Re: JavaMail Under Security Manager

2022-07-24 Thread George Sexton
an explicit grant. On 7/24/2022 10:08 PM, George Sexton wrote: Everyone, I'm running Tomcat 9 under the security manager and when I try to use JavaMail to send a message, I'm getting: javax.mail.MessagingException: IOException while sending message; nested exception

JavaMail Under Security Manager

2022-07-24 Thread George Sexton
Everyone, I'm running Tomcat 9 under the security manager and when I try to use JavaMail to send a message, I'm getting: javax.mail.MessagingException: IOException while sending message; nested exception is: javax.activation.UnsupportedDataTypeException: no object DCH for MIME type

Tomcat 9 Error under Security Manager

2022-07-17 Thread George Sexton
I'm setting up a new server with Tomcat9 and I'm running it under a security manager. I'm getting this error: WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.apache.tomcat.util.security.PrivilegedSetAccessControlContext (file:/usr/local

Re: Tomcat with Security Manager for SAP Business Objects issues

2022-05-09 Thread Mark Thomas
On 09/05/2022 16:23, Chavez Ortiz, Oscar (Externo) wrote: Hello Mark, thank you for your answer. - With Security reasons i mean from head quarters the server must be certified by accomplishing a set of security hardening rules. One of those is Security Manager. It would be worth making sure

RE: Tomcat with Security Manager for SAP Business Objects issues

2022-05-09 Thread Chavez Ortiz, Oscar (Externo)
Hello Mark, thank you for your answer. - With Security reasons i mean from head quarters the server must be certified by accomplishing a set of security hardening rules. One of those is Security Manager. - In this case our system uses Tomcat 9.0.58, at this moment newer versions of Tomcat

Re: Tomcat with Security Manager for SAP Business Objects issues

2022-05-09 Thread Mark Thomas
On 09/05/2022 13:20, Chavez Ortiz, Oscar (Externo) wrote: Hello group. I have a SAP Business Object 4.2 server wich uses Tomcat 9.0.58 as web container. For Security reasons this server needs to implement Security Manager for Tomcat on it, thus, i’ve configured starting configuration

Tomcat with Security Manager for SAP Business Objects issues

2022-05-09 Thread Chavez Ortiz, Oscar (Externo)
Hello group. I have a SAP Business Object 4.2 server wich uses Tomcat 9.0.58 as web container. For Security reasons this server needs to implement Security Manager for Tomcat on it, thus, i've configured starting configuration in java options with "- Security Manager" option.

Re: JEP 411: Deprecate the Security Manager for Removal

2021-05-19 Thread Mark Thomas
On 19/05/2021 17:37, Robert Hicks wrote: Is that the "same" security manager we flip on for Tomcat or just an unfortunate naming coincidence? It is the same one. If you need the security manager I'd expect, based on typical lifetimes of Tomcat major versions, that you'd have a

JEP 411: Deprecate the Security Manager for Removal

2021-05-19 Thread Robert Hicks
Is that the "same" security manager we flip on for Tomcat or just an unfortunate naming coincidence? -- Bob

Re: JEP 411 Deprecate the Security Manager for removal

2021-04-15 Thread Mark Thomas
On 15/04/2021 21:03, Me Self wrote: Hi All It appears the security manager is going to be removed from a future release of java according to https://openjdk.java.net/jeps/411. That will be quite a chunk of code we could remove / would have to remove from Tomcat. When running Tomcat

JEP 411 Deprecate the Security Manager for removal

2021-04-15 Thread Me Self
Hi All It appears the security manager is going to be removed from a future release of java according to https://openjdk.java.net/jeps/411. When running Tomcat on Linux there are many excellent alternatives to locking down the JVM process with sandboxing/mandatory access control for instance

Re: Unable to start tomcat with Security Manager

2019-07-01 Thread Jeff
wn is > just a symptom. You should definitely fix the symptom, too, but the > real cause of the failed startup should be in one of those log files. > > - -chris > > > Jeff, > > > > On 6/27/19 09:24, Jeff wrote: > >>>> Hello all, > >>>> >

