Title | java.io.FilePermission access denied for tomcat catalina.policy |
Date | 26-Oct-2006 06:28:00 EEST |
Version | 2.4.71 |
Submitter | 206.152.117.245 |
Bug criticality | LightBug |
Browser version | Firefox |
Bug status | ClosedBug |
PageProvider used | |
Servlet Container | Tomcat 4.1.30 |
Operating System | Mac OSX |
URL | |
Java version | 1.4.2 |
I normally run Tomcat with the SecurityManager and strict security policies implemented in catalina.policy. I followed the instructions for merging the jspwiki.policy entries into catalina.policy and moved the jspwiki.jks keystore.
While researching this I was running Tomcat with security debug enabled by using -Djava.security.debug=access,failure
No matter what changes I made to catalina.policy (except granting everything AllPermissions) caused a java.io.FilePermission when com.ecyrd.jspwiki.auth.PolicyLoader used f.exists() for catalina.polic in the PolicyLoader.isSecurityPolicyConfigured() method.
From reviewing this method it is really only there to provide debug information and isn't critical to running JSPWiki with JAAS.
To overcome this problem I wrapped the methods which were triggering the java.io.FilePermission access denied exceptions with a try/catch for a SecurityPermission. Then logged the security exception as a warning.
Once I applied the above patch using the security debug output I was able to quickly tune the permission in my catalina.policy to get JSPWiki working with Container Manager Security and JAAS.
The patch for PolicyLoader.java is attached.
Adding name of bug submitter.
--Glenn Nielsen, 01-Nov-2006
There is nothing attached ?!
Is this bug still occuring after 2.5.26:
2007-02-24 Andrew Jaquith <andrew AT freshcookies DOT org> * 2.5.26 * Major enhancement: replaced JSPWiki's dependency on the global, JVM-wide security policy with a "local policy" that is always read from WEB-INF/jspwiki.policy. If you have a JVM-wide policy, the local policy will supplement it. The practical upshot of this change is that the most common configuration challenge that most first-time admins face (why won't any pages display?) is gone, and gone forever. No more fiddling with the java.security.policy property! The syntax for the local policy is exactly the same as what it's always been; but now it Just Works instead of Mostly Works.
Or is this a duplicate of BugJspwiki.policyIgnoredWhenUsingSecurityManager ?
--HarryMetske, 21-Mar-2007
Harry, this issue still exists, and was not closed by the 2.5 revisions. But it is indeed a duplicate of the other bug, so we should close it.
--Andrew Jaquith, 28-Mar-2007
Bug closed, duplicate...