Thanks, Michael. You're right, giving Wink all permissions solved the issue.
Regards, Verdi From: Michael Elman [mailto:[email protected]] Sent: Wednesday, July 27, 2011 7:09 PM To: [email protected] Subject: Re: Permission error when deploying on Tomcat with security manager My guess: you need to add java.io.FilePermission for your application in the conf/catalina.policy file. Actually I have never tried running Wink with security manager, but it uses a lot of code that may be rejected by the security manager (reflections, access to private methods, etc), so you better grant your application with java.security.AllPermission. On Wed, Jul 27, 2011 at 1:33 PM, March, Verdi <[email protected]<mailto:[email protected]>> wrote: Hi, I encountered a permission error when deploying my application on Tomcat 7 with security manager enabled. My application (TestWink.war) consists of only 1 REST resource (the TestResource.class) which is basically a hello world. The complete structure of TestWink.war is: META-INF/ MANIFEST.MF WEB-INF/ classes/ my/test/packages/TestResource.class lib/ activation-1.1.jar commons-lang-2.3.jar jaxb-api-2.2.jar jaxb-impl-2.2.1.1.jar jsr311-api-1.1.1.jar slf4j-api-1.6.1.jar slf4j-simple-1.6.1.jar stax-api-1.0-2.jar wink-1.1.3-incubating.jar wink-common-1.1.3-incubating.jar wink-server-1.1.3-incubating.jar resources web.xml The error I got (stack trace is at the end of this message) is about permission error on META-INF/wink-default.properties. I'm a bit puzzled about the error. The offending file is part of wink-1.1.3-incubating.jar which Tomcat deploys under TestWink's servlet context (i.e., ${tomcat.home}/webaps/TestWink). And as I understand, Tomcat's security policy should enable TestResource to access any thing under this servlet context (CMIIW). Another thing I notice from observing the log, when debug is on for the Java security manager, is that META-INF/wink-default.properties is the only file accessed with its relative path. All the other files are accessed using their full path. I'm not sure if this points out anything. Any insight on what's happening? ===== Stack trace ==================== Jul 27, 2011 4:58:35 PM org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive TestWink.war 18 ["http-bio-8080"-exec-12] ERROR org.apache.wink.server.internal.servlet.RestServlet - access denied (java.io.FilePermission META-INF/wink-default.properties read) java.security.AccessControlException: access denied (java.io.FilePermission META-INF/wink-default.properties read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at java.io.File.isFile(File.java:793) at org.apache.wink.common.internal.utils.FileLoader.loadFileAsStream(FileLoader.java:87) at org.apache.wink.server.internal.utils.ServletFileLoader.loadFileAsStream(ServletFileLoader.java:52) at org.apache.wink.server.internal.servlet.RestServlet.loadProperties(RestServlet.java:295) at org.apache.wink.server.internal.servlet.RestServlet.getProperties(RestServlet.java:190) at org.apache.wink.server.internal.servlet.RestServlet.getDeploymentConfiguration(RestServlet.java:178) at org.apache.wink.server.internal.servlet.RestServlet.createRequestProcessor(RestServlet.java:124) at org.apache.wink.server.internal.servlet.RestServlet.init(RestServlet.java:94) at javax.servlet.GenericServlet.init(GenericServlet.java:160) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:119) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1195) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1114) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:824) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:135) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:301) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:162) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:140) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) at java.lang.Thread.run(Thread.java:679) Regards, Verdi
