Hi,
I encountered a permission error when deploying my application on
Tomcat 7 with security manager enabled.
My application (TestWink.war) consists of only 1 REST resource (the
TestResource.class) which is basically a hello world. The complete
structure of TestWink.war is:
META-INF/
MANIFEST.MF
WEB-INF/
classes/
my/test/packages/TestResource.class
lib/
activation-1.1.jar
commons-lang-2.3.jar
jaxb-api-2.2.jar
jaxb-impl-2.2.1.1.jar
jsr311-api-1.1.1.jar
slf4j-api-1.6.1.jar
slf4j-simple-1.6.1.jar
stax-api-1.0-2.jar
wink-1.1.3-incubating.jar
wink-common-1.1.3-incubating.jar
wink-server-1.1.3-incubating.jar
resources
web.xml
The error I got (stack trace is at the end of this message) is about
permission error on META-INF/wink-default.properties.
I'm a bit puzzled about the error. The offending file is part of
wink-1.1.3-incubating.jar which Tomcat deploys under TestWink's servlet
context (i.e., ${tomcat.home}/webaps/TestWink). And as I understand,
Tomcat's security policy should enable TestResource to access any
thing under this servlet context (CMIIW).
Another thing I notice from observing the log, when debug is on for
the Java security manager, is that META-INF/wink-default.properties
is the only file accessed with its relative path. All the other files
are accessed using their full path. I'm not sure if this points out
anything.
Any insight on what's happening?
===== Stack trace ====================
Jul 27, 2011 4:58:35 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive TestWink.war
18 ["http-bio-8080"-exec-12] ERROR
org.apache.wink.server.internal.servlet.RestServlet - access denied
(java.io.FilePermission META-INF/wink-default.properties read)
java.security.AccessControlException: access denied (java.io.FilePermission
META-INF/wink-default.properties read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:393)
at
java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at java.io.File.isFile(File.java:793)
at
org.apache.wink.common.internal.utils.FileLoader.loadFileAsStream(FileLoader.java:87)
at
org.apache.wink.server.internal.utils.ServletFileLoader.loadFileAsStream(ServletFileLoader.java:52)
at
org.apache.wink.server.internal.servlet.RestServlet.loadProperties(RestServlet.java:295)
at
org.apache.wink.server.internal.servlet.RestServlet.getProperties(RestServlet.java:190)
at
org.apache.wink.server.internal.servlet.RestServlet.getDeploymentConfiguration(RestServlet.java:178)
at
org.apache.wink.server.internal.servlet.RestServlet.createRequestProcessor(RestServlet.java:124)
at
org.apache.wink.server.internal.servlet.RestServlet.init(RestServlet.java:94)
at javax.servlet.GenericServlet.init(GenericServlet.java:160)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273)
at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:119)
at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1195)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1114)
at
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:824)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:135)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:301)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:162)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:140)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
Regards,
Verdi
