[ http://jira.jboss.com/jira/browse/JBAS-1516?page=history ]
Scott M Stark moved JBWEB-13 to JBAS-1516:
------------------------------------------
Project: JBoss Application Server (was: JBoss Web)
Key: JBAS-1516 (was: JBWEB-13)
Component: Web (Tomcat) service
(was: Tomcat)
Version: JBossAS-4.0.1 SP1
JBossAS-4.0.1 Final
JBossAS-3.2.7 Final
(was: JBossWeb-4.0.1)
Fix Version: JBossAS-4.0.2 Final
JBossAS-5.0 Alpha
JBossAS-3.2.8 Final
Security Level: Public
> Tomcat5: StandardContext getConfigBase tries to create a directory
> ------------------------------------------------------------------
>
> Key: JBAS-1516
> URL: http://jira.jboss.com/jira/browse/JBAS-1516
> Project: JBoss Application Server
> Type: Bug
> Components: Web (Tomcat) service
> Versions: JBossAS-4.0.1 Final, JBossAS-3.2.7 Final, JBossAS-4.0.1 SP1
> Environment: JBoss 4.0.1sp1, Solaris8
> Reporter: Roland R?z
> Assignee: Remy Maucherat
> Priority: Minor
> Fix For: JBossAS-5.0 Alpha, JBossAS-4.0.2 Final, JBossAS-3.2.8 Final
>
> Original Estimate: 10 minutes
> Remaining: 10 minutes
>
> Hello,
> Just to explain you the circumstances why this request has arised.
> I try to secure JBoss with a java security policy. The policy should prevent
> somebody from writing in the JBoss installation directory.
> For this reason I set a File permission that allows only reading on the
> JBoss installation directory.
> It looks like this
> grant {
> permission java.io.FilePermission "${jboss.home.dir}/-", "read";
> ...
> };
> Now when I start JBoss and deploy a War file I receive the following
> AccessPermissionException
> Caused by: java.security.AccessControlException: access denied
> (java.io.FilePermission
> /opt/jboss/4.0.1/server/myserver/conf/jboss.web/localhost write)
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
> at java.security.AccessController.checkPermission(AccessController.java:401)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
> at java.lang.SecurityManager.checkWrite(SecurityManager.java:954)
> at java.io.File.mkdir(File.java:1097)
> at java.io.File.mkdirs(File.java:1122)
> at
> org.apache.catalina.core.StandardContext.getConfigBase(StandardContext.java:4858)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4071)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
> at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:805)
> at org.a
> pache.catalina.core.StandardHost.addChild(StandardHost.java:595)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at org.apache.commons.modeler.BaseModelMBean.invoke(BaseModelMBean.java:503)
> ... 152 more
> The method that creates the Exception looks like this
> private File org.apache.catalina.core.StandardContext#getConfigBase()
> {
> File configBase = new File(System.getProperty("catalina.base"),
> "conf");
> if(!configBase.exists())
> return null;
> Container container = this;
> Container host = null;
> Container engine = null;
> for(; container != null; container = container.getParent())
> {
> if(container instanceof Host)
> host = container;
> if(container instanceof Engine)
> engine = container;
> }
> if(engine != null)
> configBase = new File(configBase, engine.getName());
> if(host != null)
> configBase = new File(configBase, host.getName());
> configBase.mkdirs(); // here it crashes
> return configBase;
> }
> JBoss sets the saveConfig Flag of the StandardContext to false.
> (see TomcatDeployer#performDeployInternal)
> configBase.mkdirs() should only be invoked if the saveConfig Flag is set to
> true.
> Regards
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-Development mailing list
JBoss-Development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-development
