's an explicit grant.
On 7/24/2022 10:08 PM, George Sexton wrote:
Everyone,
I'm running Tomcat 9 under the security manager and when I try to use
JavaMail to send a message, I'm getting:
javax.mail.MessagingException: IOException while sending message;
Everyone,
I'm running Tomcat 9 under the security manager and when I try to use
JavaMail to send a message, I'm getting:
javax.mail.MessagingException: IOException while sending message; nested
exception is:
javax.activation.UnsupportedDataTypeException:
no object DCH for
I'm setting up a new server with Tomcat9 and I'm running it under a
security manager. I'm getting this error:
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by
org.apache.tomcat.util.security.PrivilegedSetAccessControlContext
(
On 09/05/2022 16:23, Chavez Ortiz, Oscar (Externo) wrote:
Hello Mark, thank you for your answer.
- With Security reasons i mean from head quarters the server must be certified
by accomplishing a set of security hardening rules. One of those is Security
Manager.
It would be worth making sure
Hello Mark, thank you for your answer.
- With Security reasons i mean from head quarters the server must be certified
by accomplishing a set of security hardening rules. One of those is Security
Manager.
- In this case our system uses Tomcat 9.0.58, at this moment newer versions of
Tomcat are
On 09/05/2022 13:20, Chavez Ortiz, Oscar (Externo) wrote:
Hello group.
I have a SAP Business Object 4.2 server wich uses Tomcat 9.0.58 as web
container.
For Security reasons this server needs to implement Security Manager for
Tomcat on it, thus, i’ve configured starting configuration in
Hello group.
I have a SAP Business Object 4.2 server wich uses Tomcat 9.0.58 as web
container.
For Security reasons this server needs to implement Security Manager for Tomcat
on it, thus, i've configured starting configuration in java options with "-
Security Manager" op
On 19/05/2021 17:37, Robert Hicks wrote:
Is that the "same" security manager we flip on for Tomcat or just an
unfortunate naming coincidence?
It is the same one.
If you need the security manager I'd expect, based on typical lifetimes
of Tomcat major versions, that you
Is that the "same" security manager we flip on for Tomcat or just an
unfortunate naming coincidence?
--
Bob
On 15/04/2021 21:03, Me Self wrote:
Hi All
It appears the security manager is going to be removed from a future
release of java according to https://openjdk.java.net/jeps/411.
That will be quite a chunk of code we could remove / would have to
remove from Tomcat.
When running Tomcat on
Hi All
It appears the security manager is going to be removed from a future
release of java according to https://openjdk.java.net/jeps/411.
When running Tomcat on Linux there are many excellent alternatives to
locking down the JVM process with sandboxing/mandatory access control for
instance
own is
> just a symptom. You should definitely fix the symptom, too, but the
> real cause of the failed startup should be in one of those log files.
>
> - -chris
>
> > Jeff,
> >
> > On 6/27/19 09:24, Jeff wrote:
> >>>> Hello all,
> >>>>
9 09:24, Jeff wrote:
>>>> Hello all,
>>>>
>>>> Hit a roadblock trying to start tomcat with Security Manager
>>>> and don't even know where to start looking. Any help would
>>>> be appreciated.
>>>>
>>>> catalina.out: 27
> > Hello all,
> >
> > Hit a roadblock trying to start tomcat with Security Manager and
> > don't even know where to start looking. Any help would be
> > appreciated.
> >
> > catalina.out: 27-Jun-2019 06:01:57.627 INFO [main]
> > org.apache.catalina
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jeff,
On 6/27/19 09:24, Jeff wrote:
> Hello all,
>
> Hit a roadblock trying to start tomcat with Security Manager and
> don't even know where to start looking. Any help would be
> appreciated.
