> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Trouble with SecurityManager: can't load
> org.apache.commons.logging.impl.Log4JLogger
>
> With no CATALINA_BASE/conf/catalina.policy file, I get this error:
>
> Caused by: java.security.AccessControlException: access denied
Expected.
> If I copy the stock catalina.policy file from CATALINA_HOME/conf to
> CATALINA_BASE/conf, I get further (see below). Would it be possible to
> have catalina.sh detect the location of catalina.policy from
> CATALINA_BASE (preferred) or CATALINA_HOME (fallback)?
Well, the way it's working is what's documented in RUNNING.txt:
"When you use $CATALINA_BASE, Tomcat will calculate all relative references for
files in the following directories based on the value of $CATALINA_BASE instead
of $CATALINA_HOME:
"* conf - Server configuration files (including server.xml)"
I'd be somewhat reluctant to see that behavior changed at this stage of the
game. I'd prefer to have an additional environment variable that allows
specifying where the policy file is rather than requiring it to be in
$CATALINA_BASE/conf/catalina.policy.
You could set -Djava.security.manager and -Djava.security.policy=<myFile> in
CATALINA_OPTS and *not* use the -security option.
> In the InitListener.java class, I basically just try to create a log4j
> logger like this:
>
> Logger.getLogger(className)
>
> In both of these situations, Tomcat ought to be able to load the
> classes required.
It may be that the real exception is getting eaten somewhere (possibly inside
the JRE), and all you're left with is something a bit too generic to describe
the actual problem. Perhaps either the static initializer or a constructor is
failing due to read access being inhibited.
Might want to try adding something like this to the catalina.policy file:
grant codeBase "file:${catalina.base}/webapps/[appName]/WEB-INF/lib/-" {
permission java.io.FilePermission
"${catalina.base}/webapps/[appName]/WEB-INF/classes/logging.properties", "read";
};
(Grasping at straws, again.)
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
