Re: Migration problem
On Sun, May 17, 2009 at 6:39 PM, Jean-Claude Moissinac wrote:
> Always stuck with the problem
> I can't find security settings which enable cocoon to access to all
> necessary files
>
to solve the problem
I go in
/tomcat5.5/conf/policy.d
I modify
04webapps.policy
to add
grant codeBase "file:/usr/share/tomcat5.5/webapps/cocoon.war" {
permission java.security.AllPermission;
};
yes, I know it's surely too permissive, but I don't find another
setting which works
-
To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org
For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
Always stuck with the problem I can't find security settings which enable cocoon to access to all necessary files On Thu, May 14, 2009 at 6:31 PM, Jean-Claude Moissinac wrote: > To manage this problem, i have found the file > 04webapps.policy > in the directory > /tomcat6/conf/policy.d > > and add the lines > permission java.util.PropertyPermission "org.apache.cocoon.settings", > "read"; > permission java.util.PropertyPermission "user.home", "read"; > > It changes the result, but not resolve the problem > I always have an exceuption on > java.util.PropertyPermission * read,write > and open the read and write to * seems to me a bit dangerous > But, if I do it, I have always exceptions... > > Standard security on Tomcat6 seems to block a lot of things necessary > for Cocoon to work > I will continue to investigate, but I suspect a lot of users of Cocoon > will have similar problems in the future > -- -- Jean-Claude Moissinac Signal and Image processing - Multimedia Group TELECOM ParisTech FRANCE E-mail: moissi...@telecom-paristech.fr Tel: (+33) 1.45.81.80.88 Fax: (+33) 1.45.81.71.58 http://videotoile.blogspot.com http://svgmpeg4.blogspot.com/ - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
To manage this problem, i have found the file 04webapps.policy in the directory /tomcat6/conf/policy.d and add the lines permission java.util.PropertyPermission "org.apache.cocoon.settings", "read"; permission java.util.PropertyPermission "user.home", "read"; It changes the result, but not resolve the problem I always have an exceuption on java.util.PropertyPermission * read,write and open the read and write to * seems to me a bit dangerous But, if I do it, I have always exceptions... Standard security on Tomcat6 seems to block a lot of things necessary for Cocoon to work I will continue to investigate, but I suspect a lot of users of Cocoon will have similar problems in the future - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
On 14.05.2009 15:41, Jean-Claude Moissinac wrote:
OK
I will investigate in that direction.
But it will help if I can find what cocoon is trying to write.
(I think, I'm not the first to use cocoon.war in tomcat on Ubuntu)
Looking at your stack trace it's
at java.lang.System.getProperty(System.java:669)
at org.apache.cocoon.util.PropertySettings.(PropertySettings.java:74)
// now read all properties from the properties directory
readProperties("context://WEB-INF/properties", resolver);
// read additional properties file
String additionalPropertyFile =
properties.containsKey(Settings.PROPERTY_USER_SETTINGS)
? (String)properties.get(Settings.PROPERTY_USER_SETTINGS)
: System.getProperty(Settings.PROPERTY_USER_SETTINGS);
It's not the file access troubling you but the access to system
properties (last line in code snippet). This is not a file system issue
but an issue with a configured SecurityManager which doesn't allow you
to access system properties.
Joerg
-
To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org
For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
OK I will investigate in that direction. But it will help if I can find what cocoon is trying to write. (I think, I'm not the first to use cocoon.war in tomcat on Ubuntu) - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
On 14.05.2009 15:08, Jean-Claude Moissinac wrote: With all blocks removed, the problem remains. May 14, 2009 3:02:41 PM org.apache.catalina.core.ApplicationContext log INFO: ERROR (2009-05-14) 15:02.41:363 [access ] (Unknown-URI) Unknown-Thread/Unknown-Class: Exception reloading java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.cocoon.settings read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302) at java.lang.System.getProperty(System.java:669) at org.apache.cocoon.util.PropertySettings.(PropertySettings.java:74) at org.apache.cocoon.util.SettingsHelper.createSettings(SettingsHelper.java:43) at org.apache.cocoon.Cocoon.contextualize(Cocoon.java:237) at org.apache.avalon.framework.container.ContainerUtil.contextualize(ContainerUtil.java:116) at org.apache.cocoon.servlet.CocoonServlet.createCocoon(CocoonServlet.java:1421) at org.apache.cocoon.servlet.CocoonServlet.init(CocoonServlet.java:499) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) ... I think cocoon is trying to write a file at a place where it has not necessary rights (line org.apache.cocoon.util.SettingsHelper.createSettings(SettingsHelper.java:43)) But??? It seems you made it one step further. This looks like a generic Java security manager issue rather than a Cocoon issue. I don't think it tries to write a file rather than reading a property: java.lang.System.getProperty(System.java:669) Seems it's prevented by security manager settings. Joerg - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
With all blocks removed, the problem remains. May 14, 2009 3:02:41 PM org.apache.catalina.core.ApplicationContext log INFO: ERROR (2009-05-14) 15:02.41:363 [access ] (Unknown-URI) Unknown-Thread/Unknown-Class: Exception reloading java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.cocoon.settings read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302) at java.lang.System.getProperty(System.java:669) at org.apache.cocoon.util.PropertySettings.(PropertySettings.java:74) at org.apache.cocoon.util.SettingsHelper.createSettings(SettingsHelper.java:43) at org.apache.cocoon.Cocoon.contextualize(Cocoon.java:237) at org.apache.avalon.framework.container.ContainerUtil.contextualize(ContainerUtil.java:116) at org.apache.cocoon.servlet.CocoonServlet.createCocoon(CocoonServlet.java:1421) at org.apache.cocoon.servlet.CocoonServlet.init(CocoonServlet.java:499) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) ... I think cocoon is trying to write a file at a place where it has not necessary rights (line org.apache.cocoon.util.SettingsHelper.createSettings(SettingsHelper.java:43)) But??? - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
