DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22032>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22032 missing security-policy in default-configuration Summary: missing security-policy in default-configuration Product: Tomcat 5 Version: 5.0.5 Platform: Other OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] when starting tomcat 5.0.5 with security-manager enabled (standard distribution, no configuration-changes, just catalina.sh start -security), it throws an java.security.AccessControlException when accessing any jsp-page (even index.jsp). Adding the following lines to conf/catalina.policy resolved the problem for me: permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.juntime.*"; permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtime"; permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtime.*"; The stack-trace of the excepion is: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270) at java.security.AccessController.checkPermission(AccessController.java:401) at java.lang.SecurityManager.checkPermission(SecurityManager.java:542) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1513) at java.lang.ClassLoader$1.run(ClassLoader.java:326) at java.security.AccessController.doPrivileged(Native Method) at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:324) at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:502) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123) at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1657) at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:882) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1345) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1225) at org.apache.catalina.core.StandardWrapper$1.run(StandardWrapper.java:951) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:947) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:701) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:183) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:256) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:210) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:190) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:175) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:974) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:207) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:637) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:488) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:568) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:631) at java.lang.Thread.run(Thread.java:536) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]