Re: Unable to start tomcat with Security Manager

2019-06-27 Thread Christopher Schultz
9 09:24, Jeff wrote: >>>> Hello all, >>>> >>>> Hit a roadblock trying to start tomcat with Security Manager >>>> and don't even know where to start looking. Any help would >>>> be appreciated. >>>> >>>> catalina.out: 27-Jun-

Re: Unable to start tomcat with Security Manager

2019-06-27 Thread Jeff
gt; > Hello all, > > > > Hit a roadblock trying to start tomcat with Security Manager and > > don't even know where to start looking. Any help would be > > appreciated. > > > > catalina.out: 27-Jun-2019 06:01:57.627 INFO [main] > > org.apache.catalina.core.Stan

Re: Unable to start tomcat with Security Manager

2019-06-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeff, On 6/27/19 09:24, Jeff wrote: > Hello all, > > Hit a roadblock trying to start tomcat with Security Manager and > don't even know where to start looking. Any help would be > appreciated. > > catalina.out: 27-Jun-2

Unable to start tomcat with Security Manager

2019-06-27 Thread Jeff
Hello all, Hit a roadblock trying to start tomcat with Security Manager and don't even know where to start looking. Any help would be appreciated. catalina.out: 27-Jun-2019 06:01:57.627 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat

Re: Tomcat 9.0 with security manager reports access denied

2019-02-11 Thread Kai Hofmann
Am 25.01.2019 um 21:58 schrieb Mark Thomas: > On 25/01/2019 20:34, Mark Thomas wrote: >> On 25/01/2019 11:12, Mark Thomas wrote: >>> On 24/01/2019 12:19, Kai Hofmann wrote: >>>> Hello, >>>> >>>> I try to activate the security manager for my own

Re: Tomcat 9.0 with security manager reports access denied

2019-01-25 Thread Mark Thomas
On 25/01/2019 20:34, Mark Thomas wrote: > On 25/01/2019 11:12, Mark Thomas wrote: >> On 24/01/2019 12:19, Kai Hofmann wrote: >>> Hello, >>> >>> I try to activate the security manager for my own Application within >>> Tomcat 9.0.x. The probl

Re: Tomcat 9.0 with security manager reports access denied

2019-01-25 Thread Mark Thomas
On 25/01/2019 11:12, Mark Thomas wrote: > On 24/01/2019 12:19, Kai Hofmann wrote: >> Hello, >> >> I try to activate the security manager for my own Application within >> Tomcat 9.0.x. The problem ist that I got 2 different access denied's >> that should (from

Re: Tomcat 9.0 with security manager reports access denied

2019-01-25 Thread Mark Thomas
On 24/01/2019 12:19, Kai Hofmann wrote: > Hello, > > I try to activate the security manager for my own Application within > Tomcat 9.0.x. The problem ist that I got 2 different access denied's > that should (from my point of view) not happen. So this might be a bug - > but

Tomcat 9.0 with security manager reports access denied

2019-01-24 Thread Kai Hofmann
Hello, I try to activate the security manager for my own Application within Tomcat 9.0.x. The problem ist that I got 2 different access denied's that should (from my point of view) not happen. So this might be a bug - but I am not 100% sure. To make a long story short I have put all information

[SECURITY] CVE-2016-6796 Apache Tomcat Security Manager Bypass

2016-10-27 Thread Mark Thomas
CVE-2016-6796 Apache Tomcat Security Manager Bypass Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M9 Apache Tomcat 8.5.0 to 8.5.4 Apache Tomcat 8.0.0.RC1 to 8.0.36 Apache Tomcat 7.0.0 to 7.0.70 Apache Tomcat 6.0.0 to 6.0.45 Earlier

[SECURITY] CVE-2016-5018 Apache Tomcat Security Manager Bypass

2016-10-27 Thread Mark Thomas
CVE-2016-5018 Apache Tomcat Security Manager Bypass Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M9 Apache Tomcat 8.5.0 to 8.5.4 Apache Tomcat 8.0.0.RC1 to 8.0.36 Apache Tomcat 7.0.0 to 7.0.70 Apache Tomcat 6.0.0 to 6.0.45 Earlier

