On 17 Sep 2007, at 18:16, Mark Thomas wrote:
Sam Halliday wrote:
Hmm, where should I expect to see the extra debugging output. It
isn't
in any of the log files.
Should be on standard out.
Aah! That's why I wasn't seeing it. There is a pretty bad bug in
Ubuntu which puts the output into a pipe which is never read. The
standard workaround to allow tomcat to start up is to pipe it into /
dev/null (unbelievable! and it's been like this since the year
began)... report is here https://bugs.launchpad.net/ubuntu/+source/
tomcat5.5/+bug/97096
Anyway that's not all that important. I was able to redirect it to a
file and have obtained the output. Again, it's quite clear that the
permissions are not being set for my jar file
access: domain that failed ProtectionDomain (file:/var/lib/tomcat5.5/
webapps/scanner/WEB-INF/lib/scanner.jar <no signer certificates>)
despite the fact that the security policy is
grant codeBase "jar:file:${catalina.home}/webapps/scanner/WEB-INF/lib/
scanner.jar!/-" {
permission java.io.FilePermission "/bin/sh", "execute";
permission java.io.FilePermission "/tmp/thinktank-scanner.bmp",
"read,delete";
};
I've even tried it with "file:${catalina.home}/webapps/scanner/WEB-
INF/lib/scanner.jar" and with the explicit path "file:/var/lib/
tomcat5.5/webapps/scanner/WEB-INF/lib/scanner.jar", but no success..
(remember, these permissions are correct... it works when I remove
the explicit codeBase piece). I'd be greatly obliged if somebody
could please see if my syntax for specifying a jar file is correct.
log output follows:
access: access denied (java.io.FilePermission /bin/sh execute)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1206)
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:313)
at java.security.AccessController.checkPermission
(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkExec(SecurityManager.java:779)
at java.lang.ProcessBuilder.start(ProcessBuilder.java:447)
at thinktank.scanner.server.ScanImage.scan(ScanImage.java:116)
at thinktank.scanner.server.ScannerSetupImpl.setScannerSettings
(ScannerSetupImpl.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse
(RPC.java:528)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall
(RemoteServiceServlet.java:265)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.doPost
(RemoteServiceServlet.java:187)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:
243)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute
(SecurityUtil.java:275)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege
(SecurityUtil.java:161)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:245)
at org.apache.catalina.core.ApplicationFilterChain.access$0
(ApplicationFilterChain.java:177)
at org.apache.catalina.core.ApplicationFilterChain$1.run
(ApplicationFilterChain.java:156)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:152)
at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol
$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket
(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt
(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:619)
access: access allowed (java.security.SecurityPermission getPolicy)
access: access allowed (java.io.FilePermission /var/lib/tomcat5.5/
webapps/scanner/WEB-INF/lib/scanner.jar read)
access: domain that failed ProtectionDomain (file:/var/lib/tomcat5.5/
webapps/scanner/WEB-INF/lib/scanner.jar <no signer certificates>)
WebappClassLoader
delegate: false
repositories:
----------> Parent Classloader:
[EMAIL PROTECTED]
<no principals>
[EMAIL PROTECTED] (
(org.apache.naming.JndiPermission jndi:/localhost/scanner/WEB-INF/
lib/*)
(org.apache.naming.JndiPermission jndi:/localhost/scanner/*)
(java.lang.RuntimePermission
accessClassInPackage.org.apache.jasper.runtime.*)
(java.lang.RuntimePermission stopThread)
(java.lang.RuntimePermission
accessClassInPackage.org.apache.jasper.runtime)
(java.lang.RuntimePermission getAttribute)
(java.net.SocketPermission localhost:1024- listen,resolve)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission javax.sql.* read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission java.home read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission jaxp.debug read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission java.naming.* read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.specification.vendor read)
(java.io.FilePermission /var/lib/tomcat5.5/webapps/scanner/WEB-INF/
lib/- read)
(java.io.FilePermission /var/lib/tomcat5.5/webapps/scanner/WEB-INF/
lib read)
(java.io.FilePermission /var/lib/tomcat5.5/webapps/scanner/- read)
(java.io.FilePermission /var/lib/tomcat5.5/webapps/scanner read)
(java.io.FilePermission /var/cache/tomcat5.5/Catalina/localhost/
scanner/- read,write,delete)
(java.io.FilePermission /var/cache/tomcat5.5/Catalina/localhost/
scanner read,write)
(java.io.FilePermission /var/lib/tomcat5.5/webapps/scanner/WEB-INF/
lib/scanner.jar read)
)
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
