.) streams", then click "[Connect]" button. Expected: The following message in "console" area: Info: WebSocket connection opened. Actual: The following message is printed: Info: WebSocket connection closed. The following exception is written to catalina*.log: [[[ 06.06.2012 4:54:20 org.apache.catalina.loader.WebappClassLoader findClass WARNING: WebappClassLoader.findClassInternal(websocket.echo.EchoStream) security exception: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.websocket) java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.websocket) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.ClassLoader$1.run(ClassLoader.java:330) at java.security.AccessController.doPrivileged(Native Method) at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:328) at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631) at java.lang.ClassLoader.defineClass(ClassLoader.java:615) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141) at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2889) at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1170) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1678) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1556) at org.apache.catalina.core.StandardWrapper.servletSecurityAnnotationScan(StandardWrapper.java:1215) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:461) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:573) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) ]]] -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org