Hi Jeanfrancois,
I'm not sure now if it's a bug or not. I realized that the problem is
that the code in "catalina.policy" to allow access refers to
"${catalina.home}":
// These permissions apply to the container's core code, plus any additional
// libraries installed in the "server" directory
grant codeBase "file:${catalina.home}/server/-" {
permission java.security.AllPermission;
};
I had copied the "server" directory to "CATALINA_BASE" to get the manager
app working a while ago. The default context for the manager app refers
to "../server", which, of course wouldn't otherwise exist in CATALINA_BASE
unless copied. When the conf directory along with
"Catalina/localhost/manager.xml" was copied to CATALINA_BASE, the manager
app couldn't be found.
I've tried these two things and they both work:
1) Change ${catalina.home}/server to ${catalina.base}/server
2) Get rid of the server directory in CATALINA_BASE, and change
the context descriptor for the manager app in the CATALINA_BASE
directory to refer to the full path to the manager in CATALINA_HOME. Now,
the existing security policy works.
Jason.
On Tue, 16 Mar 2004, Jeanfrancois Arcand wrote:
>
>
> Jason Keltz wrote:
>
> >Hi.
> >
> >I've been using the manager webapp, but after enabling the security
> >manager (-security on tomcat startup), the manager doesn't run any longer,
> >giving this error:
> >
> >type Exception report
> >
> >message
> >
> >description The server encountered an internal error () that prevented it
> >from fulfilling this request.
> >
> >exception
> >
> >javax.servlet.ServletException: Wrapper cannot find servlet class
> >org.apache.catalina.manager.ManagerServlet or a class it depends on
> >....
> >
> >And in the log file, I see that:
> >
> >java.security.AccessControlException: access denied
> >(java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
> >
> >
> That's abug bug on our side. I will take a look latter today. As a
> workaround, you can do:
>
> > permission java.lang.RuntimePermission
> > "accessClassInPackage.org.apache.catalina";
> > permission java.lang.RuntimePermission
> > "accessClassInPackage.org.apache.catalina";
>
> or remove that package in catalina.properties.
>
>
> -- Jeanfrancois
>
>
>
> > at
> >java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
> > at
> >java.security.AccessController.checkPermission(AccessController.java:401)
> > at
> >java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
> > at
> >java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1491)
> > at java.lang.ClassLoader$1.run(ClassLoader.java:313)
> > at java.security.AccessController.doPrivileged(Native Method)
> > at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:311)
> > at java.lang.ClassLoader.defineClass0(Native Method)
> > at java.lang.ClassLoader.defineClass(ClassLoader.java:537)
> > at
> >java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
> > at
> >org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1677)
> > at
> >org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:900)
> > at
> >org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1350)
> > at
> >org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1230)
> > at
> >org.apache.catalina.core.StandardWrapper$1.run(StandardWrapper.java:962)
> > at java.security.AccessController.doPrivileged(Native Method)
> > at
> >org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:958)
> > at
> >org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:712)
> > at
> >org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:187)
> > at
> >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
> > at
> >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567)
> > at
> >org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245)
> > at
> >org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199)
> > at
> >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
> > at
> >org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:587)
> > at
> >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
> > at
> >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567)
> > at
> >org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:184)
> > at
> >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
> > at
> >org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
> > at
> >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
> >
> >---
> >
> >In the default Catalina.policy file, I see:
> >
> >// libraries installed in the "server" directory
> >grant codeBase "file:${catalina.home}/server/-" {
> > permission java.security.AllPermission;
> >};
> >
> >
> >Why can I not get the manager app to work with the security manager
> >enabled?
> >
> >Thanks,
> >
> >Jason Keltz
> >[EMAIL PROTECTED]
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