>
> catalina.out: 27-
Hello all,
Hit a roadblock trying to start tomcat with Security Manager and don't even
know where to start looking. Any help would be appreciated.
catalina.out:
27-Jun-2019 06:01:57.627 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
Engine: Apache T
Am 25.01.2019 um 21:58 schrieb Mark Thomas:
> On 25/01/2019 20:34, Mark Thomas wrote:
>> On 25/01/2019 11:12, Mark Thomas wrote:
>>> On 24/01/2019 12:19, Kai Hofmann wrote:
>>>> Hello,
>>>>
>>>> I try to activate the security manager for my own
On 25/01/2019 20:34, Mark Thomas wrote:
> On 25/01/2019 11:12, Mark Thomas wrote:
>> On 24/01/2019 12:19, Kai Hofmann wrote:
>>> Hello,
>>>
>>> I try to activate the security manager for my own Application within
>>> Tomcat 9.0.x. The problem ist th
On 25/01/2019 11:12, Mark Thomas wrote:
> On 24/01/2019 12:19, Kai Hofmann wrote:
>> Hello,
>>
>> I try to activate the security manager for my own Application within
>> Tomcat 9.0.x. The problem ist that I got 2 different access denied's
>> that should (from
On 24/01/2019 12:19, Kai Hofmann wrote:
> Hello,
>
> I try to activate the security manager for my own Application within
> Tomcat 9.0.x. The problem ist that I got 2 different access denied's
> that should (from my point of view) not happen. So this might be a bug -
>
Hello,
I try to activate the security manager for my own Application within
Tomcat 9.0.x. The problem ist that I got 2 different access denied's
that should (from my point of view) not happen. So this might be a bug -
but I am not 100% sure.
To make a long story short I have put all inform
CVE-2016-6796 Apache Tomcat Security Manager Bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M9
Apache Tomcat 8.5.0 to 8.5.4
Apache Tomcat 8.0.0.RC1 to 8.0.36
Apache Tomcat 7.0.0 to 7.0.70
Apache Tomcat 6.0.0 to 6.0.45
Earlier
CVE-2016-5018 Apache Tomcat Security Manager Bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M9
Apache Tomcat 8.5.0 to 8.5.4
Apache Tomcat 8.0.0.RC1 to 8.0.36
Apache Tomcat 7.0.0 to 7.0.70
Apache Tomcat 6.0.0 to 6.0.45
Earlier
El 22/02/2016 a las 06:23 a.m., Mark Thomas escribió:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CVE-2016-0763 Apache Tomcat Security Manager Bypass
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 7.0.0 to 7.0.67
- - Apache Tomcat 8.0.0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CVE-2016-0706 Apache Tomcat Security Manager bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 6.0.0 to 6.0.44
- - Apache Tomcat 7.0.0 to 7.0.67
- - Apache Tomcat 8.0.0.RC1 to 8.0.30
- - Apache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CVE-2016-0714 Apache Tomcat Security Manager Bypass
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 6.0.0 to 6.0.44
- - Apache Tomcat 7.0.0 to 7.0.67
- - Apache Tomcat 8.0.0.RC1 to 8.0.30
- - Apache
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CVE-2016-0763 Apache Tomcat Security Manager Bypass
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 7.0.0 to 7.0.67
- - Apache Tomcat 8.0.0.RC1 to 8.0.30
- - Apache Tomcat 9.0.0.M1 to 9.0.0.M2
2015-12-23 23:55 GMT+03:00 David Gietka - NOAA Federal :
> Hello Chris,
> Thanks for your response. There was nothing else in the log (see below),
> but with the latest version of tomcat 7 (7.0.67), I was able to start the
> downloaded version of tomcat with -security enabled. I will review my
>
gt; 7.0.65-7.0.67) we get the error below. Removing the -security allows
>>> Tomcat to start correctly. Due to our IT security constraints, we need
>> to
>>> enable security manager. Has anyone come across this issue before? Any
>>> help would
gt; Hello Tomcat list users,
> > I am hoping someone on this list may have insight into a problem we are
> > having running the latest version of tomcat 7.
> >
> > Our site currently runs Tomcat 7.0.64. We start Tomcat with the security
> > manager enabled ($CATALINA
raints, we need to
> enable security manager. Has anyone come across this issue before? Any
> help would be greatly appreciated. Please let me know if I should provide
> further details.
>
>
> java.lang.ClassNotFoundException:
> org.apache.catalina.loader.WebappClass
Hello Tomcat list users,
I am hoping someone on this list may have insight into a problem we are
having running the latest version of tomcat 7.
Our site currently runs Tomcat 7.0.64. We start Tomcat with the security
manager enabled ($CATALINA_HOME/bin/startup.sh -security ). We are running
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
CVE-2014-7810 Security Manager Bypass
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.15
- - Apache Tomcat 7.0.0 to 7.0.57
- - Apache Tomcat 6.0.0 to 6.0.43
Description:
Malicious
in not deployed manager app.
