> I'm trying to get an application I have to use the SecurityManager object
> from Tomcat.
>
> I've added the -security to my startup so that it is enabled.
>
> When I do a System.getSecurityManager() it returns a null object.
>
> If I try and create my own SecurityManager and set it via
> System.setSecurityManager, I get:
> 004-08-26 14:07:47 StandardContext[/clinicalTrials]Exception starting
> filter SessionFilter
> java.security.AccessControlException: access denied
> (java.lang.RuntimePermission getClassLoader)
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.ja
> va:269)
> at
> java.security.AccessController.checkPermission(AccessController.java:401)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
> at java.lang.Thread.getContextClassLoader(Thread.java:1182)
> at
> org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilt
> erConfig.java:207)
> at
> org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationF
> ilterConfig.java:308)
> at
> org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterC
> onfig.java:79)
>
> The only info I have added to the catalina.policy file is:
> grant {
> permission javax.security.auth.AuthPermission "createLoginContext";
> permission javax.security.auth.AuthPermission "doAs";
> permission javax.security.auth.AuthPermission "doAsPrivileged";
> permission javax.security.auth.AuthPermission "modifyPrincipals";
> permission javax.security.auth.AuthPermission "getSubject";
> };
>
> grant principal com.ptilabs.commons.jaas.authentication.ldap.LDAPPrincipal
> "_app_Clinical_Trials" {
> permission com.ptilabs.commons.jaas.authorization.URLPermission
> "/clinicalTrials/app/*";
> };
>
> Can someone tell me what I am doing wrong?
>
> I have a command line version for testing that works fine. It is when I
> try and do things under Tomcat that everything blows up.
>
> Thanks!
>
> --
> Sloan
