On 26/03/2012 10:32, Witoslaw Koczewski wrote: > Hello, > > for our Kunagi Java web application we have a signed kunagi.jar file which > contains our classes together with classes from embedded Tomcat 6. This runs > perfectly when calling java -jar kunagi.jar. > > But when starting it with Java WebStart, I get an exception while embedded > Tomcat is starting: > > java.security.AccessControlException: access denied > (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.deploy) > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:393) > at java.security.AccessController.checkPermission(AccessController.java:553) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1529) > at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:291) > at java.lang.ClassLoader.loadClass(ClassLoader.java:266) > at > net.sourceforge.jnlp.runtime.JNLPClassLoader.loadClass(JNLPClassLoader.java:1018) > at java.lang.Class.getDeclaredMethods0(Native Method) > at java.lang.Class.privateGetDeclaredMethods(Class.java:2444) > at java.lang.Class.getMethod0(Class.java:2687) > at java.lang.Class.getMethod(Class.java:1620) > at org.apache.catalina.startup.SetPublicIdRule.begin(WebRuleSet.java:639) > at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1276) > ... 33 more > > Of course kunagi.jar is signed, otherwise it wouldn't even start. It seams > Java WebStart enables Java Security globally, which somehow embedded Tomcat > "inherits" and fails to initialize. > > Is there a way to disable security checks for Tomcat inside of Java WebStart? > Or how can I configure embedded Tomcat to permit access to > org.apache.catalina...?
There's a file called catalina.policy in tomcat/conf, which has some rules in it. You'll need compare those rules to the ones implemented in the client's policy file to work out what you need to add. > I have already posted this problem on StackOverflow, where someone said, this > could be a Tomcat bug: stackoverflow.com/questions... Really. URL please? p > Best regards, > Witek > > --- > http://koczewski.de > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