Re: [SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass

2016-03-22 Thread Chris Patterson
El 22/02/2016 a las 06:23 a.m., Mark Thomas escribió: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CVE-2016-0763 Apache Tomcat Security Manager Bypass Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 7.0.0 to 7.0.67 - - Apache Tomcat 8.0.0

[SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass

2016-02-22 Thread Mark Thomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CVE-2016-0706 Apache Tomcat Security Manager bypass Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 6.0.0 to 6.0.44 - - Apache Tomcat 7.0.0 to 7.0.67 - - Apache Tomcat 8.0.0.RC1 to 8.0.30 - - Apache

[SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass

2016-02-22 Thread Mark Thomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CVE-2016-0714 Apache Tomcat Security Manager Bypass Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 6.0.0 to 6.0.44 - - Apache Tomcat 7.0.0 to 7.0.67 - - Apache Tomcat 8.0.0.RC1 to 8.0.30 - - Apache

[SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass

2016-02-22 Thread Mark Thomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CVE-2016-0763 Apache Tomcat Security Manager Bypass Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 7.0.0 to 7.0.67 - - Apache Tomcat 8.0.0.RC1 to 8.0.30 - - Apache Tomcat 9.0.0.M1 to 9.0.0.M2

Re: Startup issue with security manager enabled on Tomcat 7.0.65 or later

2015-12-24 Thread Mark Thomas
.0.65-7.0.67) we get the error below. Removing the -security allows >>> Tomcat to start correctly. Due to our IT security constraints, we need >> to >>> enable security manager. Has anyone come across this issue before? Any >>> help would be gr

Re: Startup issue with security manager enabled on Tomcat 7.0.65 or later

2015-12-24 Thread Konstantin Kolinko
2015-12-23 23:55 GMT+03:00 David Gietka - NOAA Federal : > Hello Chris, > Thanks for your response. There was nothing else in the log (see below), > but with the latest version of tomcat 7 (7.0.67), I was able to start the > downloaded version of tomcat with -security

Startup issue with security manager enabled on Tomcat 7.0.65 or later

2015-12-23 Thread David Gietka - NOAA Federal
Hello Tomcat list users, I am hoping someone on this list may have insight into a problem we are having running the latest version of tomcat 7. Our site currently runs Tomcat 7.0.64. We start Tomcat with the security manager enabled ($CATALINA_HOME/bin/startup.sh -security ). We are running

Re: Startup issue with security manager enabled on Tomcat 7.0.65 or later

2015-12-23 Thread Christopher Schultz
raints, we need to > enable security manager. Has anyone come across this issue before? Any > help would be greatly appreciated. Please let me know if I should provide > further details. > > > java.lang.ClassNotFoundException: > org.apache.catalina.loade

Re: Startup issue with security manager enabled on Tomcat 7.0.65 or later

2015-12-23 Thread David Gietka - NOAA Federal
gt; Hello Tomcat list users, > > I am hoping someone on this list may have insight into a problem we are > > having running the latest version of tomcat 7. > > > > Our site currently runs Tomcat 7.0.64. We start Tomcat with the security > > manager enabled ($CATALINA

[SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass

2015-05-14 Thread Mark Thomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CVE-2014-7810 Security Manager Bypass Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.15 - - Apache Tomcat 7.0.0 to 7.0.57 - - Apache Tomcat 6.0.0 to 6.0.43 Description: Malicious

Running Manager App with Security Manager turned on - Tomcat 8.0.15

2014-11-20 Thread Luka Pavlič
Hi, I am running tomcat 8.0.15, win64 ZIP, on Windows 2008R2, Oracle JRE 8.0.20. Running with catalina start, /manager app works perfectly. Running catalina start -security will result in not deployed manager app. I would *definitely need* both: running Tomcat with Security Manager turned

Re: Running Manager App with Security Manager turned on - Tomcat 8.0.15

2014-11-20 Thread Konstantin Kolinko
*definitely need* both: running Tomcat with Security Manager turned on, and manager application. (I would like to enable non-trusted people to deploy their applications to my server via manager app) Any idea what to do? Thank you in advance! Error log: What words in the below message you do

