Hello everyone. I'm currently working on upgrading our environment to Tomcat 6.0.14 from 5.0.27. This is run on Apache 1.3.33 with mod_jk 1.2.25 (which is being upgraded from jk2).
I'm able to get the basic sites working fine, however, there are a few applications that are still causing issues, and was hoping someone here could at least point me in the right direction on how to determine the exact cause of the issue. Running Tomcat with debug logging (java.security.debug=access,failure) enabled, I get the following output regarding the error. Now, based off this output, it sounds like the error is occurring when the taglib.tld file from the jspsql.jar file attempts to make a call to an external website. Also, this error only occurs when we have -security enabled on startup of Tomcat (which it needs to be for our environment). If anyone can offer some advice on what the cause and/or resolution of this may be, I would be most grateful. access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/classes/org/apache/xerces/util/XMLChar.class read) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read) access: access denied (java.io.FilePermission /web/tomcat/lib/jsp-api.jar read) java.lang.Exception: Stack trace at java.lang.Thread.dumpStack(Thread.java:1206) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:313) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkRead(SecurityManager.java:871) at java.util.zip.ZipFile.<init>(ZipFile.java:109) at java.util.jar.JarFile.<init>(JarFile.java:133) at java.util.jar.JarFile.<init>(JarFile.java:70) at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:72) at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:48) at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:53) at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:104) at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:132) at java.net.URL.openStream(URL.java:1009) at org.apache.xerces.impl.XMLEntityManager.startEntity(XMLEntityManager.java:740) at org.apache.xerces.impl.XMLEntityManager.startDTDEntity(XMLEntityManager.java:700) at org.apache.xerces.impl.XMLDTDScannerImpl.setInputSource(XMLDTDScannerImpl.java:258) at org.apache.xerces.impl.XMLDocumentScannerImpl$DTDDispatcher.dispatch(XMLDocumentScannerImpl.java:811) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:333) at org.apache.xerces.parsers.StandardParserConfiguration.parse(StandardParserConfiguration.java:525) at org.apache.xerces.parsers.StandardParserConfiguration.parse(StandardParserConfiguration.java:581) at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:147) at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1157) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562) at org.apache.catalina.startup.TldConfig.tldScanStream(TldConfig.java:518) at org.apache.catalina.startup.TldConfig.tldScanJar(TldConfig.java:476) at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:301) at org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4428) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4235) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825) at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:566) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) access: access allowed (java.security.SecurityPermission getPolicy) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read) access: domain that failed ProtectionDomain (file:/path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar <no signer certificates> ) WebappClassLoader delegate: false repositories: /WEB-INF/classes/ ----------> Parent Classloader: [EMAIL PROTECTED] <no principals> [EMAIL PROTECTED] ( (java.util.PropertyPermission java.vm.version read) (java.util.PropertyPermission java.vendor.url read) (java.util.PropertyPermission java.vm.name read) (java.util.PropertyPermission java.home read) (java.util.PropertyPermission org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER read) (java.util.PropertyPermission jaxp.debug read) (java.util.PropertyPermission java.version read) (java.util.PropertyPermission java.naming.* read) (java.util.PropertyPermission file.separator read) (java.util.PropertyPermission java.specification.vendor read) (java.util.PropertyPermission file.encoding read) (java.util.PropertyPermission line.separator read) (java.util.PropertyPermission java.vm.specification.version read) (java.util.PropertyPermission javax.sql.* read) (java.util.PropertyPermission java.vm.specification.vendor read) (java.util.PropertyPermission * read,write) (java.util.PropertyPermission os.name read) (java.util.PropertyPermission java.vm.vendor read) (java.util.PropertyPermission path.separator read) (java.util.PropertyPermission java.specification.name read) (java.util.PropertyPermission os.version read) (java.util.PropertyPermission os.arch read) (java.util.PropertyPermission java.class.version read) (java.util.PropertyPermission java.vendor read) (java.util.PropertyPermission java.vm.specification.name read) (java.util.PropertyPermission java.specification.version read) (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime.*) (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime) (java.lang.RuntimePermission getAttribute) (java.io.FilePermission /tmp/- read,write) (java.io.FilePermission /tmp/ read,write) (java.io.FilePermission /tmp/* read,write) (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/- read) (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib read) (java.io.FilePermission /path/to/home/dir/html/app_name/- read) (java.io.FilePermission /path/to/home/dir/html/app_name read) (java.io.FilePermission /web/tomcat/work/hosting/www.website.com/app_name/- read,write,delete) (java.io.FilePermission /web/tomcat/work/hosting/www.website.com/app_name read,write) (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/xercesImpl.jar read) (org.apache.naming.JndiPermission jndi:/www.website.com/app_name/WEB-INF/lib/*) (org.apache.naming.JndiPermission jndi:/www.website.com/app_name/*) (org.apache.naming.JndiPermission jndi:/www.website.com/app_name/WEB-INF/classes/*) (java.net.SocketPermission 5.6.7.8:3128 connect,resolve) (java.net.SocketPermission 1.2.3.4:3128 connect,resolve) (java.net.SocketPermission mail.server.com:25 connect,resolve) (java.net.SocketPermission *:3306 connect,resolve) ) access: access allowed (java.util.PropertyPermission line.separator read) access: access allowed (java.util.PropertyPermission line.separator read) Jan 3, 2008 5:10:33 PM org.apache.catalina.startup.TldConfig tldScanJar SEVERE: Exception processing TLD META-INF/taglib.tld in JAR at resource path /path/to/home/dir/html/app_name/WEB-INF/lib/jspsql.jar in context /app_name java.security.AccessControlException: access denied (java.io.FilePermission /web/tomcat/lib/jsp-api.jar read) at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1193) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562) at org.apache.catalina.startup.TldConfig.tldScanStream(TldConfig.java:518) at org.apache.catalina.startup.TldConfig.tldScanJar(TldConfig.java:476) at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:301) at org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4428) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4235) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825) at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:566) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/jstl.jar read) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/jstl.jar read) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/dom.jar read) access: access allowed (java.io.FilePermission /path/to/home/dir/html/app_name/WEB-INF/lib/dom.jar read) TIA, Dan.