Thanks for the reply,
I got it running, but I don't understand it, maybe you can help me:
Giving following permission to my tomcat (5.5.9)
grant {
permission javax.management.MBeanPermission "*", "*";
permission java.lang.management.ManagementPermission "monitor";
permission java.util.PropertyPermission "java.class.path", "read";
permission java.util.PropertyPermission "java.library.path", "read";
permission java.net.SocketPermission "intranet-lx1", "resolve";
};
and I can monitor my tomcat with jconsole. But this means I give the above
permissions to all jars & webapps on my tomcat. So guessed, giving these
permissions only to $JAVA_HOME jars (lib, lib/ext) and tomcat jars
(common,server,bin) should have the same result - but no I got a security
excpetion:
access: access denied (javax.management.MBeanPermission
sun.management.RuntimeImpl#-[java.lang:type=Runtime] isInstanceOf)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1158)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:253)
at
java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.checkMBeanPermission(DefaultMBeanServerInterceptor.java:1707)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.isInstanceOf(DefaultMBeanServerInterceptor.java:1328)
at
com.sun.jmx.mbeanserver.JmxMBeanServer.isInstanceOf(JmxMBeanServer.java:1074)
at
com.sun.jmx.remote.security.MBeanServerAccessController.isInstanceOf(MBeanServerAccessController.java:439)
at
javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1414)
at
javax.management.remote.rmi.RMIConnectionImpl.access$100(RMIConnectionImpl.java:81)
at
javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1245)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1348)
And now I was surprised - all the packaeges in the stack trace (above
doPrivileged) are contained in rt.jar, which do have AllPermission (and
additional permissions described above - for the paranoid)!!
Why can the above access denied exception occur??
This excpetion is also thrown, when no webapp is deployed - this means that
only $JAVA_HOME & tomcat core jars are found and loaded and all of these jars
does have AllPermission?!
I'm confused,
Gernot
-----Ursprüngliche Nachricht-----
Von: Peter Rossbach [mailto:[EMAIL PROTECTED]
Gesendet: Sonntag, 18. September 2005 10:55
An: Tomcat Users List
Betreff: Re: jconsole & security manager
You can find detail information here:
http://java.sun.com/j2se/1.5.0/docs/api/javax/management/MBeanPermission.html
Very simple config example:
http://mx4j.sourceforge.net/docs/ch03s10.html
Peter
Pfingstl Gernot schrieb:
>I like to monitor my tomcat 5.5 (running on jdk 1.5.0) with jconsole.
>If I run tomcat without security manager everything works well.
>If I run tomcat with security manager, monitoring the tomcat mbeans works well
>- but jconsoles memory view doensn't work!
>Sun's doc says: "If your application runs a security manager, then additional
>permissions are required in the security permissions file."
>
>But I have not found which permissions are required?
>
>Has somebody have solved this?
>Which permissions are required?
>
>Thanks,
>Gernot
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