Re: Running Manager App with Security Manager turned on - Tomcat 8.0.15

2014-11-20 Thread André Warnier
with Security Manager turned on, and manager application. (I would like to enable non-trusted people to deploy their applications to my server via manager app) Any idea what to do? Thank you in advance! Error log: 20-Nov-2014 11:28:46.242 SEVERE [localhost-startStop-1

Re: Running Manager App with Security Manager turned on - Tomcat 8.0.15

2014-11-20 Thread Mark Thomas
: running Tomcat with Security Manager turned on, and manager application. (I would like to enable non-trusted people to deploy their applications to my server via manager app) Any idea what to do? Read the error message in the logs. snip/ An appropriate descriptor should be created at [C

record security manager

2014-09-10 Thread Wim Bertels
Hallo, as i tested setup debian + tomcat7 following the documentation, i was refered to http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html for enabling the security manager, as it seems in debian stable (with tomcat + examples + admin debian packages installed): - enabling

Re: record security manager

2014-09-10 Thread André Warnier
-manager-howto.html for enabling the security manager, As I recall, under Debian, there is a setting in /etc/default/tomcatx, like SECURITY=YES/NO which takes care of that for you. as it seems in debian stable (with tomcat + examples + admin debian packages installed): - enabling the security manager

Re: record security manager

2014-09-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wim, On 9/10/14 9:36 AM, Wim Bertels wrote: as i tested setup debian + tomcat7 following the documentation, i was refered to http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html for enabling the security manager, as it seems

How can we configure deployXML=true in security manager ?

2014-08-14 Thread Utkarsh Dave
We upgraded from Tomcat 7.0.41 to tomcat 7.0.53. We are starting the Tomcat as -security so as to enable security manager. I also see the changelog of 7.0.48 mentioning about this change When running under a security manager, change the default value of the Host's deployXML attribute to false. add

Re: How can we configure deployXML=true in security manager ?

2014-08-14 Thread Daniel Mikusa
On Thu, Aug 14, 2014 at 6:39 AM, Utkarsh Dave utkarshkd...@gmail.com wrote: We upgraded from Tomcat 7.0.41 to tomcat 7.0.53. We are starting the Tomcat as -security so as to enable security manager. I also see the changelog of 7.0.48 mentioning about this change When running under a security

Re: Security Manager Exception

2014-07-28 Thread Konstantin Kolinko
2014-07-22 20:04 GMT+04:00 George Sexton geor...@mhsoftware.com: I'm using Tomcat 7.0.54 with the security manager. I'm getting an exception I don't understand: 2014-07-22 09:27:03,934 [http-bio-80-exec-64] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[somehostname.mhsoftware.com

Security Manager Exception

2014-07-23 Thread Terence M. Bandoian
On 7/22/2014 11:04 AM, George Sexton wrote: I'm using Tomcat 7.0.54 with the security manager. I'm getting an exception I don't understand: 2014-07-22 09:27:03,934 [http-bio-80-exec-64] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[somehostname.mhsoftware.com].[/].[jsp

Security Manager Exception

2014-07-22 Thread George Sexton
I'm using Tomcat 7.0.54 with the security manager. I'm getting an exception I don't understand: 2014-07-22 09:27:03,934 [http-bio-80-exec-64] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[somehostname.mhsoftware.com].[/].[jsp]- Servlet.service() for servlet [jsp] in context

Re: Security Manager Exception

2014-07-22 Thread Mark Eggers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/22/2014 9:04 AM, George Sexton wrote: I'm using Tomcat 7.0.54 with the security manager. I'm getting an exception I don't understand: 2014-07-22 09:27:03,934 [http-bio-80-exec-64] ERROR org.apache.catalina.core.ContainerBase.[Catalina

Re: Some help with Security Manager

2013-05-06 Thread Christopher Schultz
to be a problem with JavaFaces: The problem is when I enable the security manager, I can’t deploy the app. In the I can see the next trace: INFO: Desplieque del descriptor de configuración C:\Users\Alejandro\AppData\Roaming\NetBeans\7.2.1\apache-tomcat-7.0.27.0_base\conf\Catalina\localhost\web

