J.P.Jarolim wrote:
This is the problem. You need to put the file name, not the path. If need to put <<ALL FILES>> if you want to grant access to all file under your context, or test.txt if you only want to be able to read that file.Hi! I've been working on this since beginnig last week together with a friend and can't find a clue: My friend owns a sun cobalt with linux, apache and tomcat. The system seems to be ready to use for providers - there is a config utility to add new user sites with a lot of options (like: user gets mysql, pop3, tomcat, or whatever) After creating a site with jsp, we deployed a jsp-testsuite which tests the given infrastructure: reading files, instancing classes, trying a db-query on mysql and so on (Which works fine on our local system). But every time we try to execute the testsuite we get one of these SecurityExceptions: java.security.AccessControlException: access denied (java.io.FilePermission /home/.sites/143/site40/web/test.txt read) (Test.txt is the file we want to read in the first part of our testsuite: File permissions 777) We looked into the tomcat docs how to setup the security manager correctly and looked into the tomcat.policy file in the {tomcat.home}/conf dir just to see that everything was set correctly (for us) from the site management utility: ... grant codeBase "file:/home/.sites/143/site40/web/-" { permission SocketPermission "localhost:1024-", "listen,connect,resolve"; permission java.util.PropertyPermission "*", "read,write"; permission java.io.FilePermission "/home/.sites/143/site40/-", "read,write,delete";
-- Jeanfrancois
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
};
...
Tomcat seems to run secure with the right file (as seen under ps -Af) but
seems to ignore all grants for the user sites:
...
java -Djava.security.manager -Djava.security.policy==/usr/java/jakarta-tomca
t/conf/tomcat.policy -Dtomcat.home=/usr/java/jakarta-tomcat
org.apache.tomcat.startup.Tomcat
Some users on groups.google mentioned, that the codeBase should be the same
as the docBase in the server.xml:
...
<Host name="johannes.jarolim.com"> <!-- Site site40 -->
<Context path="" docBase="/home/.sites/143/site40/web" debug="0"/>
<!-- user web contexts -->
</Host>
...
but this looks correct to me too. We even tried to give my site all
permissions:
grant codeBase "file:/home/.sites/143/site40/web/-" {
permission java.security.AllPermission;
};
But that is ignored too. The testsuite is neither able to open a file nor
just to read the length.
We have the same problems when instancing a class which tries to dynamically
instance another class. Like:
myDriver = (Driver)Class.forName(DriverName).newInstance(); // This is a
part of opening a connection to the mysql-db
To get that straight: Everything runs fine without security manager - But
who wants to run a root-tomcat without a security manager ;-)
Could anyone give me a clue where we could look at? After one week of
googling we're somehow out of ideas...
thanks in advance,
mfG,
J.P.Jarolim, ADWERBA
-------------------------------------------------------------
ADWERBA, Gesellschaft für Verkaufsförderung und Werbung
A-5020 Salzburg - Schallmooser Hauptstraße 85 A
Telefon: +43(0)662 643125, 643126 - Telefax: +43(0)662 643128
ISDN: +43(0)662 648058 - Email: [EMAIL PROTECTED] - ICQ 44284507
-------------------------------------------------------------
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>