subject:"\[Stripes\-users\] catalina.policy file in Tomcat with security manager"

Re: [Stripes-users] catalina.policy file in Tomcat with security manager

2009-08-12 Thread Levi Hoogenberg


Hello,

this is caused by the fact that Stripes performs a  
System.getProperties() call  the StripesFilter. There are two ways  
around it:

- subclass StripesFilter to avoid the call;
- edit your security settings to allow the call. I'm no  
SecurityManager expert, but the line you need probably needs a  
wildcard (*).


  Levi

Op 12 aug 2009 om 19:34 heeft JiangHongTiao jianghongt...@gmail.com  
het volgende geschreven:\



Hi,
please, is there anybody who is using Tomcat with security manager  
turned on and can send me content of catalina.policy file? Because  
of my application is working without Security manager. But when I  
turn it on, my application throws an error. After days of googling I  
cannot find solution. Please, help. Thanks a lot.


  jht

My catalina.policy file and Tomcat log:

// == SYSTEM CODE PERMISSIONS  
=



// These permissions apply to javac
grant codeBase file:${java.home}/lib/- {
permission java.security.AllPermission;
};

// These permissions apply to all shared system extensions
grant codeBase file:${java.home}/jre/lib/ext/- {
permission java.security.AllPermission;
};

// These permissions apply to javac when ${java.home] points at  
$JAVA_HOME/jre

grant codeBase file:${java.home}/../lib/- {
permission java.security.AllPermission;
};

// These permissions apply to all shared system extensions when
// ${java.home} points at $JAVA_HOME/jre
grant codeBase file:${java.home}/lib/ext/- {
permission java.security.AllPermission;
};


// == CATALINA CODE PERMISSIONS  
===



// These permissions apply to the daemon code
grant codeBase file:${catalina.home}/bin/commons-daemon.jar {
permission java.security.AllPermission;
};

// These permissions apply to the logging API
grant codeBase file:${catalina.home}/bin/tomcat-juli.jar {
permission java.util.PropertyPermission  
java.util.logging.config.class, read;
permission java.util.PropertyPermission  
java.util.logging.config.file, read;
permission java.io.FilePermission ${java.home}$ 
{file.separator}lib${file.separator}logging.properties, read;

permission java.lang.RuntimePermission shutdownHooks;
permission java.io.FilePermission ${catalina.base}$ 
{file.separator}conf${file.separator}logging.properties, read;
permission java.util.PropertyPermission catalina.base,  
read;

permission java.util.logging.LoggingPermission control;
permission java.io.FilePermission ${catalina.base}$ 
{file.separator}logs, read, write;
permission java.io.FilePermission ${catalina.base}$ 
{file.separator}logs${file.separator}*, read, write;

permission java.lang.RuntimePermission getClassLoader;
// To enable per context logging configuration, permit read  
access to the appropriate file.
// Be sure that the logging configuration is secure before  
enabling such access

// eg for the examples web application:
// permission java.io.FilePermission ${catalina.base}$ 
{file.separator}webapps${file.separator}examples${file.separator}WEB- 
INF${file.separator}classes${file.separator}logging.properties,  
read;

};

// These permissions apply to the server startup code
grant codeBase file:${catalina.home}/bin/bootstrap.jar {
permission java.security.AllPermission;
};

// These permissions apply to the servlet API classes
// and those that are shared across all class loaders
// located in the lib directory
grant codeBase file:${catalina.home}/lib/- {
permission java.security.AllPermission;
};


// == WEB APPLICATION PERMISSIONS  
=



// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document  
root.

grant {
// Required for JNDI lookup of named JDBC DataSource's and
// javamail named MimePart DataSource used to send mail
permission java.util.PropertyPermission java.home, read;
permission java.util.PropertyPermission java.naming.*, read;
permission java.util.PropertyPermission javax.sql.*, read;

// OS Specific properties to allow read access
permission java.util.PropertyPermission os.name, read;
permission java.util.PropertyPermission os.version, read;
permission java.util.PropertyPermission os.arch, read;
permission java.util.PropertyPermission file.separator, read;
permission java.util.PropertyPermission path.separator, read;
permission java.util.PropertyPermission line.separator, read;

// JVM properties to allow read access
permission java.util.PropertyPermission java.version, read;
permission java.util.PropertyPermission java.vendor, read;
permission java.util.PropertyPermission java.vendor.url, read;
permission java.util.PropertyPermission

Re: [Stripes-users] catalina.policy file in Tomcat with security manager

2009-08-12 Thread Levi Hoogenberg

A few corrections to my previous mail: the offending line is a
System.getProperty(...) call and is done by the BootstrapPropertyResolver.
So that's the class to subclass (and configure) if you would like to
override the behaviour.

