Re: Security manager and request.getParameter() access error

Sun, 20 Oct 2002 07:17:48 -0700 

Check your catalina.policy and see if the following 4 permissions are
granted in the default policy:

  // Required for sevlets and JSP's
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util.*";
  permission java.lang.RuntimePermission "defineClassInPackage.org.apache.catalina.util";
  permission java.lang.RuntimePermission "defineClassInPackage.org.apache.catalina.util.*";

Java 1.4 is more picky about the RuntimePermission accessClassInPackage and
defineClassInPackage permissions.

Regards,

Glenn

Dala wrote:

When I use the security manager in Tomcat (4.1.12-LE-jdk1.4) some  strange
problems occur.
When I execute the following simple JSP code:
<% request.getParameter("foo"); %>

I get the following exception:
org.apache.jasper.JasperException: org/apache/catalina/util/ParameterMap
	at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2
48)
	at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain
...

I also start tomcat with security debub info enabled (i.e.
CATALINA_OPTS=-Djava.security.debug=failure) but the log files do not
report any errors, except for the exception of course.

I use the standard policy rules as stated in the file catalina.policy. I
even tried to grant the additional following rules, but nothing have helped
so far:
   permission java.lang.RuntimePermission
"accessClassInPackage.javax.servlet";
   permission java.lang.RuntimePermission
"accessClassInPackage.javax.servlet.*";

If I grant all permissions (i.e. permission java.security.AllPermission;) to
my code base, then everything works fine.

What is the problem?
Have I missed something obvious here?

/Tommy


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>




--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>

Reply via email to