Using Tomcat Security Policy breaks RdbmsPolicy -----------------------------------------------
Key: JS2-205 URL: http://issues.apache.org/jira/browse/JS2-205 Project: Jetspeed 2 Type: Bug Components: Security Versions: 2.0-M2 Reporter: David Sean Taylor Assigned to: David Sean Taylor Fix For: 2.0-M2 I set my Tomcat Security policy to: grant { permission java.security.AllPermission; }; Start Tomcat 5.0.31 as: catalina run -security And it gets a stack overflow from recursive loop in policy setup: at java.security.AccessController.checkPermission(AccessController.java: 401) at java.lang.SecurityManager.checkPermission(SecurityManager.java:524) at javax.security.auth.Subject.getSubject(Subject.java:251) at org.apache.jetspeed.security.impl.RdbmsPolicy.getPermissions(RdbmsPol icy.java:90) at java.security.Policy.getPermissions(Policy.java:343) at java.security.Policy.implies(Policy.java:397) at java.security.ProtectionDomain.implies(ProtectionDomain.java:189) at java.security.AccessControlContext.checkPermission(AccessControlConte As an interim fix, if you don't need the Rdbms Policy, In the jetspeed-spring.xml, comment out: <!-- Security: RDBMS Policy implementation for JAAS --> <!-- <bean id="org.apache.jetspeed.security.impl.RdbmsPolicy" class="org.apache.jetspeed.security.impl.RdbmsPolicy" > <constructor-arg ><ref bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg> </bean> --> <!-- Security: Authorization Provider --> <!-- <bean id="org.apache.jetspeed.security.AuthorizationProvider" class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl" > <constructor-arg ><ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg> </bean> --> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]