Java Security with Jakarta-Tomcat
Tristan Austin
can't perform any vital functions on the web server (we need to allow
this functionality). I've managed to get tomcat running with my security
policies but they don't seem to apply to the servlets that are generated
from the jsp.
In my policy I've specified that code from under the tomcat directory
can have all permissions but I get access exceptions when tomcat tries
to load the servlet classes from the work directory.
Any ideas?
The stack trace it outputs in the browser is below:
java.security.AccessControlException: access denied
(java.io.FilePermission
/usr/local/jakarta-tomcat/work/localhost_8080/_0002fcss_0002fcss_0002dnav_0002ddisable_0002ejspcss_0002dnav_0002ddisable.class
read)
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.(Compiled Code)
at java.lang.Exception.(Compiled Code)
at java.lang.RuntimeException.(RuntimeException.java:47)
at java.lang.SecurityException.(SecurityException.java:39)
at
java.security.AccessControlException.(AccessControlException.java:57)
at java.security.AccessControlContext.checkPermission(Compiled
Code)
at java.security.AccessController.checkPermission(Compiled Code)
at java.lang.SecurityManager.checkPermission(Compiled Code)
at java.lang.SecurityManager.checkRead(Compiled Code)
at java.io.File.exists(Compiled Code)
at
org.apache.jasper.compiler.JspCompiler.computeClassFileData(JspCompiler.java:300)
at org.apache.jasper.compiler.JspCompiler.(JspCompiler.java:97)
at
org.apache.jasper.JspEngineContext.createCompiler(JspEngineContext.java:312)
at
org.apache.jasper.runtime.JspServlet.loadJSP(JspServlet.java:410)
at
org.apache.jasper.runtime.JspServlet$JspServletWrapper.loadIfNecessary(JspServlet.java:149)
at
org.apache.jasper.runtime.JspServlet$JspServletWrapper.service(JspServlet.java:161)
at
org.apache.jasper.runtime.JspServlet.serviceJspFile(JspServlet.java:261)
at org.apache.jasper.runtime.JspServlet.service(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at org.apache.tomcat.core.ServletWrapper.handleRequest(Compiled
Code)
at
org.apache.tomcat.core.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:163)
at
org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:357)
at
css._0002fcss_0002fcss_0002dnav_0002ejspcss_0002dnav_jsp_15._jspService(_0002fcss_0002fcss_0002dnav_0002ejspcss_0002dnav_jsp_15.java:123)
at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:126)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at
org.apache.jasper.runtime.JspServlet$JspServletWrapper.service(JspServlet.java:174)
at
org.apache.jasper.runtime.JspServlet.serviceJspFile(JspServlet.java:261)
at org.apache.jasper.runtime.JspServlet.service(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at org.apache.tomcat.core.ServletWrapper.handleRequest(Compiled
Code)
at
org.apache.tomcat.core.ContextManager.service(ContextManager.java:559)
at
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:156)
at
org.apache.tomcat.service.TcpConnectionThread.run(SimpleTcpEndpoint.java:338)
at java.lang.Thread.run(Thread.java:479)
--
Tristan Austin.
------------------------------------------
Software Engineer
Authentic8 Pty Ltd
Phone: +61 3 9843 8811
http://www.authentic8.com
tristan...@authentic8.com