Re: DO NOT REPLY [Bug 13907] - security manager does not give readpermission on a context by default

Fri, 25 Oct 2002 06:42:30 -0700 

The ProtectionDomain shows that Jasper2 is creating a read FilePermission for the scratch
(work) dir.  But you are correct, there is no read FilePermission listed for the context
directory.

The same block of code in org.apache.jasper.compiler.JspRuntimeContext which  creates the
scratch (work) dir read FilePermissionalso creates the context dir read FilePermission.
In cases where the context is running from a war file there will be no context directory
so the below getRealPath("/") would return null. When there is no context directory the read
FilePermission is granted to the scratch directory.

I suspect that for some reason the Context does not have a context directory.  Add
String docBase = context.getRealPath("/"); to your test jsp and see if it returns null.
Also try setting the debug attributes in your server.xml to 9 and capture the debug output.

                // Get the permissions for the web app context
                String docBase = context.getRealPath("/");
                if( docBase == null ) {
                    docBase = options.getScratchDir().toString();
                }
                if (!docBase.endsWith(File.separator)){
                    docBase = docBase + File.separator;
                }


Regards,

Glenn

Aditya wrote:

On Thu, 24 Oct 2002 22:59:59 -0500, Glenn Nielsen <[EMAIL PROTECTED]> said:
Gettting the latest version from CVS won't fix your problem. I still
think the problem is somewhere in your configuration.

I've installed the 4.1.12 tarball from the website and am running it
without modification other than adding the test jsp to
webapps/examples/jsp/test.jsp

I've now tried it under:

Solaris/JDK1.4 with 4.1.12-LE FreeBSD/JDK1.3.1 with 4.1.12
Debian/JDK1.3.1 with 4.1.12

with the same result.


You might try posting the SecurityManager debug output when the
FilePermission read is denied.  Including the stack trace and the
ProtectionDomain which failed.


Okay, here goes -- as I mentioned before, I see this as the exception:

org.apache.jasper.JasperException: access denied (java.io.FilePermission /usr/local/tomcat/webapps/examples/test2.new read)

and with the following CATALINA_OPTS=-Djava.security.debug=access,failure I get this in logs/catalina.out:

access: access denied (java.io.FilePermission /usr/local/tomcat/webapps/examples/test2.new read)
java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1071)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:259)
        at java.security.AccessController.checkPermission(AccessController.java:401)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:887)
        at java.io.File.exists(File.java:677)
        at org.apache.jsp.test_jsp._jspService(test_jsp.java:53)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:204)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:98)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:471)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:256)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:361)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:563)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:535)
        at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:638)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
        at java.lang.Thread.run(Thread.java:536)
access: access allowed (java.util.PropertyPermission java.security.debug read)
access: domain that failed ProtectionDomain  (file:/usr/local/tomcat/webapps/examples/ <no certificates>)
 null
 <no principals>
 java.security.Permissions@17aece8 (
 (java.io.FilePermission /usr/local/tomcat/work/Standalone/localhost/examples/- read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.vm.name read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission os.name read)
 (java.util.PropertyPermission jaxp.debug read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission javax.sql.* read)
 (java.util.PropertyPermission java.naming.* read)
 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.home read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.specification.name read)
 (java.util.PropertyPermission java.vm.specification.name read)
 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission os.arch read)
 (java.lang.RuntimePermission accessClassInPackage.sun.beans.*)
 (java.lang.RuntimePermission accessClassInPackage.sun.beans)
 (java.lang.RuntimePermission getAttribute)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.util.*)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime.*)
 (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.util)
)

Hope that helps?

Thanks,
Adi

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>




--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>

Reply via email to