On 24/09/2009 14:11, Alan wrote:
Hallelujah!
I finally figured out what's going on with tomcat 5.5.26 when running
webapps in security mode.
In Ubuntu 9.04, with just the addition of 'permission
java.lang.RuntimePermission "setContextClassLoader";' in
catalina.policy solved the problem. This is happen because ubuntu has
its own way of starting the deamon and apparently they fixed some
problems that in tomcat 5.5.26 official distribution is not.
Really? Could you let us know what?
p
Since Fink also use the official distribution, I found out that I need
to tweak catalina.policy a bit further there. See the patch:
--- catalina.policy 2009-09-24 13:51:41.000000000 +0100
+++ /Users/alan/SCRIPTS/catalina.policy 2009-09-24 13:50:24.000000000 +0100
@@ -66,7 +66,7 @@
};
// These permissions apply to the commons-logging API
-grant codeBase "file:${catalina.home}/bin/commons-logging-api.jar" {
+grant codeBase "file:${catalina.home}/bin/commons-logging-api-1.1.1.jar" {
permission java.security.AllPermission;
};
@@ -82,6 +82,7 @@
// These permissions apply to JULI
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+ permission java.lang.RuntimePermission "setContextClassLoader";
permission java.util.PropertyPermission
"java.util.logging.config.class", "read";
permission java.util.PropertyPermission
"java.util.logging.config.file", "read";
permission java.lang.RuntimePermission "shutdownHooks";
@@ -95,6 +96,8 @@
// Be sure that the logging configuration is secure before
enabling such access
// eg for the examples web application:
// permission java.io.FilePermission
"${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
"read";
+ permission java.io.FilePermission
"${catalina.base}${file.separator}webapps${file.separator}jsp-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
"read";
+ permission java.io.FilePermission
"${catalina.base}${file.separator}webapps${file.separator}servlets-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
"read";
};
// These permissions apply to the servlet API classes
This basic solved my problems.
Alan
On Wed, Sep 23, 2009 at 22:58, Alan<alanwil...@gmail.com> wrote:
Many thanks dear Mark.
It's late here too but I finally, with your diligent and precious
help, I could figure out what's going on here and even manage to have
tomcat with security working for tomcat6.0.20 and tomcat5.5.28 (but
not for tomcat5.5.26, last version available for Mac via Fink).
Thank you very much.
Alan
On Wed, Sep 23, 2009 at 21:42, Mark Thomas<ma...@apache.org> wrote:
Mark Thomas wrote:
Mark Thomas wrote:
Alan wrote:
Thanks Mark, let's deal by parts:
OK. I've reproduced it. It is happening with 1.6.0_14 and 1.6.0_16 JVMs
but not a 1.6.0_00 JVM.
The latest 1.5 JVM seems OK too.
Time to check the release notes. I'll hopefully have a workaround (other
than using Java 1.5) shortly.
Still not clear why it is required for later JVM versions
<snip/>
It is late and I have been in front my PC for too long today. This has
already been fixed (by me!) in trunk and proposed for 6.0.x and 5.5.x.
It looks the implementation of LogManager (ClassLoaderLogManager extends
LogManager) has changed - hence the need for the new permission.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
