spring / log4j security permission

Discussion in 'Java' started by none, Oct 1, 2006.

  1. none

    none Guest

    Hi, i'm trying to solve a security permission issue when running a
    spring application in tomcat (v5.5.4) with the security manager turned
    on. I'm not sure if the root cause is log4j or spring, and i'm also
    confused why either would need such a permission.
    Any ideas/help would be great.

    I can solve the issue by with an addition to the policy as below for all
    files in my web context as its needed for .jars and .jsp files:

    permission java.lang.RuntimePermission "defineClassInPackage.java.lang";

    Below is part of my security log.

    Thanks,

    Tim

    access: access allowed (java.io.FilePermission
    /usr/local/jakarta-tomcat-5.5.4/common/classes/org/apache/log4j/LayoutBeanInfo.class
    read)
    access: access allowed (java.io.FilePermission
    /usr/local/jakarta-tomcat-5.5.4/server/classes/org/apache/log4j/LayoutBeanInfo.class
    read)
    access: access denied (java.lang.RuntimePermission
    defineClassInPackage.java.lang)
    java.lang.Exception: Stack trace
    at java.lang.Thread.dumpStack(Thread.java:1206)
    at
    java.security.AccessControlContext.checkPermission(AccessControlContext.java:313)
    at
    java.security.AccessController.checkPermission(AccessController.java:546)
    at
    java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at
    java.lang.SecurityManager.checkPackageDefinition(SecurityManager.java:1580)
    at
    org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:834)
    at
    org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1299)
    at
    org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1181)
    at java.beans.Introspector.instantiate(Introspector.java:1460)
    at
    java.beans.Introspector.findExplicitBeanInfo(Introspector.java:410)
    at java.beans.Introspector.<init>(Introspector.java:359)
    at java.beans.Introspector.getBeanInfo(Introspector.java:159)
    at java.beans.Introspector.getBeanInfo(Introspector.java:220)
    at java.beans.Introspector.<init>(Introspector.java:368)
    at java.beans.Introspector.getBeanInfo(Introspector.java:159)
    at java.beans.Introspector.getBeanInfo(Introspector.java:220)
    at java.beans.Introspector.<init>(Introspector.java:368)
    at java.beans.Introspector.getBeanInfo(Introspector.java:159)
    at
    org.apache.log4j.config.PropertySetter.introspect(PropertySetter.java:66)
    at
    org.apache.log4j.config.PropertySetter.getPropertyDescriptor(PropertySetter.java:234)
    at
    org.apache.log4j.config.PropertySetter.setProperty(PropertySetter.java:146)
    at
    org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:120)
    at
    org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:87)
    at
    org.apache.log4j.PropertyConfigurator.parseAppender(PropertyConfigurator.java:640)
    at
    org.apache.log4j.PropertyConfigurator.parseCategory(PropertyConfigurator.java:603)
    at
    org.apache.log4j.PropertyConfigurator.configureRootCategory(PropertyConfigurator.java:500)
    at
    org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:406)
    at
    org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:307)
    at
    org.apache.log4j.PropertyWatchdog.doOnChange(PropertyConfigurator.java:673)
    at
    org.apache.log4j.helpers.FileWatchdog.checkAndConfigure(FileWatchdog.java:80)
    at
    org.apache.log4j.helpers.FileWatchdog.<init>(FileWatchdog.java:49)
    at
    org.apache.log4j.PropertyWatchdog.<init>(PropertyConfigurator.java:665)
    at
    org.apache.log4j.PropertyConfigurator.configureAndWatch(PropertyConfigurator.java:373)
    at
    org.springframework.util.Log4jConfigurer.initLogging(Log4jConfigurer.java:64)
    at
    org.springframework.web.util.Log4jWebConfigurer.initLogging(Log4jWebConfigurer.java:97)
    at
    org.springframework.web.util.Log4jConfigListener.contextInitialized(Log4jConfigListener.java:44)
    at
    org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3631)
    at
    org.apache.catalina.core.StandardContext.start(StandardContext.java:4065)
    at
    org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:755)
    at
    org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
    at
    org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
    at java.security.AccessController.doPrivileged(Native Method)
    at
    org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:737)
    at
    org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
    at
    org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:590)
    at
    org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535)
    at
    org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470)
    at
    org.apache.catalina.startup.HostConfig.start(HostConfig.java:1079)
    at
    org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
    at
    org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
    at
    org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1011)
    at
    org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
    at
    org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1003)
    at
    org.apache.catalina.core.StandardEngine.start(StandardEngine.java:437)
    at
    org.apache.catalina.core.StandardService.start(StandardService.java:450)
    at
    org.apache.catalina.core.StandardServer.start(StandardServer.java:2010)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:589)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)
    access: access allowed (java.security.SecurityPermission getPolicy)
    access: access allowed (java.io.FilePermission
    /home/tim/temp/tempcontext/WEB-INF/lib/spring.jar read)
    access: domain that failed ProtectionDomain
    (file:/home/tim/temp/tempcontext/WEB-INF/lib/spring.jar <no signer
    certificates>)
    WebappClassLoader
    delegate: false
    repositories:
    /WEB-INF/classes/
    ----------> Parent Classloader:
    org.apache.catalina.loader.StandardClassLoader@145d068

    <no principals>
    java.security.Permissions@b8bef7 (
    (java.net.SocketPermission localhost:3306 connect,resolve)
    (java.net.SocketPermission *:25 connect,resolve)
    (java.net.SocketPermission *:80 connect,resolve)
    (java.net.SocketPermission localhost:3306 connect,resolve)
     
    none, Oct 1, 2006
    #1
    1. Advertising

  2. none wrote:
    > Hi, i'm trying to solve a security permission issue when running a
    > spring application in tomcat (v5.5.4) with the security manager turned
    > on. I'm not sure if the root cause is log4j or spring, and i'm also
    > confused why either would need such a permission.
    > Any ideas/help would be great.
    >
    > I can solve the issue by with an addition to the policy as below for all
    > files in my web context as its needed for .jars and .jsp files:
    >
    > permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
    >
    > Below is part of my security log.


    http://java.sun.com/developer/JDCTechTips/2001/tt0130.html

    has an explanation of what it means.

    Arne
     
    =?ISO-8859-1?Q?Arne_Vajh=F8j?=, Oct 1, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alexandra Stehman

    eclipse, junit, log4j, & finding log4j.xml

    Alexandra Stehman, Jan 19, 2004, in forum: Java
    Replies:
    0
    Views:
    5,806
    Alexandra Stehman
    Jan 19, 2004
  2. Alex Hunsley
    Replies:
    2
    Views:
    12,992
    =?ISO-8859-15?Q?Fr=E9d=E9ric_G=E9din?=
    May 28, 2004
  3. Scott Smith

    Spring and Log4j

    Scott Smith, Nov 24, 2005, in forum: Java
    Replies:
    2
    Views:
    25,334
    Scott Smith
    Nov 24, 2005
  4. rmn190
    Replies:
    2
    Views:
    2,399
    Arne Vajhøj
    Jan 10, 2008
  5. Goldfish
    Replies:
    1
    Views:
    779
    Goldfish
    Nov 6, 2008
Loading...

Share This Page