Thanks!
It is because I am run my app in a Web Hosting that runs with SM enable.
--- Mensaje Original ---
Desde: "André Warnier" <a...@ice-sa.com>
Enviado: 9 de mayo de 2013 04:46
Para: "Tomcat Users List" <users@tomcat.apache.org>
Asunto: Re: Catalina.policy java.security.AllPermission
Alejandro Garcia wrote:
> Hi,
> I have a problem with the Catalina’s security manager.
>
> We are using Tomcat 6, with JDK 6 and JSF 2.1 with Spring, JPA and ICEFaces.
> My app works very well when I run my app with the security manager disable.
>
> The problem presents when I enable the security manager of Tomcat. My app
> fails when Tomcat start giving me the next log:
>
> INFO: Checking whether login URL '/security/login.jsf' is accessible with
> your configuration
> 8/05/2013 12:29:11 PM org.springframework.web.context.ContextLoader
> initWebApplicationContext
> INFO: Root WebApplicationContext: initialization completed in 1969 ms
> 8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start
> SEVERE: Error listenerStart
> 8/05/2013 12:29:11 PM org.apache.catalina.core.StandardContext start
> SEVERE: Falló en arranque del Contexto [/WebRed] debido a errores previos
> 8/05/2013 12:29:11 PM com.sun.faces.config.ConfigureListener contextDestroyed
> SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime
> java.lang.NullPointerException
> at
> com.sun.faces.config.ConfigureListener.getInitFacesContext(ConfigureListener.java:740)
> at
> com.sun.faces.config.ConfigureListener.contextDestroyed(ConfigureListener.java:300)
> at
> org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:4245)
> at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4886)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4750)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
> at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:124)
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:146)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:777)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
> at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:943)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:563)
> at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1399)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
> at
> com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
> at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:762)
> at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1500)
> at
> org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:252)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
> at
> org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:194)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:250)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
> at
> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
> at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> at java.lang.Thread.run(Thread.java:662)
>
> The app works very when I put this line in the Catalina.policy
>
> grant codeBase "file:${catalina.home}/webapps/WebRed/-" {
> permission java.security.AllPermission;
> };
>
> There was other errors because the permissions, but I have been add some and
> the lines are the next:
>
> grant codeBase "file:${catalina.home}/webapps/WebRed/-" {
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina";
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.manager";
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.manager.util";
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.apache.catalina.core";
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.springframework.web.context";
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.springframework.web.context.request";
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.springframework.web.filter";
> permission java.lang.RuntimePermission
> "accessClassInPackage.com.sun.faces.config";
> permission java.lang.RuntimePermission
> "accessClassInPackage.org.icefaces.util";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> permission org.apache.naming.JndiPermission "jndi://localhost/WebRed/*";
> permission java.io.FilePermission "/WebRed", "read";
> permission java.io.FilePermission "${catalina.home}/webapps/WebRed",
> "read,write";
> permission java.io.FilePermission "${catalina.home}/webapps/WebRed/-",
> "read,write,delete";
> permission java.util.PropertyPermission
> "org.apache.commons.logging.LogFactory.HashtableImpl", "read";
> permission java.util.PropertyPermission
> "org.springframework.web.context.request", "read";
> permission java.util.PropertyPermission "org.springframework.web.servlet",
> "read";
> permission java.util.PropertyPermission "org.springframework.web.context",
> "read";
> permission java.util.PropertyPermission "org.apache.catalina.manager.util",
> "read";
> permission java.util.PropertyPermission "org.apache.catalina.manager", "read";
> permission java.util.PropertyPermission "org.apache.catalina", "read";
> permission java.util.PropertyPermission "org.apache.catalina.core", "read";
> permission java.util.PropertyPermission "spring.security.strategy", "read";
> permission java.util.PropertyPermission "com.icesoft.faces.webapp", "read";
> permission java.util.PropertyPermission "com.sun.faces.config", "read";
> permission java.util.PropertyPermission "javax.faces.webapp", "read";
> permission java.util.PropertyPermission "catalina.base", "read";
> permission java.util.PropertyPermission "org.icefaces.util", "read";
> };
>
> But still the app not works and I do not know what other permissions it needs
> to run.
>
> As I mentioned I think it’s only permission that are requiered, because with
> “java.security.AllPermission;” works very well.
>
Maybe the first question should be : why do you want to run this with the
Security Manager ?
As far as I understand this, the SM only really helps, if otherwise unsecure
applications
can be deployed within your JVM. Is that the case, or do you know and control
all the
applications from the start ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
