Thanks for the reply, I got it running, but I don't understand it, maybe you can help me:
Giving following permission to my tomcat (5.5.9) grant { permission javax.management.MBeanPermission "*", "*"; permission java.lang.management.ManagementPermission "monitor"; permission java.util.PropertyPermission "java.class.path", "read"; permission java.util.PropertyPermission "java.library.path", "read"; permission java.net.SocketPermission "intranet-lx1", "resolve"; }; and I can monitor my tomcat with jconsole. But this means I give the above permissions to all jars & webapps on my tomcat. So guessed, giving these permissions only to $JAVA_HOME jars (lib, lib/ext) and tomcat jars (common,server,bin) should have the same result - but no I got a security excpetion: access: access denied (javax.management.MBeanPermission sun.management.RuntimeImpl#-[java.lang:type=Runtime] isInstanceOf) java.lang.Exception: Stack trace at java.lang.Thread.dumpStack(Thread.java:1158) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:253) at java.security.AccessController.checkPermission(AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.checkMBeanPermission(DefaultMBeanServerInterceptor.java:1707) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.isInstanceOf(DefaultMBeanServerInterceptor.java:1328) at com.sun.jmx.mbeanserver.JmxMBeanServer.isInstanceOf(JmxMBeanServer.java:1074) at com.sun.jmx.remote.security.MBeanServerAccessController.isInstanceOf(MBeanServerAccessController.java:439) at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1414) at javax.management.remote.rmi.RMIConnectionImpl.access$100(RMIConnectionImpl.java:81) at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1245) at java.security.AccessController.doPrivileged(Native Method) at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1348) And now I was surprised - all the packaeges in the stack trace (above doPrivileged) are contained in rt.jar, which do have AllPermission (and additional permissions described above - for the paranoid)!! Why can the above access denied exception occur?? This excpetion is also thrown, when no webapp is deployed - this means that only $JAVA_HOME & tomcat core jars are found and loaded and all of these jars does have AllPermission?! I'm confused, Gernot -----Ursprüngliche Nachricht----- Von: Peter Rossbach [mailto:[EMAIL PROTECTED] Gesendet: Sonntag, 18. September 2005 10:55 An: Tomcat Users List Betreff: Re: jconsole & security manager You can find detail information here: http://java.sun.com/j2se/1.5.0/docs/api/javax/management/MBeanPermission.html Very simple config example: http://mx4j.sourceforge.net/docs/ch03s10.html Peter Pfingstl Gernot schrieb: >I like to monitor my tomcat 5.5 (running on jdk 1.5.0) with jconsole. >If I run tomcat without security manager everything works well. >If I run tomcat with security manager, monitoring the tomcat mbeans works well >- but jconsoles memory view doensn't work! >Sun's doc says: "If your application runs a security manager, then additional >permissions are required in the security permissions file." > >But I have not found which permissions are required? > >Has somebody have solved this? >Which permissions are required? > >Thanks, >Gernot > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]