Re: security manager problem

Glenn Nielsen Wed, 27 Nov 2002 05:49:46 -0800

Start tomcat with the property javax.security.debug=access,failure so that
you can capture debug information for the SecurityManager.  Also read the
SecurityManager-HOWTO that comes with tomcat.


Glenn


Mok Swee Loong wrote:

Dear all,

Just started with tomcat 4.1.2, i am trying to run things a little bit more
secure, and try to figure out a good way to start and stop the server. Pls
do comment if you have any opinion or good reference regarding this. Thanks
a million.

- I plan to run the tomcat server as user "tomcat"
- I have changed everything under $CATALINA_HOME owned by "tomcat" user (is
this necessary at all? or we'll just need to change the logging directory to
be writable by user tomcat?) and start tomcat using "su -c
$CATALICA_HOME/bin/startup.sh tomcat"
- Does tomcat have similar setting like apache httpd server, where u can set
user and group permission to run as, you start the server as root to
initialize everything that needed root, then the server will change and run
as your desired credential?

With the above setup it is running fine, but when i try to run it with the
security manager using the default catalina.policy

# export CATALINA_OPTS=-Djava.security.debug=access,failure
# su -c $CATALICA_HOME/bin/startup.sh tomcat -security

i got the following exception:

Exception during startup processing
java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader)
        at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:270)
        at
java.security.AccessController.checkPermission(AccessController.java:401)
        at
java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
        at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1031)
        at org.apache.catalina.startup.Catalina.<init>(Catalina.java:127)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
        at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAcces
sorImpl.java:39)
        at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstruc
torAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
        at java.lang.Class.newInstance0(Class.java:306)
        at java.lang.Class.newInstance(Class.java:259)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:179)


what could be wrong? any comments are appreciated. Thanks.

regards,
mok



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>




--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: security manager problem

Reply via email to