I'm trying to get an application I have to use the SecurityManager object
from Tomcat.
I've added the -security to my startup so that it is enabled.
When I do a System.getSecurityManager() it returns a null object.
If I try and create my own SecurityManager and set it via
System.setSecurityManager, I get:
004-08-26 14:07:47 StandardContext[/clinicalTrials]Exception starting filter
SessionFilter
java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:269)
at
java.security.AccessController.checkPermission(AccessController.java:401)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.Thread.getContextClassLoader(Thread.java:1182)
at
org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilter
Config.java:207)
at
org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFil
terConfig.java:308)
at
org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterCon
fig.java:79)
The only info I have added to the catalina.policy file is:
grant {
permission javax.security.auth.AuthPermission "createLoginContext";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "getSubject";
};
grant principal com.ptilabs.commons.jaas.authentication.ldap.LDAPPrincipal
"_app_Clinical_Trials" {
permission com.ptilabs.commons.jaas.authorization.URLPermission
"/clinicalTrials/app/*";
};
Can someone tell me what I am doing wrong?
I have a command line version for testing that works fine. It is when I try
and do things under Tomcat that everything blows up.
Thanks!
--
Sloan