On 14.05.2009 14:56, Jean-Claude Moissinac wrote: On Thu, May 14, 2009 at 1:55 PM, Joerg Heinicke wrote: Xindice is a dependency of the optional block 'xmldb'. As Bertrand I recommend to exclude all blocks you don't need. So, I need to check all my applications to find what are my block dependencies. I suspect it could take a lot of time. I will began by removing all the blocks. When developing a new application you should start with the minimal set and add additional only when needed. Afterwards it's indeed more difficult. It should be possible though to exclude at least those blocks that you don't use for sure (like xmldb, midi, etc.). Joerg - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
On Thu, May 14, 2009 at 1:55 PM, Joerg Heinicke wrote: > Xindice is a dependency of the optional block 'xmldb'. As Bertrand I > recommend to exclude all blocks you don't need. So, I need to check all my applications to find what are my block dependencies. I suspect it could take a lot of time. I will began by removing all the blocks. To follow - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
After setting include.block.xmldb=false rebuilding and redeploying the war In the tomcat6 log, I get May 14, 2009 11:01:59 AM org.apache.catalina.core.ApplicationContext log INFO: ERROR (2009-05-14) 11:01.58:993 [access ] (Unknown-URI) Unknown-Thread/Unknown-Class: Exception reloading java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.cocoon.settings read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302) at java.lang.System.getProperty(System.java:669) at org.apache.cocoon.util.PropertySettings.(PropertySettings.java:74) at org.apache.cocoon.util.SettingsHelper.createSettings(SettingsHelper.java:43) at org.apache.cocoon.Cocoon.contextualize(Cocoon.java:237) at org.apache.avalon.framework.container.ContainerUtil.contextualize(ContainerUtil.java:116) at org.apache.cocoon.servlet.CocoonServlet.createCocoon(CocoonServlet.java:1421) at org.apache.cocoon.servlet.CocoonServlet.init(CocoonServlet.java:499) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1166) .. Which reflect more clearly the page I got at http://shadok.enst.fr:8080/cocoon/ It seems to be an access problem, but I don't on what resource the problem is. I've checked the rights on all the cocoon directory and subdirectories deployed from the war and all the files are accessible by my tomcat user. -- -- Jean-Claude Moissinac - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
Xindice is a dependency of the optional block 'xmldb'. As Bertrand I recommend to exclude all blocks you don't need. Joerg On 14.05.2009 10:32, Jean-Claude Moissinac wrote: Checked the command ./cocoon.sh, it works So, it's only the war deployed in tomcat6 which fails to work with the previously mentioned error. I have found nothing about Xindice in Install.txt or block.properties. Perhaps it is something always necessary for Cocoon? Jean-Claude - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
Checked the command ./cocoon.sh, it works So, it's only the war deployed in tomcat6 which fails to work with the previously mentioned error. I have found nothing about Xindice in Install.txt or block.properties. Perhaps it is something always necessary for Cocoon? Jean-Claude - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Re: Migration problem
On Wed, May 13, 2009 at 4:18 PM, Jean-Claude Moissinac wrote: > ...So, I decide to install cocoon 2.1.11 on Tomcat 6. > So, I compile cocoon.war then put it in the webapps directory of Tomcat ... > org.apache.xindice.util.ConfigurationException: Failed to load configuration. > at > org.apache.xindice.server.XindiceServlet.loadConfiguration(XindiceServlet.java:267) > at > org.apache.xindice.server.XindiceServlet.init(XindiceServlet.java:105) Do you need Xindice? If not you should disable it (and all blocks that you don't need), see INSTALL.txt and blocks.properties. -Bertrand - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
Migration problem
I had a lot of applications based on Cocoon on an old server, with Tomcat and cocoon 2.1.9 I'm preparing the new server My first idea was to migrate to cocoon 2.2, but I discovered a totally new world and differ the adoption because I think it takes to many time now for me to discover this new world. So, I decide to install cocoon 2.1.11 on Tomcat 6. So, I compile cocoon.war then put it in the webapps directory of Tomcat Then, I get the following page http://shadok.enst.fr:8080/cocoon/ and the following info in the log ... INFO: SessionListener: contextInitialized() May 13, 2009 3:55:51 PM org.apache.catalina.core.ApplicationContext log SEVERE: StandardWrapper.Throwable org.apache.xindice.util.ConfigurationException: Failed to load configuration. at org.apache.xindice.server.XindiceServlet.loadConfiguration(XindiceServlet.java:267) at org.apache.xindice.server.XindiceServlet.init(XindiceServlet.java:105) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1166) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:992) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4371) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:830) at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:719) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1217) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:293) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1337) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1601) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1590) at java.lang.Thread.run(Thread.java:636) ... I'm stuck on that problem Any idea? -- -- Jean-Claude Moissinac - To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org For additional commands, e-mail: users-h...@cocoon.apache.org
