Hi there,
I installed tomcat5 via Fink on Snow Leopard 10.6.1 kernel 64 bits:
amadeus[2249]:/sw/var/log/tomcat5% $CATALINA_HOME/bin/catalina.sh version
Using CATALINA_BASE: /sw/var/tomcat5
Using CATALINA_HOME: /sw/var/tomcat5
Using CATALINA_TMPDIR: /sw/var/tomcat5/temp
Using JRE_HOME: /Library/Java/Home
Server version: Apache Tomcat/5.5.26
Server built: Jan 28 2008 01:35:23
Server number: 5.5.26.0
OS Name: Mac OS X
OS Version: 10.6.1
Architecture: x86_64
JVM Version: 1.6.0_15-b03-219
JVM Vendor: Apple Inc.
Tomcat's webapps examples works fine now with security manager after
some tweaks in catalina.policy.
(added lines shown below)
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.lang.RuntimePermission "setContextClassLoader";
[snip]
permission java.io.FilePermission
"${catalina.base}${file.separator}webapps${file.separator}jsp-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
"read";
permission java.io.FilePermission
"${catalina.base}${file.separator}webapps${file.separator}servlets-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
"read";
};
And tomcat webapps examples now works fine with tomcat 5.5.26 and Sun
Java 1.6.0_15-b03-219.
However, what I want is MY application working with security manager.
After some reading and lots (and lots) of try and error (catalina.out
log helps, but it could helps more...) I came to this set of policies
for my application:
grant {
//PiMS
permission java.util.PropertyPermission "*", "read,write";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper";
permission javax.management.MBeanPermission "*", "*";
permission javax.management.MBeanTrustPermission "register";
// permission java.util.PropertyPermission "cglib.debugLocation", "read";
permission java.net.SocketPermission "127.0.0.1:5432", "connect,resolve";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks","";
permission javax.management.MBeanServerPermission "createMBeanServer";
// permission java.util.PropertyPermission "net.sf.ehcache.*", "read";
// permission java.util.PropertyPermission "java.io.tmpdir", "read";
permission java.io.FilePermission "./conf/pims_log4j.properties", "read";
permission java.io.FilePermission "./conf/Hibernate.log.txt", "read, write";
permission java.io.FilePermission
"${catalina.base}${file.separator}webapps${file.separator}pims${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
"read";
};
It works now, but the problem is the line:
permission java.util.PropertyPermission "*", "read,write";
If I comment this line and uncomment the others, I got that in catalina.out:
[snip]
INFO: XML validation disabled
Read of system Properties blocked -- ignoring any configuration via
System properties, and using Empty Properties! (But any configuration
via a resource properties files is still okay!)
java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
[snip]
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Read of system Properties blocked -- ignoring any configuration via
System properties, and using Empty Properties! (But any configuration
via a resource properties files is still okay!)
java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
[snip]
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
16:00:40,027 INFO:MLog -MLog clients using log4j logging.
16:00:40,200 INFO:C3P0Registry -jdk1.5 management interfaces
unavailable... JMX support disabled.
java.security.AccessControlException: access denied
(javax.management.MBeanServerPermission createMBeanServer)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
[snip]
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
16:00:40,223 WARN:PoolConfig -Read of system Properties blocked --
ignoring any c3p0 configuration via System properties! (But any
configuration via a c3p0.properties file is still okay!)
java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
[snip]
Is not 'permission java.util.PropertyPermission "*", "read,write";'
too lax? If so, how then can I find out what
"java.security.AccessControlException: access denied
(java.util.PropertyPermission * read,write)" wants to tell me?
Obviously I am doing something wrong, but the fact I've been playing
with that for more than a week and I'm getting really tired, which is
likely weakening my sense of observation and reason and I am probably
skipping something obvious if not the whole thing at all.
Any help would be very very appreciated.
Many thanks in advance,
Alan
--
Alan Wilter Sousa da Silva, D.Sc.
PDBe group, PiMS project http://www.pims-lims.org/
EMBL - EBI, Wellcome Trust Genome Campus, Hinxton, Cambridge CB10 1SD, UK
+44 (0)1223 492 583 (office)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
