https://issues.apache.org/bugzilla/show_bug.cgi?id=57152

            Bug ID: 57152
           Summary: Tomcat Manager cannot start with security manager
                    enabled
           Product: Tomcat 7
           Version: 7.0.50
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Manager
          Assignee: dev@tomcat.apache.org
          Reporter: joegreen+bugzi...@joegreen.pl

The bug is easy to reproduce: just download Tomcat and start it using
./catalina.bat -security  
or
./catalina.sh -security


The Tomcat Manager web application throws an exception. I checked a few
versions and it looks like it works correctly (Tomcat Manager starts with
security manager enabled) in versions below 7.0.50 and it doesn't work in
7.0.50 and later. 

I checked in on windows as well as in linux. We use RMI in our webapp and we
need the security manager to run it. 

Giving all permissions in security policy doesn't seem to help:
grant {
  permission java.security.AllPermission;
};


Stack trace:
INFO: Deploying web application directory
C:\Users\joegreen\Desktop\apache-tomcat-7.0.50\webapps\host-manager
paź 27, 2014 4:34:57 PM org.apache.catalina.startup.HostConfig deployDirectory
SEVERE: The web application with context path [/host-manager] was not deployed
because it contained a deployment descriptor
[C:\Users\joegreen\Desktop\apache-tomcat-7.0.50\webapps\host-manager\META-INF\context.xml]
which may include configuration necessary for the secure deployment of the
application but processing of deployment descriptors is prevented by the
deployXML setting of this host. An appropriate descriptor should be created at
[C:\Users\joegreen\Desktop\apache-tomcat-7.0.50\conf\Catalina\localhost\host-manager.xml]
to deploy this application.
paź 27, 2014 4:34:57 PM org.apache.catalina.core.ContainerBase addChildInternal
SEVERE: ContainerBase.addChild: start: 
org.apache.catalina.LifecycleException: Failed to start component
[/host-manager]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
    at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
    at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
    at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
    at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:634)
    at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1230)
    at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1876)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)
Caused by: org.apache.catalina.LifecycleException: Failed to process either the
global, per-host or context-specific context.xml file therefore the
[/host-manager] Context cannot be started.
    at
org.apache.catalina.startup.FailedContext.startInternal(FailedContext.java:158)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    ... 14 more

paź 27, 2014 4:34:57 PM org.apache.catalina.startup.HostConfig deployDirectory
SEVERE: Error deploying web application directory
C:\Users\joegreen\Desktop\apache-tomcat-7.0.50\webapps\host-manager
java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component
[/host-manager]
    at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:904)
    at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
    at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
    at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:634)
    at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1230)
    at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1876)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)

paź 27, 2014 4:34:57 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory
C:\Users\joegreen\Desktop\apache-tomcat-7.0.50\webapps\manager
paź 27, 2014 4:34:57 PM org.apache.catalina.startup.HostConfig deployDirectory
SEVERE: The web application with context path [/manager] was not deployed
because it contained a deployment descriptor
[C:\Users\joegreen\Desktop\apache-tomcat-7.0.50\webapps\manager\META-INF\context.xml]
which may include configuration necessary for the secure deployment of the
application but processing of deployment descriptors is prevented by the
deployXML setting of this host. An appropriate descriptor should be created at
[C:\Users\joegreen\Desktop\apache-tomcat-7.0.50\conf\Catalina\localhost\manager.xml]
to deploy this application.
paź 27, 2014 4:34:57 PM org.apache.catalina.core.ContainerBase addChildInternal
SEVERE: ContainerBase.addChild: start: 
org.apache.catalina.LifecycleException: Failed to start component [/manager]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
    at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
    at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
    at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
    at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:634)
    at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1230)
    at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1876)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)
Caused by: org.apache.catalina.LifecycleException: Failed to process either the
global, per-host or context-specific context.xml file therefore the [/manager]
Context cannot be started.
    at
org.apache.catalina.startup.FailedContext.startInternal(FailedContext.java:158)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    ... 14 more

paź 27, 2014 4:34:57 PM org.apache.catalina.startup.HostConfig deployDirectory
SEVERE: Error deploying web application directory
C:\Users\joegreen\Desktop\apache-tomcat-7.0.50\webapps\manager
java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component [/manager]
    at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:904)
    at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
    at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
    at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:634)
    at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1230)
    at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1876)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)

paź 27, 2014 4:34:57 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory
C:\Users\joegreen\Desktop\apache-tomcat-7.0.50\webapps\ROOT
paź 27, 2014 4:34:58 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-apr-8080"]
paź 27, 2014 4:34:58 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-apr-8009"]
paź 27, 2014 4:34:58 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1591 ms

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to