Jason Keltz wrote:
Hi Jeanfrancois,
I'm not sure now if it's a bug or not. I realized that the problem is that the code in "catalina.policy" to allow access refers to "${catalina.home}":
// These permissions apply to the container's core code, plus any additional // libraries installed in the "server" directory grant codeBase "file:${catalina.home}/server/-" { permission java.security.AllPermission; };
I had copied the "server" directory to "CATALINA_BASE" to get the manager app working a while ago. The default context for the manager app refers to "../server", which, of course wouldn't otherwise exist in CATALINA_BASE unless copied. When the conf directory along with "Catalina/localhost/manager.xml" was copied to CATALINA_BASE, the manager app couldn't be found.
I've tried these two things and they both work:
1) Change ${catalina.home}/server to ${catalina.base}/server
2) Get rid of the server directory in CATALINA_BASE, and change
the context descriptor for the manager app in the CATALINA_BASE
directory to refer to the full path to the manager in CATALINA_HOME. Now,
the existing security policy works.
Yes, except it is not supposed to work like that. I will try to fix it tonigh or tomorrow.
Thanks
-- Jeanfrancois
Jason.
On Tue, 16 Mar 2004, Jeanfrancois Arcand wrote:
Jason Keltz wrote:
Hi.
I've been using the manager webapp, but after enabling the security manager (-security on tomcat startup), the manager doesn't run any longer, giving this error:
type Exception report
message
description The server encountered an internal error () that prevented it
from fulfilling this request.
exception
javax.servlet.ServletException: Wrapper cannot find servlet class org.apache.catalina.manager.ManagerServlet or a class it depends on ....
And in the log file, I see that:
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
That's abug bug on our side. I will take a look latter today. As a workaround, you can do:
permission java.lang.RuntimePermissionor remove that package in catalina.properties.
"accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
-- Jeanfrancois
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269) at java.security.AccessController.checkPermission(AccessController.java:401) at java.lang.SecurityManager.checkPermission(SecurityManager.java:524) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1491) at java.lang.ClassLoader$1.run(ClassLoader.java:313) at java.security.AccessController.doPrivileged(Native Method) at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:311) at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:537) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123) at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1677) at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:900) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1350) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1230) at org.apache.catalina.core.StandardWrapper$1.run(StandardWrapper.java:962) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:958) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:712) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:187) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:587) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:184) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
---
In the default Catalina.policy file, I see:
// libraries installed in the "server" directory grant codeBase "file:${catalina.home}/server/-" { permission java.security.AllPermission; };
Why can I not get the manager app to work with the security manager enabled?
Thanks,
Jason Keltz [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]