Some help with Security Manager

2013-05-04 Thread Alejandro Garcia
Hi, I’m using Tomcat with JSF, ICEFaces, Spring and JPA. The configuracion and the app work very well when I deploy it with the security managed disabled. The problem is when I enable the security manager, I can’t deploy the app. In the I can see the next trace: INFO: Desplieque del

Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)

2012-01-11 Thread André Warnier
ja...@mobilewebexpert.co.uk wrote: Basically, I've created a webapp which runs fine on my development machine, but our actual hosting is shared (and uses a Security Manager) and some new libraries we're using throws up loads of exceptions which we need to replicate locally, hence the need

Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)

2012-01-11 Thread Tim Watts
On Tue, 2012-01-10 at 22:06 +, ja...@mobilewebexpert.co.uk wrote: Basically, I've created a webapp which runs fine on my development machine, but our actual hosting is shared (and uses a Security Manager) and some new libraries we're using throws up loads of exceptions which we need

Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)

2012-01-10 Thread Pid
On 09/01/2012 19:22, ja...@mobilewebexpert.co.uk wrote: Hiya, I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now having a problem running my webapp. I know I probably need to specify some security privileges somewhere, but not sure where - possibly catalina.policy

Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)

2012-01-10 Thread james
Subject: Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)

2012-01-10 Thread Pid
the application to do whatever it needs to do. E.g. access to network, file system, jars etc. Is there a particular reason you want to enable the Security Manager? Are you hosting untrusted 3rd party applications for example? p Thanks, James - Original Message - From: Pid p

Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)

2012-01-10 Thread james
Basically, I've created a webapp which runs fine on my development machine, but our actual hosting is shared (and uses a Security Manager) and some new libraries we're using throws up loads of exceptions which we need to replicate locally, hence the need for me to activate the Security Manager

Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)

2012-01-09 Thread james
Hiya, I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now having a problem running my webapp. I know I probably need to specify some security privileges somewhere, but not sure where - possibly catalina.policy? Can anyone help?? Here's the error from the log file: 09

Re: Problem running my webapp with Tomcat 7.0.22.0 Security Manager enabled (Windows Vista)

2012-01-09 Thread Konstantin Kolinko
2012/1/9 ja...@mobilewebexpert.co.uk: Hiya, I've just turned on Tomcat's Security Manager and (not surprisingly) I'm now having a problem running my webapp. I know I probably need to specify some security privileges somewhere, Have you read the docs? but not sure where - possibly

Re: Tomcat 6: what are the risks of not using Security Manager

2011-12-15 Thread Christopher Schultz
. The benchmark recommends enabling the Security Manager. However, I'm experiencing that none of the apps run 'out of the box' with the Security Manager enabled. I'm contemplating not activating it, but find it hard estimate the risk. I'll weigh-in, too, without having read Mark's and Chuck's replies, yet

Tomcat 6: what are the risks of not using Security Manager

2011-12-14 Thread jwklomp
Hello, I'm migrating existing applications to Tomcat and setting Tomcat up as described in the 'Security Configuration Benchmark for Apache Tomcat 5.5/6.0' of the Center of Internet Security. The benchmark recommends enabling the Security Manager. However, I'm experiencing that none

RE: Tomcat 6: what are the risks of not using Security Manager

2011-12-14 Thread Caldarale, Charles R
From: jwklomp [mailto:janwillem.kl...@gmail.com] Subject: Tomcat 6: what are the risks of not using Security Manager My question is: how secure is Tomcat without the Security Manager enabled Tomcat itself is secure; it's your webapps you have to think about. Can they be tricked into doing

Re: Tomcat 6: what are the risks of not using Security Manager

2011-12-14 Thread Mark Thomas
jwklomp janwillem.kl...@gmail.com wrote: Hello, I'm migrating existing applications to Tomcat and setting Tomcat up as described in the 'Security Configuration Benchmark for Apache Tomcat 5.5/6.0' of the Center of Internet Security. The benchmark recommends enabling the Security Manager

Re: Tomcat 6: what are the risks of not using Security Manager

2011-12-14 Thread markt
jwklomp janwillem.kl...@gmail.com wrote: Hello, I'm migrating existing applications to Tomcat and setting Tomcat up as described in the 'Security Configuration Benchmark for Apache Tomcat 5.5/6.0' of the Center of Internet Security. The benchmark recommends enabling the Security Manager

