axis and tomcat security manager

Discussion in 'Java' started by none, Apr 18, 2006.

  1. none

    none Guest

    I'm trying to run a web service using tomcat with its security manager
    enabled. I have it running fine, except now i wish to add a call to an
    executable in the web service. Normally i would give the axis webapp
    read and execute permissions in the catalina.policy file to the
    executable in question. However this is not working correctly and still
    throwing a security exception.

    I have been running with the jvm arg -Djava.security.debug=access to
    give me some more information but its not being to helpful.

    If grant all permissions to every class then all is fine (as expected)
    for example
    grant{
    permission java.security.AllPermission;
    };

    the following statements do not work and throws the same security exception:
    grant codeBase
    "file:/usr/local/jakarta-tomcat-5.5.4/webapps/axis/WEB-INF/lib/axis.jar"{
    permission java.security.AllPermission;
    };

    grant codeBase "file:/usr/local/jakarta-tomcat-5.5.4/webapps/axis/-"{
    permission java.security.AllPermission;
    };
    and even
    grant codeBase "file:/-"{
    permission java.security.AllPermission;
    };



    Any help/ideas would great.

    Thanks in advance.

    Tim

    The thrown exception is shown below:

    java.security.AccessControlException: access denied
    (java.io.FilePermission /usr/bin/quota execute)
    at
    java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
    at
    java.security.AccessController.checkPermission(AccessController.java:427)
    at
    java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at java.lang.SecurityManager.checkExec(SecurityManager.java:779)
    at java.lang.ProcessBuilder.start(ProcessBuilder.java:447)
    at java.lang.Runtime.exec(Runtime.java:591)
    at java.lang.Runtime.exec(Runtime.java:429)
    at java.lang.Runtime.exec(Runtime.java:326)
    at Quota.getUsage(Quota.java:12) <!-- my class in axis webapp
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at
    org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
    at
    org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
    at
    org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
    at
    org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
    at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
    at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
    at
    org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453)
    at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
    at
    org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
    at
    org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:271)
    at
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
    at
    org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at
    org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50)
    at
    org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:140)
    at java.security.AccessController.doPrivileged(Native Method)
    at
    org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:136)
    at
    org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
    at
    org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
    at
    org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    at
    org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    at
    org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    at
    org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    at
    org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
    at
    org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:731)
    at
    org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
    at
    org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
    at
    org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    at java.lang.Thread.run(Thread.java:595)
     
    none, Apr 18, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ragazzo

    Tomcat Security Manager problem

    Ragazzo, Oct 9, 2003, in forum: Java
    Replies:
    0
    Views:
    339
    Ragazzo
    Oct 9, 2003
  2. Joe
    Replies:
    0
    Views:
    1,733
  3. Replies:
    0
    Views:
    1,000
  4. hocho888
    Replies:
    1
    Views:
    687
  5. asaguden
    Replies:
    0
    Views:
    331
    asaguden
    Feb 21, 2007
Loading...

Share This Page