Hi!
I've been working on this since beginnig last week together with a friend
and can't find a clue:
My friend owns a sun cobalt with linux, apache and tomcat.
The system seems to be ready to use for providers - there is a config
utility
to add new user sites with a lot of options (like: user gets mysql, pop3,
tomcat, or whatever)
After creating a site with jsp, we deployed a jsp-testsuite which tests the
given infrastructure:
reading files, instancing classes, trying a db-query on mysql and so on
(Which works fine on
our local system). But every time we try to execute the testsuite we get one
of these SecurityExceptions:
java.security.AccessControlException: access denied (java.io.FilePermission
/home/.sites/143/site40/web/test.txt read)
(Test.txt is the file we want to read in the first part of our testsuite:
File permissions 777)
We looked into the tomcat docs how to setup the security manager correctly
and looked into the tomcat.policy file
in the {tomcat.home}/conf dir just to see that everything was set correctly
(for us) from the site management utility:
...
grant codeBase "file:/home/.sites/143/site40/web/-" {
permission SocketPermission "localhost:1024-", "listen,connect,resolve";
permission java.util.PropertyPermission "*", "read,write";
permission java.io.FilePermission "/home/.sites/143/site40/-",
"read,write,delete";
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
};
...
Tomcat seems to run secure with the right file (as seen under ps -Af) but
seems to ignore all grants for the user sites:
...
java -Djava.security.manager -Djava.security.policy==/usr/java/jakarta-tomca
t/conf/tomcat.policy -Dtomcat.home=/usr/java/jakarta-tomcat
org.apache.tomcat.startup.Tomcat
Some users on groups.google mentioned, that the codeBase should be the same
as the docBase in the server.xml:
...
<Host name="johannes.jarolim.com"> <!-- Site site40 -->
<Context path="" docBase="/home/.sites/143/site40/web" debug="0"/>
<!-- user web contexts -->
</Host>
...
but this looks correct to me too. We even tried to give my site all
permissions:
grant codeBase "file:/home/.sites/143/site40/web/-" {
permission java.security.AllPermission;
};
But that is ignored too. The testsuite is neither able to open a file nor
just to read the length.
We have the same problems when instancing a class which tries to dynamically
instance another class. Like:
myDriver = (Driver)Class.forName(DriverName).newInstance(); // This is a
part of opening a connection to the mysql-db
To get that straight: Everything runs fine without security manager - But
who wants to run a root-tomcat without a security manager ;-)
Could anyone give me a clue where we could look at? After one week of
googling we're somehow out of ideas...
thanks in advance,
mfG,
J.P.Jarolim, ADWERBA
-------------------------------------------------------------
ADWERBA, Gesellschaft für Verkaufsförderung und Werbung
A-5020 Salzburg - Schallmooser Hauptstraße 85 A
Telefon: +43(0)662 643125, 643126 - Telefax: +43(0)662 643128
ISDN: +43(0)662 648058 - Email: [EMAIL PROTECTED] - ICQ 44284507
-------------------------------------------------------------
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
