I wrote a jsp file to read the cert file from the C:/certs dir. Initially i got the same error, then i changed the catalina.policy file to include file name permission java.io.FilePermission "C:/certs/f73e89fd.0", "read";
and it worked. But for some reason the verisign authentication still shows the same error. -----Original Message----- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:50 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I am using -security option to run TC. I am not quite sure about the syntax of the policy file, i should check that, but can u suggest me what is the correct syntax ? and also i will try to read this file using some test.jsp and let you know. thanks. -----Original Message----- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:42 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied You shouldn't need to add it anywhere else: Permissions are cumulative, so if that file permission is in a grant{} block, all the code running under the jvm will have it. You mentioned making the changes to java.policy as well: This should be unnecessary, as the catalina.policy file is the only one in effect if you start TC with the -security option. The situation as you're describing it sounds right, but since I know from experience that the security manager works just fine in 4.1.x, something is getting left out. Are you using the -security option to get the security manager, or are you using some parameters in $JAVA_OPTS? Are you certain about the syntax of your policy file (although that usually fails more dramatically than this)? Can you write a test JSP or servlet that reads a file out of that directory? Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -----Original Message----- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:10 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied No certs is a directory. shall i add it in other place other than the general grant block. -----Original Message----- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 4:09 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied If "certs" is a file and not a directory, take off the "\\-" at the end of the permission url. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -----Original Message----- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 2:50 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied I added the below line in the general grant{} block. permission java.io.FilePermission "C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-", "read"; I tried placing the certs file in other directory too where there is no whitespace issue. But i still have the problem. can you think of anything else? -----Original Message----- From: Benjamin Armintor [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 3:32 PM To: Tomcat Users List Subject: RE: java.security.AccessControlException: access denied Where did you add the permission in the catalina.policy file? In a general "grant{}" block? If not, it's possible that your code doesn't have the permission. It may also be the case that the whitespace in the filepath causes problems, but someone who actually runs on Windows could tell you better than I. Benjamin J. Armintor Operations Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -----Original Message----- From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 1:51 PM To: [EMAIL PROTECTED] Subject: java.security.AccessControlException: access denied I am running Tomcat4.1.30 on windows 2000, with security option turned on. My java application which is using JDK 1.4, connects to the the credit card authorizing company called verisign, and returns the approval authorization code. I have installed the digital certificate on $TOMCAT_HOME\certs directory. There are read permissions on the cert file. But still for some reason the verisign is not able to read the cert file due to the below error. RESULT=-31&RESPMSG=The certificate chain did not validate, no local certificate found, java.security.AccessControlException: access denied (java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs read) However when i run Tomcat server without security, everything is file. Somehow tomcat is restricting the permission to read the cert file. Verisign uses Jsse.jar to do the security authentication. I have modofied both java.policy and catalina.policy to grant permission on the cert file as below. permission java.io.FilePermission "C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-", "read"; But this does not help, is there anything else i should do to the server.xml file... How does the security manager runs in Tomcat4.1 Please help... --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
