Hi Jeanfrancois, I'm not sure now if it's a bug or not. I realized that the problem is that the code in "catalina.policy" to allow access refers to "${catalina.home}":
// These permissions apply to the container's core code, plus any additional // libraries installed in the "server" directory grant codeBase "file:${catalina.home}/server/-" { permission java.security.AllPermission; }; I had copied the "server" directory to "CATALINA_BASE" to get the manager app working a while ago. The default context for the manager app refers to "../server", which, of course wouldn't otherwise exist in CATALINA_BASE unless copied. When the conf directory along with "Catalina/localhost/manager.xml" was copied to CATALINA_BASE, the manager app couldn't be found. I've tried these two things and they both work: 1) Change ${catalina.home}/server to ${catalina.base}/server 2) Get rid of the server directory in CATALINA_BASE, and change the context descriptor for the manager app in the CATALINA_BASE directory to refer to the full path to the manager in CATALINA_HOME. Now, the existing security policy works. Jason. On Tue, 16 Mar 2004, Jeanfrancois Arcand wrote: > > > Jason Keltz wrote: > > >Hi. > > > >I've been using the manager webapp, but after enabling the security > >manager (-security on tomcat startup), the manager doesn't run any longer, > >giving this error: > > > >type Exception report > > > >message > > > >description The server encountered an internal error () that prevented it > >from fulfilling this request. > > > >exception > > > >javax.servlet.ServletException: Wrapper cannot find servlet class > >org.apache.catalina.manager.ManagerServlet or a class it depends on > >.... > > > >And in the log file, I see that: > > > >java.security.AccessControlException: access denied > >(java.lang.RuntimePermission accessClassInPackage.org.apache.catalina) > > > > > That's abug bug on our side. I will take a look latter today. As a > workaround, you can do: > > > permission java.lang.RuntimePermission > > "accessClassInPackage.org.apache.catalina"; > > permission java.lang.RuntimePermission > > "accessClassInPackage.org.apache.catalina"; > > or remove that package in catalina.properties. > > > -- Jeanfrancois > > > > > at > >java.security.AccessControlContext.checkPermission(AccessControlContext.java:269) > > at > >java.security.AccessController.checkPermission(AccessController.java:401) > > at > >java.lang.SecurityManager.checkPermission(SecurityManager.java:524) > > at > >java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1491) > > at java.lang.ClassLoader$1.run(ClassLoader.java:313) > > at java.security.AccessController.doPrivileged(Native Method) > > at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:311) > > at java.lang.ClassLoader.defineClass0(Native Method) > > at java.lang.ClassLoader.defineClass(ClassLoader.java:537) > > at > >java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123) > > at > >org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1677) > > at > >org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:900) > > at > >org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1350) > > at > >org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1230) > > at > >org.apache.catalina.core.StandardWrapper$1.run(StandardWrapper.java:962) > > at java.security.AccessController.doPrivileged(Native Method) > > at > >org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:958) > > at > >org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:712) > > at > >org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:187) > > at > >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) > > at > >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567) > > at > >org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245) > > at > >org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199) > > at > >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) > > at > >org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:587) > > at > >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) > > at > >org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567) > > at > >org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:184) > > at > >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) > > at > >org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164) > > at > >org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) > > > >--- > > > >In the default Catalina.policy file, I see: > > > >// libraries installed in the "server" directory > >grant codeBase "file:${catalina.home}/server/-" { > > permission java.security.AllPermission; > >}; > > > > > >Why can I not get the manager app to work with the security manager > >enabled? > > > >Thanks, > > > >Jason Keltz > >[EMAIL PROTECTED] > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]