Problems with Java Security Manager

Jonathan O'Donovan Wed, 07 May 2008 09:21:42 -0700

Hi All,

Can someone check my reasoning here? I am having difficulty with the Java 
Security Manager. I am encountering the following 2 exceptions with some of my 
servlets :


I am running : 
 
Tomcat 4.1
Apache/1.3.33 (Win32) 
mod_jk/1.2.8 
JRE Version 1.4.2_03

I have enabled security manager logging using the following Java option (I've 
set this in the configuration dialogue box for Tomcat as I'm running Tomcat as 
a service on NT)

set CATALINA_OPTS=-Djava.security.debug=access,failure



Exception #1 (generated when using RMI): 

access: access allowed (java.util.PropertyPermission java.rmi.server.hostname 
read)
access: access allowed (java.util.PropertyPermission 
sun.rmi.transport.connectionTimeout read)
access: access allowed (java.util.PropertyPermission 
sun.rmi.transport.tcp.handshakeTimeout read)
access: access allowed (java.util.PropertyPermission 
sun.rmi.transport.tcp.responseTimeout read)
access: access allowed (java.io.FilePermission 
C:\Tomcat41\server\lib\tomcat-util.jar read)
access: access allowed (java.io.FilePermission 
C:\Tomcat41\server\lib\tomcat-util.jar read)
access: access allowed (java.io.FilePermission 
C:\Tomcat41\server\lib\tomcat-util.jar read)
access: access allowed (java.util.PropertyPermission socksProxyHost read)
access: access denied (java.net.SocketPermission XX.XX.XX resolve)


Exception #2 : 

java.security.AccessControlException: access denied 
(java.util.PropertyPermission catalina.base read)




I presume that the above 2 exceptions are generated by the Java Security 
Manager. I have tried the following in my 
catalina.policy file

grant codeBase "file:${catalina.home}/webapps/mywebapp/-" {
  permission java.security.AllPermission;
};

but it makes no difference.


Also, I am wondering why catalina.base should have a problem reading files (I 
am running Tomcat as Administrator)

These problems are happening in the test environment, but on the live system 
there are no such exceptions being generated. I can't figure out why this 
should be the case as the java.policy and catalina.policy files in the 
Catalina.home/conf directory are identical for both live and test environments.

Does anybody know how to disable the Security Manager for Tomcat when running 
as a service in NT or is it disabled by default?


Many thanks in advance,
Jonathan O'Donovan

Problems with Java Security Manager

Reply via email to