> From: Fernando Oliveira [mailto:[email protected]]
> Sent: 04 March 2010 15:50
> To: [email protected]
> Cc: Fernando Oliveira (KiHS)
> Subject: Problems installing Wookie Server
>
> Hello,
>
> Would someone be able to help us with would Wookie server installation. We
> tried to install it on on our Debian Apache server but had no luck. Also
> tried turning off the Tomcat security policy but that had no effect. Any
> suggestions? Here's the error message:
>
> SEVERE: Exception sending context initialized event to listener instance of
> class org.apache.wookie.server.ContextListener
> java.security.AccessControlException: access denied
> (java.util.PropertyPermission user.dir read)
> at
I replicated your error on my Tomcat 6.0.24 install on WinXP by turning
on the security manager. If you turn off the security manager I don't think
it's possible to get this same error, because it's thrown by the security
manager who in that case is not there. If you're unsure how to do this it's
also possible to replace the contents of the policy file (in my install the
file conf/catalina.policy) with the grant all statement:
grant {
permission java.security.AllPermission;
};
This is not a recommended way of working for a production environment,
because it effectively means turning off security alltogether.
Another option is to properly configure the security policy which I tried
to do for Wookie. The sequence of permission errors I ran into is:
java.security.AccessControlException: access denied
(java.util.PropertyPermission user.dir read)
java.security.AccessControlException: access denied (java.io.FilePermission
C:\java\apache-tomcat-6.0.24\bin\local.widgetserver.properties read)
java.security.AccessControlException: access denied (java.net.SocketPermission
localhost resolve)
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
java.security.AccessControlException: access denied
(java.lang.RuntimePermission getProtectionDomain)
java.security.AccessControlException: access denied
(java.lang.reflect.ReflectPermission suppressAccessChecks)
Most of these are for Hibernate that needs to generate 'enhanced' classes
at runtime.
The fixes are the following:
grant {
permission java.util.PropertyPermission "*", "read,write";
};
grant {
permission java.io.FilePermission
"<<ALL FILES>>", "read, write";
};
grant {
permission java.net.SocketPermission "*", "resolve,connect";
};
grant {
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "getProtectionDomain";
};
grant {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
Note that some of these fixes are still not very strict, which means that if you
are really concerned to limit permissions as much as possible, you need to
define
stricter rules, but it's a start and got my Wookie up-and-running.
I hope it's usful.
Sander
> java.security.AccessControlContext.checkPermission(AccessControlContext.jav
> a:342)
> at
> java.security.AccessController.checkPermission(AccessController.java:553)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
> at java.lang.System.getProperty(System.java:669)
> at
> org.apache.wookie.server.ContextListener.contextInitialized(ContextListener
> .java:70)
> at
> org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java
> :3934)
> at
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4429)
> at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:
> 791)
> at
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
> at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase
> .java:145)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
> at
> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:630
> )
> at
> org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:55
> 6)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:491)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1206)
> at
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
> at
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppo
> rt.java:119)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> at org.apache.catalina.core.StandardService.start(StandardService.java:516)
> at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:583)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:5
> 7)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
> l.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:5
> 7)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
> l.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)
>
> in /var/log/tomcat6
>
> Thanks,
> Fernando
