> I test Jease with tomcat security but my Jease Site and Cms not work!
> My Guess was about db4o directory so i add grant access to catalina.policy
> file but still not work!
> what is the main problem?
there might be several issues with Tomcat default security policies
which comes to my mind:
- File access (outside of webapp)
- Reflection
- Access to Java-Compiler
- ...
I've only a litte experience with Tomcat security, so please note that
I'm not a big expert in this area...
To debug this I would recommend to start Tomcat the following way:
export CATALINA_OPTS="-Djava.security.debug=access,failure"
bin/catalina.sh run -security 2>security.log
Now you can acess the "security.log" and see where security violations
are thrown... the first one I encountered was:
access: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1223)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:383)
at java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:125)
at jfix.util.Reflections.init(Reflections.java:212)
at jease.Names.<clinit>(Names.java:24)
at jease.cmf.web.servlet.JeaseServletListener.contextInitialized(JeaseServletListener.java:33)
So this one is about using Reflection to initialize the
jease.Names-class. But I'm sure there are more to come.
If you get to a working catalina.policy, please let us know and post it.
Cheers, Maik
Hi,
there might be several issues with Tomcat default security policies
> I test Jease with tomcat security but my Jease Site and Cms not work!
> My Guess was about db4o directory so i add grant access to catalina.policy
> file but still not work!
> what is the main problem?
which comes to my mind:
- File access (outside of webapp)
- Reflection
- Access to Java-Compiler
- ...
I've only a litte experience with Tomcat security, so please note that
I'm not a big expert in this area...
To debug this I would recommend to start Tomcat the following way:
export CATALINA_OPTS="-Djava.security.debug=access,failure"
bin/catalina.sh run -security 2>security.log
Now you can acess the "security.log" and see where security violations
are thrown... the first one I encountered was:
access: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1223)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:383)
at java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:125)
at jfix.util.Reflections.init(Reflections.java:212)
at jease.Names.<clinit>(Names.java:24)
at jease.cmf.web.servlet.JeaseServletListener.contextInitialized(JeaseServletListener.java:33)
So this one is about using Reflection to initialize the
jease.Names-class. But I'm sure there are more to come.
If you get to a working catalina.policy, please let us know and post it.
Cheers, Maik