Enable Security Manager in Tomcat 5

2011-05-11 Thread Conway Liu
Good day! For testing purposes I have setup a website to run in Tomcat 5, Tomcat 6, and Tomcat 7. The site runs on Windows Server 2008 R2, and I used the service.bat to install the windows service so that I can start and stop the site. When it came to enable the security manager, I read from

Re: Enable Security Manager in Tomcat 5

2011-05-11 Thread Conway Liu
. Conway From: Conway Liu c...@xtra.co.nz To: users@tomcat.apache.org Sent: Thu, 12 May, 2011 11:37:17 AM Subject: Enable Security Manager in Tomcat 5 Good day! For testing purposes I have setup a website to run in Tomcat 5, Tomcat 6, and Tomcat 7. The site

JDBC Leak Prevention and Security Manager

2010-10-08 Thread George Sexton
I'm running Tomcat 6.0.29 with the security manager enabled. I'm getting these entries in my log: 2010-10-07 12:09:01,710 WARN http-80-76 org.apache.catalina.loader.WebappClassLoader - JDBC driver de-registration failed for web application [] java.lang.reflect.InvocationTargetException

Re: JDBC Leak Prevention and Security Manager

2010-10-08 Thread Mark Thomas
On 08/10/2010 21:20, George Sexton wrote: Could any give me a hint as to what I need to add to the catalina.policy file to make this work? Should I file this as a bug? https://issues.apache.org/bugzilla/show_bug.cgi?id=49209 Mark

Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error

2010-04-23 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suresh, On 4/22/2010 8:33 PM, suresht wrote: I see a char array being set to a number. charstring1[charstring1-1] = 0; That's obviously not actual code. Can you decompile or otherwise browse the source of the method where the exception

Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error

2010-04-23 Thread suresht
the security manager with equivalent policy Ok. The web application works fine without the security manager. Since the error occurs in the JDBC driver, I would imagine that the problem is there: the driver is not properly checking array bounds when accessing a String. Now, more than

Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error

2010-04-23 Thread suresht
- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28343802.html Sent from

Running tomcat/6.0.26 with security manager generates ORACLE jdbc error

2010-04-22 Thread suresht
in context: http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28333480.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users

Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error

2010-04-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suresh, On 4/22/2010 3:19 PM, suresht wrote: when I run TOMCAT using -security option on Java 1.6 jdk, I get following error. I added policy definitions for all properities, oraclejars and JNDIpermission for the context. Care to share those

Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error

2010-04-22 Thread suresht
hi Christopher i have attached a copy of the policy file. yes that is true but the command line application includes the security manager with equivalent policy, Tomcat + your webapp + Oracle JDBC Driver + SecurityManager = Exception Some other app + Oracle JDBC Driver = no exception

Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error

2010-04-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suresh, On 4/22/2010 4:51 PM, suresht wrote: i have attached a copy of the policy file. It was stripped by the list. yes that is true but the command line application includes the security manager with equivalent policy Ok. The web

Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error

2010-04-22 Thread suresht
by the list. yes that is true but the command line application includes the security manager with equivalent policy Ok. The web application works fine without the security manager. Since the error occurs in the JDBC driver, I would imagine that the problem is there: the driver

ubuntu 9.10 tomcat6 security manager blocks access to system.properties

2009-12-22 Thread Mike Power
I am not sure if I am reading the stack trace right. I have a war that is trying to read its configuration from the system.properties. It seems that tomcat6 is apply read write checks on calls to java.lang.System.getProperties. Am I observing the details correctly? That seems to be the wrong

Re: ubuntu 9.10 tomcat6 security manager blocks access to system.properties

2009-12-22 Thread Konstantin Kolinko
)       at java.lang.System.getProperties(System.java:599)       at org.sonatype.nexus.web.PlexusContainerConfigurationUtils.buildContext(PlexusContainerConfigurationUtils.java:93) Start reading here: http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html Also http://java.sun.com/javase/technologies