>
> I would *definitely need* both: running Tomcat with Security Manager turned
> on, and manager application. (I would like to enable "non-trusted" people
> to deploy their applications to my server via manager app)
>
> Any idea what to do?
Read th
running Tomcat with Security Manager turned
on, and manager application. (I would like to enable "non-trusted" people
to deploy their applications to my server via manager app)
Any idea what to do?
Thank you in advance!
Error log:
20-Nov-2014 11:28:46.242
oyed manager app.
>
> I would *definitely need* both: running Tomcat with Security Manager turned
> on, and manager application. (I would like to enable "non-trusted" people
> to deploy their applications to my server via manager app)
>
> Any idea what to do?
>
> Tha
Hi,
I am running tomcat 8.0.15, win64 ZIP, on Windows 2008R2, Oracle JRE 8.0.20.
Running with "catalina start", /manager app works perfectly.
Running "catalina start -security" will result in not deployed manager app.
I would *definitely need* both: running Tomcat with Sec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Wim,
On 9/10/14 9:36 AM, Wim Bertels wrote:
> as i tested setup debian + tomcat7 following the documentation, i
> was refered to
> http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html
>
>
for enabling the security m
c/security-manager-howto.html
for enabling the security manager,
As I recall, under Debian, there is a setting in /etc/default/tomcatx, like
SECURITY=YES/NO
which takes care of that for you.
as it seems in debian stable (with tomcat + examples + admin debian
packages installed):
- enabling the securi
Hallo,
as i tested setup debian + tomcat7 following the documentation,
i was refered to
http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html
for enabling the security manager,
as it seems in debian stable (with tomcat + examples + admin debian
packages installed):
- enabling the
On Thu, Aug 14, 2014 at 6:39 AM, Utkarsh Dave
wrote:
> We upgraded from Tomcat 7.0.41 to tomcat 7.0.53.
> We are starting the Tomcat as "-security" so as to enable security manager.
> I also see the changelog of 7.0.48 mentioning about this change
> "When running under
We upgraded from Tomcat 7.0.41 to tomcat 7.0.53.
We are starting the Tomcat as "-security" so as to enable security manager.
I also see the changelog of 7.0.48 mentioning about this change
"When running under a security manager, change the default value of the
Host's deployXM
2014-07-22 20:04 GMT+04:00 George Sexton :
> I'm using Tomcat 7.0.54 with the security manager. I'm getting an exception
> I don't understand:
>
> 2014-07-22 09:27:03,934 [http-bio-80-exec-64] ERROR
> org.apache.catalina.core.ContainerBase.[Catalina].[somehos
On 7/22/2014 11:04 AM, George Sexton wrote:
I'm using Tomcat 7.0.54 with the security manager. I'm getting an
exception I don't understand:
2014-07-22 09:27:03,934 [http-bio-80-exec-64] ERROR
org.apache.catalina.core.ContainerBase.[Catalina].[somehostname.mhsoftwar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/22/2014 9:04 AM, George Sexton wrote:
> I'm using Tomcat 7.0.54 with the security manager. I'm getting an
> exception I don't understand:
>
> 2014-07-22 09:27:03,934 [http-bio-80-exec-64] ERROR
> org.apac
I'm using Tomcat 7.0.54 with the security manager. I'm getting an
exception I don't understand:
2014-07-22 09:27:03,934 [http-bio-80-exec-64] ERROR
org.apache.catalina.core.ContainerBase.[Catalina].[somehostname.mhsoftware.com].[/].[jsp]-
Servlet.service() for servlet [jsp]
ppears to be a problem with JavaFaces:
> The problem is when I enable the security manager, I can’t deploy
> the app. In the I can see the next trace:
>
> INFO: Desplieque del descriptor de configuración
> C:\Users\Alejandro\AppData\Roaming\NetBeans\7.2.1\apache-tomcat-7.0.27.0_base
Hi,
I’m using Tomcat with JSF, ICEFaces, Spring and JPA. The configuracion and the
app work very well when I deploy it with the security managed disabled.
