[ http://jira.jboss.com/jira/browse/JBAS-1516?page=history ]

Scott M Stark moved JBWEB-13 to JBAS-1516:
------------------------------------------

           Project: JBoss Application Server  (was: JBoss Web)
               Key: JBAS-1516  (was: JBWEB-13)
         Component: Web (Tomcat) service
                        (was: Tomcat)
           Version:  JBossAS-4.0.1 SP1
                    JBossAS-4.0.1 Final
                     JBossAS-3.2.7 Final
                        (was:  JBossWeb-4.0.1)
       Fix Version: JBossAS-4.0.2 Final
                    JBossAS-5.0 Alpha
                     JBossAS-3.2.8 Final
    Security Level: Public

> Tomcat5: StandardContext getConfigBase tries to create a directory
> ------------------------------------------------------------------
>
>          Key: JBAS-1516
>          URL: http://jira.jboss.com/jira/browse/JBAS-1516
>      Project: JBoss Application Server
>         Type: Bug
>   Components: Web (Tomcat) service
>     Versions: JBossAS-4.0.1 Final,  JBossAS-3.2.7 Final,  JBossAS-4.0.1 SP1
>  Environment: JBoss 4.0.1sp1, Solaris8
>     Reporter: Roland R?z
>     Assignee: Remy Maucherat
>     Priority: Minor
>      Fix For: JBossAS-5.0 Alpha, JBossAS-4.0.2 Final,  JBossAS-3.2.8 Final

>
> Original Estimate: 10 minutes
>         Remaining: 10 minutes
>
> Hello,
> Just to explain you the circumstances why this request has arised.
> I try to secure JBoss with a java security policy. The policy should prevent
> somebody from writing in the JBoss installation directory.
> For this reason I set a File permission that allows only reading on the 
> JBoss installation directory.
> It looks like this
> grant {
>       permission java.io.FilePermission "${jboss.home.dir}/-", "read";
> ...
> };
> Now when I start JBoss and deploy a War file I receive the following 
> AccessPermissionException
>  Caused by: java.security.AccessControlException: access denied 
> (java.io.FilePermission 
> /opt/jboss/4.0.1/server/myserver/conf/jboss.web/localhost write)
> at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
> at java.security.AccessController.checkPermission(AccessController.java:401)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
> at java.lang.SecurityManager.checkWrite(SecurityManager.java:954)
> at java.io.File.mkdir(File.java:1097)
> at java.io.File.mkdirs(File.java:1122)
> at 
> org.apache.catalina.core.StandardContext.getConfigBase(StandardContext.java:4858)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4071)
> at 
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
> at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
> at 
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:805)
> at org.a
> pache.catalina.core.StandardHost.addChild(StandardHost.java:595)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at org.apache.commons.modeler.BaseModelMBean.invoke(BaseModelMBean.java:503)
> ... 152 more
> The method that creates the Exception looks like this
>  private File org.apache.catalina.core.StandardContext#getConfigBase()
>     {
>         File configBase = new File(System.getProperty("catalina.base"), 
> "conf");
>         if(!configBase.exists())
>             return null;
>         Container container = this;
>         Container host = null;
>         Container engine = null;
>         for(; container != null; container = container.getParent())
>         {
>             if(container instanceof Host)
>                 host = container;
>             if(container instanceof Engine)
>                 engine = container;
>         }
>         if(engine != null)
>             configBase = new File(configBase, engine.getName());
>         if(host != null)
>             configBase = new File(configBase, host.getName());
>         configBase.mkdirs();  // here it crashes
>         return configBase;
>     }
> JBoss sets the saveConfig Flag of the StandardContext to false.
> (see TomcatDeployer#performDeployInternal)
> configBase.mkdirs() should only be invoked if the saveConfig Flag is set to 
> true.
> Regards

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.jboss.com/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-Development mailing list
JBoss-Development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to