On Wed, Aug 12, 2009 at 8:25 PM, Levi Hoogenberg
levihoogenb...@gmail.comwrote:

 Hello,

 this is caused by the fact that Stripes performs a System.getProperties()
 call  the StripesFilter. There are two ways around it:
 - subclass StripesFilter to avoid the call;
 - edit your security settings to allow the call. I'm no SecurityManager
 expert, but the line you need probably needs a wildcard (*).

   Levi

 Op 12 aug 2009 om 19:34 heeft JiangHongTiao jianghongt...@gmail.com het
 volgende geschreven:\

 Hi,
 please, is there anybody who is using Tomcat with security manager turned
 on and can send me content of catalina.policy file? Because of my
 application is working without Security manager. But when I turn it on, my
 application throws an error. After days of googling I cannot find solution.
 Please, help. Thanks a lot.

   jht

 My catalina.policy file and Tomcat log:

 *// == SYSTEM CODE PERMISSIONS
 =*


 *// These permissions apply to javac*
 *grant codeBase file:${java.home}/lib/- {*
 *permission java.security.AllPermission;*
 *};*

 *// These permissions apply to all shared system extensions*
 *grant codeBase file:${java.home}/jre/lib/ext/- {*
 *permission java.security.AllPermission;*
 *};*

 *// These permissions apply to javac when ${java.home] points at
 $JAVA_HOME/jre*
 *grant codeBase file:${java.home}/../lib/- {*
 *permission java.security.AllPermission;*
 *};*

 *// These permissions apply to all shared system extensions when*
 *// ${java.home} points at $JAVA_HOME/jre*
 *grant codeBase file:${java.home}/lib/ext/- {*
 *permission java.security.AllPermission;*
 *};*


 *// == CATALINA CODE PERMISSIONS
 ===*


 *// These permissions apply to the daemon code*
 *grant codeBase file:${catalina.home}/bin/commons-daemon.jar {*
 *permission java.security.AllPermission;*
 *};*

 *// These permissions apply to the logging API*
 *grant codeBase file:${catalina.home}/bin/tomcat-juli.jar {*
 *permission java.util.PropertyPermission
 java.util.logging.config.class, read;*
 *permission java.util.PropertyPermission
 java.util.logging.config.file, read;*
 *permission java.io.FilePermission
 ${java.home}${file.separator}lib${file.separator}logging.properties,
 read; *
 *permission java.lang.RuntimePermission shutdownHooks;*
 *permission java.io.FilePermission
 ${catalina.base}${file.separator}conf${file.separator}logging.properties,
 read;*
 *permission java.util.PropertyPermission catalina.base, read;*
 *permission java.util.logging.LoggingPermission control;*
 *permission java.io.FilePermission
 ${catalina.base}${file.separator}logs, read, write;*
 *permission java.io.FilePermission
 ${catalina.base}${file.separator}logs${file.separator}*, read, write;*
 *permission java.lang.RuntimePermission getClassLoader;*
 *// To enable per context logging configuration, permit read
 access to the appropriate file.*
 *// Be sure that the logging configuration is secure before
 enabling such access*
 *// eg for the examples web application:*
 *// permission java.io.FilePermission
 ${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties,
 read;*
 *};*

 *// These permissions apply to the server startup code*
 *grant codeBase file:${catalina.home}/bin/bootstrap.jar {*
 *permission java.security.AllPermission;*
 *};*

 *// These permissions apply to the servlet API classes*
 *// and those that are shared across all class loaders*
 *// located in the lib directory*
 *grant codeBase file:${catalina.home}/lib/- {*
 *permission java.security.AllPermission;*
 *};*


 *// == WEB APPLICATION PERMISSIONS
 =*


 *// These permissions are granted by default to all web applications*
 *// In addition, a web application will be given a read FilePermission*
 *// and JndiPermission for all files and directories in its document root.
 *
 *grant { *
 *// Required for JNDI lookup of named JDBC DataSource's and*
 *// javamail named MimePart DataSource used to send mail*
 *permission java.util.PropertyPermission java.home, read;*
 *permission java.util.PropertyPermission java.naming.*, read;*
 *permission java.util.PropertyPermission javax.sql.*, read;*

 *// OS Specific properties to allow read access*
 *permission java.util.PropertyPermission os.name, read;*
 *permission java.util.PropertyPermission os.version, read;*
 *permission java.util.PropertyPermission os.arch, read;*
 *

Re: [Stripes-users] catalina.policy file in Tomcat with security manager

Re: [Stripes-users] catalina.policy file in Tomcat with security manager

2 matches

Site Navigation

Mail list logo

Footer information