The problem is when I enable the security manager, I can’t deploy the app. In
the I can see the next trace:
INFO: Desplieque del
On Tue, 2012-01-10 at 22:06 +, ja...@mobilewebexpert.co.uk wrote:
> Basically, I've created a webapp which runs fine on my development machine,
> but our actual hosting is shared (and uses a Security Manager) and some new
> libraries we're using throws up loads of exceptio
ja...@mobilewebexpert.co.uk wrote:
Basically, I've created a webapp which runs fine on my development
machine, but our actual hosting is shared (and uses a Security Manager)
and some new libraries we're using throws up loads of exceptions which
we need to replicate locally, hence th
Basically, I've created a webapp which runs fine on my development machine,
but our actual hosting is shared (and uses a Security Manager) and some new
libraries we're using throws up loads of exceptions which we need to
replicate locally, hence the need for me to activate the Securi
o add specific policy rules that permit the application to
do whatever it needs to do. E.g. access to network, file system, jars etc.
Is there a particular reason you want to enable the Security Manager?
Are you hosting untrusted 3rd party applications for example?
p
> Thanks,
> James
t: Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager
enabled (Windows Vista)
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 09/01/2012 19:22, ja...@mobilewebexpert.co.uk wrote:
> Hiya,
>
> I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now
> having a problem running my webapp. I know I probably need to specify some
> security privileges somewhere,
2012/1/9 :
> Hiya,
>
> I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now
> having a problem running my webapp. I know I probably need to specify some
> security privileges somewhere,
Have you read the docs?
> but not sure where - pos
Hiya,
I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now
having a problem running my webapp. I know I probably need to specify some
security privileges somewhere, but not sure where - possibly catalina.policy?
Can anyone help??
Here's the error fr
ernet Security.
>
> The benchmark recommends enabling the Security Manager. However,
> I'm experiencing that none of the apps run 'out of the box' with
> the Security Manager enabled. I'm contemplating not activating it,
> but find it hard estimate the risk.
I'
jwklomp wrote:
>
>Hello,
>
>I'm migrating existing applications to Tomcat and setting Tomcat up as
>described in the 'Security Configuration Benchmark for Apache Tomcat
>5.5/6.0' of the Center of Internet Security.
>
>The benchmark recommends enab
jwklomp wrote:
>
>Hello,
>
>I'm migrating existing applications to Tomcat and setting Tomcat up as
>described in the 'Security Configuration Benchmark for Apache Tomcat
>5.5/6.0' of the Center of Internet Security.
>
>The benchmark recommends enab
> From: jwklomp [mailto:janwillem.kl...@gmail.com]
> Subject: Tomcat 6: what are the risks of not using Security Manager
> My question is: how secure is Tomcat without the Security Manager enabled
Tomcat itself is secure; it's your webapps you have to think about. Can they
b
Hello,
I'm migrating existing applications to Tomcat and setting Tomcat up as
described in the 'Security Configuration Benchmark for Apache Tomcat
5.5/6.0' of the Center of Internet Security.
The benchmark recommends enabling the Security Manager. However, I'm
experienc
.
Conway
From: Conway Liu
To: users@tomcat.apache.org
Sent: Thu, 12 May, 2011 11:37:17 AM
Subject: Enable Security Manager in Tomcat 5
Good day!
For testing purposes I have setup a website to run in Tomcat 5, Tomcat 6, and
Tomcat 7.
The site runs on Windows
Good day!
For testing purposes I have setup a website to run in Tomcat 5, Tomcat 6, and
Tomcat 7.
The site runs on Windows Server 2008 R2, and I used the service.bat to install
the windows service so that I can start and stop the site.
When it came to enable the security manager, I read from
On 08/10/2010 21:20, George Sexton wrote:
> Could any give me a hint as to what I need to add to the catalina.policy
> file to make this work?
>
> Should I file this as a bug?
https://issues.apache.org/bugzilla/show_bug.cgi?id=49209
Mark
-
I'm running Tomcat 6.0.29 with the security manager enabled. I'm getting
these entries in my log:
2010-10-07 12:09:01,710 WARN http-80-76
org.apache.catalina.loader.WebappClassLoader - JDBC driver de-registration
failed for web application []
java.lang.reflect.InvocationTarge
> sC4Anjmgu+jgXzjwgYFDsK+t8g3/ggEh
> =ByKq
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
--
View this message in conte
file.
>>
>> It was stripped by the list.
>>
>>> yes that is true but the command line application includes the security
>>> manager with equivalent policy
>>
>> Ok.
>>
>>> The web application works fine without the security manager.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Suresh,
On 4/22/2010 8:33 PM, suresht wrote:
> I see a char array being set to a number.
> charstring1[charstring1-1] = 0;
That's obviously not actual code. Can you decompile or otherwise browse
the source of the method where the exception occu
he policy file.