Re: ubuntu 9.10 tomcat6 security manager blocks access to system.properties

2009-12-22 Thread Mike Power
) at org.sonatype.nexus.web.PlexusContainerConfigurationUtils.buildContext(PlexusContainerConfigurationUtils.java:93) Start reading here: http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html Also http://java.sun.com/javase/technologies/security/index.jsp http://java.sun.com

Re: ubuntu 9.10 tomcat6 security manager blocks access to system.properties

2009-12-22 Thread Konstantin Kolinko
)      at java.lang.System.getProperties(System.java:599)      at org.sonatype.nexus.web.PlexusContainerConfigurationUtils.buildContext(PlexusContainerConfigurationUtils.java:93) Start reading here: http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html Also http

my webapps and security manager

2009-09-29 Thread Alan
with security manager after some tweaks in catalina.policy. (added lines shown below) grant codeBase file:${catalina.home}/bin/tomcat-juli.jar { permission java.lang.RuntimePermission setContextClassLoader; [snip] permission java.io.FilePermission ${catalina.base}${file.separator

Re: webapps examples and security manager

2009-09-24 Thread Alan
Hallelujah! I finally figured out what's going on with tomcat 5.5.26 when running webapps in security mode. In Ubuntu 9.04, with just the addition of 'permission java.lang.RuntimePermission setContextClassLoader;' in catalina.policy solved the problem. This is happen because ubuntu has its own

Re: webapps examples and security manager

2009-09-24 Thread Pid
On 24/09/2009 14:11, Alan wrote: Hallelujah! I finally figured out what's going on with tomcat 5.5.26 when running webapps in security mode. In Ubuntu 9.04, with just the addition of 'permission java.lang.RuntimePermission setContextClassLoader;' in catalina.policy solved the problem. This is

Re: webapps examples and security manager

2009-09-24 Thread Alan
Well, I'll try to make it clearer: Situation: Ubuntu 9.04 with SUN Java 1.6 and tomcat 5.5.26 with security mode (default in Debian/Ubuntu). Testing tomcat-webapps examples. A clean install and everything seems to work, except that nothing is written in /var/log/tomcat5.5 To solve this issue,

Re: webapps examples and security manager

2009-09-24 Thread Pid
On 24/09/2009 15:19, Alan wrote: Well, I'll try to make it clearer: Situation: Ubuntu 9.04 with SUN Java 1.6 and tomcat 5.5.26 with security mode (default in Debian/Ubuntu). Testing tomcat-webapps examples. A clean install and everything seems to work, except that nothing is written in

Re: webapps examples and security manager

2009-09-23 Thread Alan
/JavaVM.framework/Versions/CurrentJDK/Home Using Security Manager Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future Could not load Logmanager org.apache.juli.ClassLoaderLogManager java.security.AccessControlException: access denied (java.lang.RuntimePermission

Re: webapps examples and security manager

2009-09-23 Thread Mark Thomas
: /Users/alan/Programmes/apache-tomcat-6.0.20/temp Using JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home Which JVM is this? What does: java -version return? Using Security Manager Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future

Re: webapps examples and security manager

2009-09-23 Thread Alan
]:~/Programmes% java -version java version 1.6.0_15 Java(TM) SE Runtime Environment (build 1.6.0_15-b03-219) Java HotSpot(TM) 64-Bit Server VM (build 14.1-b02-90, mixed mode) Using Security Manager Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future Hmm. You

Re: webapps examples and security manager

2009-09-23 Thread Mark Thomas
Alan wrote: Thanks Mark, let's deal by parts: OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs but not a 1.6.0_00 JVM. The latest 1.5 JVM seems OK too. Time to check the release notes. I'll hopefully have a workaround (other than using Java 1.5) shortly. Mark

Re: webapps examples and security manager

2009-09-23 Thread Mark Thomas
Mark Thomas wrote: Alan wrote: Thanks Mark, let's deal by parts: OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs but not a 1.6.0_00 JVM. The latest 1.5 JVM seems OK too. Time to check the release notes. I'll hopefully have a workaround (other than using Java

Re: webapps examples and security manager

2009-09-23 Thread Mark Thomas
Mark Thomas wrote: Mark Thomas wrote: Alan wrote: Thanks Mark, let's deal by parts: OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs but not a 1.6.0_00 JVM. The latest 1.5 JVM seems OK too. Time to check the release notes. I'll hopefully have a workaround (other

