Hi! I've been working on this since beginnig last week together with a friend and can't find a clue:
My friend owns a sun cobalt with linux, apache and tomcat. The system seems to be ready to use for providers - there is a config utility to add new user sites with a lot of options (like: user gets mysql, pop3, tomcat, or whatever) After creating a site with jsp, we deployed a jsp-testsuite which tests the given infrastructure: reading files, instancing classes, trying a db-query on mysql and so on (Which works fine on our local system). But every time we try to execute the testsuite we get one of these SecurityExceptions: java.security.AccessControlException: access denied (java.io.FilePermission /home/.sites/143/site40/web/test.txt read) (Test.txt is the file we want to read in the first part of our testsuite: File permissions 777) We looked into the tomcat docs how to setup the security manager correctly and looked into the tomcat.policy file in the {tomcat.home}/conf dir just to see that everything was set correctly (for us) from the site management utility: ... grant codeBase "file:/home/.sites/143/site40/web/-" { permission SocketPermission "localhost:1024-", "listen,connect,resolve"; permission java.util.PropertyPermission "*", "read,write"; permission java.io.FilePermission "/home/.sites/143/site40/-", "read,write,delete"; permission java.lang.RuntimePermission "accessClassInPackage.sun.io"; }; ... Tomcat seems to run secure with the right file (as seen under ps -Af) but seems to ignore all grants for the user sites: ... java -Djava.security.manager -Djava.security.policy==/usr/java/jakarta-tomca t/conf/tomcat.policy -Dtomcat.home=/usr/java/jakarta-tomcat org.apache.tomcat.startup.Tomcat Some users on groups.google mentioned, that the codeBase should be the same as the docBase in the server.xml: ... <Host name="johannes.jarolim.com"> <!-- Site site40 --> <Context path="" docBase="/home/.sites/143/site40/web" debug="0"/> <!-- user web contexts --> </Host> ... but this looks correct to me too. We even tried to give my site all permissions: grant codeBase "file:/home/.sites/143/site40/web/-" { permission java.security.AllPermission; }; But that is ignored too. The testsuite is neither able to open a file nor just to read the length. We have the same problems when instancing a class which tries to dynamically instance another class. Like: myDriver = (Driver)Class.forName(DriverName).newInstance(); // This is a part of opening a connection to the mysql-db To get that straight: Everything runs fine without security manager - But who wants to run a root-tomcat without a security manager ;-) Could anyone give me a clue where we could look at? After one week of googling we're somehow out of ideas... thanks in advance, mfG, J.P.Jarolim, ADWERBA ------------------------------------------------------------- ADWERBA, Gesellschaft für Verkaufsförderung und Werbung A-5020 Salzburg - Schallmooser Hauptstraße 85 A Telefon: +43(0)662 643125, 643126 - Telefax: +43(0)662 643128 ISDN: +43(0)662 648058 - Email: [EMAIL PROTECTED] - ICQ 44284507 ------------------------------------------------------------- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>