>
> It was stripped by the list.
>
>> yes that is true but the command line application includes the security
>> manager with equivalent policy
>
> Ok.
>
>> The web application works fine without the security manager.
>
> Since the error o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Suresh,
On 4/22/2010 4:51 PM, suresht wrote:
> i have attached a copy of the policy file.
It was stripped by the list.
> yes that is true but the command line application includes the security
> manager with equivalent policy
Ok.
hi Christopher
i have attached a copy of the policy file.
yes that is true but the command line application includes the security
manager with equivalent policy,
Tomcat + your webapp + Oracle JDBC Driver + SecurityManager = Exception
Some other app + Oracle JDBC Driver = no exception
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Suresh,
On 4/22/2010 3:19 PM, suresht wrote:
> when I run TOMCAT using -security option on Java 1.6 jdk, I get following
> error. I added policy definitions for all properities, oraclejars and
> JNDIpermission for the context.
Care to share those pol
:
http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28333480.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr
em.getProperties(System.java:599)
>>> at
>>>
>>> org.sonatype.nexus.web.PlexusContainerConfigurationUtils.buildContext(PlexusContainerConfigurationUtils.java:93)
>>>
>>>
>>
>> Start reading here:
>> http://t
org.sonatype.nexus.web.PlexusContainerConfigurationUtils.buildContext(PlexusContainerConfigurationUtils.java:93)
Start reading here:
http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
Also
http://java.sun.com/javase/technologies/security/index.jsp
http://java.sun.com/javase/6/docs/technotes
PropertiesAccess(SecurityManager.java:1269)
> at java.lang.System.getProperties(System.java:599)
> at
> org.sonatype.nexus.web.PlexusContainerConfigurationUtils.buildContext(PlexusContainerConfigurationUtils.java:93)
>
Start reading here:
http://tomcat.apache.org/tomcat-6.0-doc/securit
I am not sure if I am reading the stack trace right. I have a war that
is trying to read its configuration from the system.properties.
It seems that tomcat6 is apply read write checks on calls to
java.lang.System.getProperties. Am I observing the details correctly?
That seems to be the wrong pe
with security manager after
some tweaks in catalina.policy.
(added lines shown below)
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.lang.RuntimePermission "setContextClassLoader";
[snip]
permission java.io.FilePe
On 24/09/2009 15:19, Alan wrote:
Well, I'll try to make it clearer:
Situation: Ubuntu 9.04 with SUN Java 1.6 and tomcat 5.5.26 with
security mode (default in Debian/Ubuntu).
Testing tomcat-webapps examples.
A clean install and everything seems to work, except that nothing is
written in /var/lo
Well, I'll try to make it clearer:
Situation: Ubuntu 9.04 with SUN Java 1.6 and tomcat 5.5.26 with
security mode (default in Debian/Ubuntu).
Testing tomcat-webapps examples.
A clean install and everything seems to work, except that nothing is
written in /var/log/tomcat5.5
To solve this issue, I
On 24/09/2009 14:11, Alan wrote:
Hallelujah!
I finally figured out what's going on with tomcat 5.5.26 when running
webapps in security mode.
In Ubuntu 9.04, with just the addition of 'permission
java.lang.RuntimePermission "setContextClassLoader";' in
catalina.policy solved the problem. This is
Hallelujah!
I finally figured out what's going on with tomcat 5.5.26 when running
webapps in security mode.
In Ubuntu 9.04, with just the addition of 'permission
java.lang.RuntimePermission "setContextClassLoader";' in
catalina.policy solved the problem. This is happen because ubuntu has
its own
Many thanks dear Mark.
It's late here too but I finally, with your diligent and precious
help, I could figure out what's going on here and even manage to have
tomcat with security working for tomcat6.0.20 and tomcat5.5.28 (but
not for tomcat5.5.26, last version available for Mac via Fink).
Thank
Mark Thomas wrote:
> Mark Thomas wrote:
>> Alan wrote:
>>> Thanks Mark, let's deal by parts:
>> OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs
>> but not a 1.6.0_00 JVM.
>>
>> The latest 1.5 JVM seems OK too.
>>
>> Time to check the release notes. I'll hopefully have a work
Mark Thomas wrote:
> Alan wrote:
>> Thanks Mark, let's deal by parts:
>
> OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs
> but not a 1.6.0_00 JVM.
