[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Problem with tomcat4 using java security manager

Hi!
I've installed the tomcat4 package on my Debian sid box, and I have a problem: tomcat won't start unless I edit /etc/init.d/tomcat4 and change the line 

TOMCAT4_SECURITY=yes

to

TOMCAT4_SECURITY=no
When I try to start with the security manager on, in /var/log/tomcat4/catalina.out I see this line:
Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission catalina.base read)
I figured out that I could add this line in /etc/tomcat4/policy.d/04webapps.policy (inside the 
grant { } block):

permission java.util.PropertyPermission "catalina.base", "read";
... but that only got me as far as the next security exception. I ended up adding all these lines: 

 permission java.util.PropertyPermission "catalina.base", "read";
 permission java.util.PropertyPermission "user.dir", "read";
 permission java.util.PropertyPermission "catalina.home", "read";
permission java.io.FilePermission "/usr/share/tomcat4/common/classes", "read"; permission java.io.FilePermission "/usr/share/tomcat4/common/endorsed", "read"; 
 permission java.io.FilePermission "/usr/share/tomcat4/common/lib", "read";
 permission java.lang.RuntimePermission "createClassLoader";
permission java.io.FilePermission "/usr/share/java/commons-collections-2.1.jar", "read"; permission java.io.FilePermission "/usr/share/java/commons-fileupload-1.0.jar", "read"; permission java.io.FilePermission "/usr/share/java/servlet-2.3.jar", "read";
...and still not fixing the problem, when I realized that approach was not very useful.
I don't see any bugs about this, so I guess this must be something unique to my configuration.
My java install is from the j2sdk-1.4.1-01-linux-i586-gcc3.2.bin file from a Blackdown mirror, installed as described in section 11.1.2 of the Debian Java FAQ, and built and installed the dummy packages as described in section 11.2 so the dependencies would be resolved. 

I must be missing something.
Something that strikes me as really odd is that there is only the file 04webapps.policy in the directory /etc/tomcat4/policy.d. Am I missing another policy file that's supposed to go in that directory? 

Any help would be most appreciated.
--
forrest@abstractfactory.org
Reply to: