Re: problem in using SecurityManager with tomcat

Tue, 30 Jan 2001 05:56:15 -0800 

Look at tomcat.sh, the shell arg "-security" needs to be shifted out so it isn't
passed on as an option just before java org.apache.tomcat.startup.Tomcat is started.

BTW, this is fixed for the next Tomcat 3.2.x release.

Regards,

Glenn

Gauri Sukhatankar wrote:
> 
> Hi,
> 
> I am having problems in using the SecurityManager with tomcat 3.2.1.
> There seems to be a bug or documention mismatch.
> Please let me know if you have any ideas on fixing this:
> 
> I am using Tomcat 3.2.1 to run a servlet that acts as an RMI client.
> Based on the documentation
> (http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/uguide/tomcat-security-
> unix.html) I have done the following to allow for listen, accept, resolve socket
> security permissions through my web application:
> 
> 1. Edited server.xml to use Policy:
> <ContextInterceptor className="org.apache.tomcat.context.PolicyInterceptor" />
> 
> 2. Edited tomcat.policy
> 
> 3. Started tomcat with the "-security" option.
>    >> tomcat.sh start -security
> 
> 
> Although the script "tomcat.sh" accepts the "-security" option, the class:
> org.apache.tomcat.startup.Tomcat
> exits with a Usage error :
> 
> Usage: java org.apache.tomcat.startup.Tomcat {options}
>   Options are:
>     -config file (or -f file)  Use this file instead of server.xml
>     -help (or help)            Show this usage report
>     -home dir (or -h dir)      Use this directory as tomcat.home
>     -stop
> 
> On the other hand, if i don't use policy I get an  access control exception with
> this stack trace:
> 
> java.security.AccessControlException: access denied (java.net.SocketPermission
> 172.20.71.30:1099 connect,resolve)
>         at java.lang.Throwable.fillInStackTrace(Native Method)
>         at java.lang.Throwable.fillInStackTrace(Compiled Code)
>         at java.lang.Throwable.<init>(Compiled Code)
>         at java.lang.Exception.<init>(Compiled Code)
>         at java.lang.RuntimeException.<init>(RuntimeException.java:47)
>         at java.lang.SecurityException.<init>(SecurityException.java:39)
>         at
> java.security.AccessControlException.<init>(AccessControlException.java:57)
>         at java.security.AccessControlContext.checkPermission(Compiled Code)
>         at java.security.AccessController.checkPermission(Compiled Code)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>         at java.lang.SecurityManager.checkConnect(SecurityManager.java:1021)
>         at java.net.Socket.<init>(Socket.java:258)
>         at java.net.Socket.<init>(Socket.java:98)
>         at
> sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFacto
> ry.java:29)
>         at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Compiled
> Code)
>         at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:497)
>         at
> sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:194)
>         at sun.rmi.transport.tcp.TCPChannel.newConnection(Compiled Code)
>         at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)
>         at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
>         at java.rmi.Naming.lookup(Naming.java:89)
>         at RMIServlet.connectToServer(RMIServlet.java:72)
>         at RMIServlet.init(RMIServlet.java:21)
>         at org.apache.tomcat.core.ServletWrapper.doInit(ServletWrapper.java:317)
>         at org.apache.tomcat.core.Handler.init(Handler.java:215)
>         at org.apache.tomcat.core.ServletWrapper.init(ServletWrapper.java:296)
>         at org.apache.tomcat.core.Handler.service(Handler.java:254)
>         at
> org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
>         at
> org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797)
>         at
> org.apache.tomcat.core.ContextManager.service(ContextManager.java:743)
>         at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConne
> ctionHandler.java:210)
>         at org.apache.tomcat.service.TcpWorkerThread.runIt(Compiled Code)
>         at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(Compiled Code)
>         at java.lang.Thread.run(Thread.java:479)
> 
> Thanks in advance,
> 
> Gauri Sukhatankar
> Sun Microsystems, Inc.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]

-- 
----------------------------------------------------------------------
Glenn Nielsen             [EMAIL PROTECTED] | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Reply via email to