>
> The latest 1.5 JVM seems OK too.
>
> Time to check the release notes. I'll hopefully have a workaround (other
> than usi
Alan wrote:
> Thanks Mark, let's deal by parts:
OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs
but not a 1.6.0_00 JVM.
The latest 1.5 JVM seems OK too.
Time to check the release notes. I'll hopefully have a workaround (other
than using Java 1.5) shortly.
Mark
--
vaVM.framework/Versions/CurrentJDK/Home
>
> Which JVM is this? What does:
> java -version
> return?
amadeus[2197]:~/Programmes% java -version
java version "1.6.0_15"
Java(TM) SE Runtime Environment (build 1.6.0_15-b03-219)
Java HotSpot(TM) 64-Bit Server VM (build 14.1-b02-90, m
mmes/apache-tomcat-6.0.20
> Using CATALINA_TMPDIR: /Users/alan/Programmes/apache-tomcat-6.0.20/temp
> Using JRE_HOME:
> /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
Which JVM is this? What does:
java -version
return?
> Using Security Manager
>
/JavaVM.framework/Versions/CurrentJDK/Home
Using Security Manager
Please use CMSClassUnloadingEnabled in place of
CMSPermGenSweepingEnabled in the future
Could not load Logmanager "org.apache.juli.ClassLoaderLogManager"
java.security.AccessControlException: access denied
(java.lang.Runtime
> From: Alan [mailto:alanwil...@gmail.com]
> Subject: Re: webapps examples and security manager
>
> Not yet, which one would suggest me please?
The latest, always (6.0.20).
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for
Thanks for your reply.
Not yet, which one would suggest me please?
Alan
On Tue, Sep 22, 2009 at 17:27, Mark Thomas wrote:
> Alan wrote:
>
>> Any help would be more than appreciated.
>
> And when you try with a more recent version?
>
> Mark
>
>
>
>
>
Alan wrote:
> Any help would be more than appreciated.
And when you try with a more recent version?
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache
hen I wanted to use security manager.
I put that:
export CATALINA_OPTS="-DTOMCAT5LAUNCH=true -Djava.security.manager
-Djava.security.policy=$CATALINA_HOME/conf/catalina.policy"
then it still works but I don't like what I see in log catalina.out:
2009-09-22 16:34:41.010 java[24510
Hi,
i'm trying to write a web page with the Stripes framework. Everything works
fine when the Tomcat is running without the security manager. But when I
turn on the security manager, my application throws an error:
HTTP Status 404 -
type Status report
message
description The requested res
EB-INF/lib/mysql-connector-java-5.1.7-bin.jar
file that I use to connect to a remote MySQL database.
If I'm turning off the security manager by setting
TOMCAT5_SECURITY=no
in /etc/init.d/tomcat5.5
then I can make the connection to the database. If i turn it on
however, I can't connec
> From: andreas [mailto:anpa0...@telia.com]
> Subject: Re: Tomcat 6.0.20, JDK1.6.0_14 and security manager
>
> But I wonder what this means in terms of security?
Konstantin's suggestion should not be a problem. Note that code in Tomcat's
lib directory is given all permiss
> From: Martin Gainty [mailto:mgai...@hotmail.com]
> Subject: RE: Tomcat 6.0.20, JDK1.6.0_14 and security manager
>
> if you can show whats the problem with your policy
> check $TOMCAT_HOME/logs/%HOSTNAME%.-MM-DD.log
> for details
Since the logging mechanism can't be
fourni.
> Date: Sat, 6 Jun 2009 21:07:38 +0200
> From: anpa0...@telia.com
> To: users@tomcat.apache.org
> Subject: Re: Tomcat 6.0.20, JDK1.6.0_14 and security manager
>
> Indeed it does.
>
> But I wonder what this means in terms of security?
> I admit that my knowledg
Indeed it does.
But I wonder what this means in terms of security?
I admit that my knowledge of the policy files and security-permissions is very
weak, and granting permissions to something that I do not understand scares me
a bit.
Maybe I should file a bug about this and let it get investigate
> From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
> Subject: Re: Tomcat 6.0.20, JDK1.6.0_14 and security manager
>
> You may try adding
> permission java.lang.RuntimePermission "setContextClassLoader";
> for the "file:${catalina.home}/bin/tomcat-jul
1 - 100 of 169 matches
Mail list logo