Re: Grant access to files out of webapp context using SecurityManager

Thu, 19 Nov 2009 13:12:38 -0800 

On 19/11/2009 20:38, g f wrote:

I recently activated SecurityManager and had no previous issues with this.
Yes they do have permissions on that directory.
I am getting many errors regarding this here is a snippet of the stack:
SEVERE: StandardWrapper.Throwable
java.security.AccessControlException: access denied
(java.io.FilePermission /files/images read)
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkRead(Unknown Source)
        at java.io.File.exists(Unknown Source)
.....
.....
Does my syntax look correct?

I did also try the following:
grant codeBase "file:/files/images/-" {
         permission java.security.AllPermission;
};


(That won't work.)

Try specifying the FilePermission like this:

  permission java.io.FilePermission "/files/images", "read"

p


On Thu, Nov 19, 2009 at 2:03 PM, Pid<p...@pidster.com>  wrote:

On 19/11/2009 18:13, g f wrote:


Hello all,
I have a webapp in the following location:

/apps/tomcat/webapps/mywebapp

I have files located at:

/files/images

They are on different partitions.

I need to grant mywebapp read,write,execute permissions to these images.

I am attempting to configure SecurityManager to allow this but am
having some difficulties.

here is a snippet of catalina.policy


    grant codeBase "file:${catalina.home}/webapps/mywebapp/WEB-INF/-" {
         permission java.security.AllPermission;
         permission java.io.FilePermission "/files/images/-",
"read,write,execute";
    };

also tried this:

    grant codeBase "file:${catalina.home}/webapps/mywebapp/WEB-INF/-" {
         permission java.security.AllPermission;
         permission java.io.FilePermission "file://files/images/-",
"read,write,execute";
    };

Am I correct in assuming that the additional FilePermission access
goes within the webapps grant statement?
Any ideas are appreciated.
Thanks in Advance.
G


First: does the user that is running Tomcat have the appropriate access
rights to manipulate files in the directory?

Second: what 'trouble' are you haveing?


p



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to