Re: webapps examples and security manager

2009-09-23 Thread Alan
Many thanks dear Mark. It's late here too but I finally, with your diligent and precious help, I could figure out what's going on here and even manage to have tomcat with security working for tomcat6.0.20 and tomcat5.5.28 (but not for tomcat5.5.26, last version available for Mac via Fink). Thank

webapps examples and security manager

2009-09-22 Thread Alan
wanted to use security manager. I put that: export CATALINA_OPTS=-DTOMCAT5LAUNCH=true -Djava.security.manager -Djava.security.policy=$CATALINA_HOME/conf/catalina.policy then it still works but I don't like what I see in log catalina.out: 2009-09-22 16:34:41.010 java[24510:1603] CFPreferences

Re: webapps examples and security manager

2009-09-22 Thread Mark Thomas
Alan wrote: snip/ Any help would be more than appreciated. And when you try with a more recent version? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail:

Re: webapps examples and security manager

2009-09-22 Thread Alan
Thanks for your reply. Not yet, which one would suggest me please? Alan On Tue, Sep 22, 2009 at 17:27, Mark Thomas ma...@apache.org wrote: Alan wrote: snip/ Any help would be more than appreciated. And when you try with a more recent version? Mark

RE: webapps examples and security manager

2009-09-22 Thread Caldarale, Charles R
From: Alan [mailto:alanwil...@gmail.com] Subject: Re: webapps examples and security manager Not yet, which one would suggest me please? The latest, always (6.0.20). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only

stripes framework and Tomcat with security manager

2009-08-13 Thread JiangHongTiao
Hi, i'm trying to write a web page with the Stripes framework. Everything works fine when the Tomcat is running without the security manager. But when I turn on the security manager, my application throws an error: HTTP Status 404 - type Status report message description The requested resource

security manager

2009-06-12 Thread Bart Vandewoestyne
-connector-java-5.1.7-bin.jar file that I use to connect to a remote MySQL database. If I'm turning off the security manager by setting TOMCAT5_SECURITY=no in /etc/init.d/tomcat5.5 then I can make the connection to the database. If i turn it on however, I can't connect. I know I can set

Tomcat 6.0.20, JDK1.6.0_14 and security manager

2009-06-06 Thread andreas
Hi! Have anyone beside me had any issues with the software versions mentioned in the subject line? First I thought it was my wacky setup, so I tried to vanilla directly from tomcat.apache.org, and it still fails. NOTE : Running the same tomcat installation with JDK1.6.0_12 produces no

Re: Tomcat 6.0.20, JDK1.6.0_14 and security manager

2009-06-06 Thread Konstantin Kolinko
2009/6/6 andreas anpa0...@telia.com: Hi! Have anyone beside me had any issues with the software versions mentioned in the subject line? First I thought it was my wacky setup, so I tried to vanilla directly from tomcat.apache.org, and it still fails. NOTE : Running the same tomcat

RE: Tomcat 6.0.20, JDK1.6.0_14 and security manager

2009-06-06 Thread Caldarale, Charles R
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Subject: Re: Tomcat 6.0.20, JDK1.6.0_14 and security manager You may try adding permission java.lang.RuntimePermission setContextClassLoader; for the file:${catalina.home}/bin/tomcat-juli.jar I just verified that does correct

Re: Tomcat 6.0.20, JDK1.6.0_14 and security manager

2009-06-06 Thread andreas
Indeed it does. But I wonder what this means in terms of security? I admit that my knowledge of the policy files and security-permissions is very weak, and granting permissions to something that I do not understand scares me a bit. Maybe I should file a bug about this and let it get

RE: Tomcat 6.0.20, JDK1.6.0_14 and security manager

2009-06-06 Thread Martin Gainty
2009 21:07:38 +0200 From: anpa0...@telia.com To: users@tomcat.apache.org Subject: Re: Tomcat 6.0.20, JDK1.6.0_14 and security manager Indeed it does. But I wonder what this means in terms of security? I admit that my knowledge of the policy files and security-permissions is very weak

  1   2   >