Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12493
| Path | csiph.com!xmission!news.snarked.org!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | Alban Espié-Guillon <alban.espie-guillon@ow2.org> |
| Newsgroups | linux.debian.maint.java |
| Subject | tomcat9 access denied /var/lib/tomcat9/conf/web.xml |
| Date | Thu, 22 Dec 2022 11:40:01 +0100 |
| Message-ID | <FFr9v-cnRl-3@gated-at.bofh.it> (permalink) |
| X-Mailbox-Line | From debian-java-request@lists.debian.org Thu Dec 22 10:30:15 2022 |
| Old-Return-Path | <alban.espie-guillon@ow2.org> |
| X-Amavis-Spam-Status | No, score=0.2 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, BODY_8BITS=1.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, MONEY=0.5, RCVD_IN_DNSWL_LOW=-0.7, STOCKLIKE=1] autolearn=no autolearn_force=no |
| X-Policyd-Weight | using cached result; rate: -3.5 |
| X-Greylist | delayed 442 seconds by postgrey-1.36 at bendel; Thu, 22 Dec 2022 10:13:00 UTC |
| Content-Type | multipart/mixed; boundary="------------DY1R1xzwdfADTHH2HBUZuFn2" |
| MIME-Version | 1.0 |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 |
| Content-Language | en-US |
| X-Mailing-List | <debian-java@lists.debian.org> archive/latest/23136 |
| List-ID | <debian-java.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-java/> |
| List-Archive | https://lists.debian.org/msgid-search/f66ceb71-ab42-cc98-673b-16b69759a638@ow2.org |
| Approved | robomod@news.nic.it |
| Lines | 492 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Thu, 22 Dec 2022 11:05:34 +0100 |
| X-Original-Message-ID | <f66ceb71-ab42-cc98-673b-16b69759a638@ow2.org> |
| Xref | csiph.com linux.debian.maint.java:12493 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Hello,
I'm very new to tomcat, forgive me if I did not found my answer
elsewhere, i'm currently out of of ideas.
I'm trying to setup a standalone tomcat9 (9.0.31-1~deb10u7) on Debian
11, with security manager enabled.
I'm seeing in catalina logs the following stacktrace (full stacktrace
provided in attachment):
37 21-Dec-2022 16:12:04.587 SEVERE [main]
org.apache.tomcat.util.descriptor.web.WebXmlParser.parseWebXml Parse
error in application web.xml file at [file:/var/lib/tomcat9/conf/web.xml]
38 java.security.AccessControlException: access denied
("java.lang.RuntimePermission"
"accessClassInPackage.org.apache.tomcat.util.buf")
Disabling the security manager makes it disappear, but I don't
understand why tomcat has an issue reading
/var/lib/tomcat9/conf/web.xml, which is a simlink to
/etc/tomcat9/web.xml, and I did not edit the file as you see:
# ll /etc/tomcat9/web.xml
-rw-r----- 1 root tomcat 169K Feb 5 2020 /etc/tomcat9/web.xml
I tried to add the following policy in case of it could help:
grant codeBase "file:/var/lib/tomcat9/conf/web.xml" {
permission java.security.AllPermission;
};
But the error was still logged.
I tried to report the issue to users@tomcat.apache.org and I got the
following answser:
>The security manager is deprecated in newer versions of Java. If you
are new to Tomcat, whatever problem using the security manager is
intended to solve, I'd strongly encourage you to find an alternative
solution.
>The codebase refers to the JAR trying to read the file, not the file
the JAR is trying to read.
>I suspect the Debian distribution hasn't updated the catalina.policy
file to take account of the way Debian redistributes the Tomcat files
around the file system. If you really do want to use the security
manager, you'll need to take that up with the Debian folks.
>Mark
--
Alban Espié-Guillon
OW2 System Administrator
Back to linux.debian.maint.java | Previous | Next — Next in thread | Find similar
tomcat9 access denied /var/lib/tomcat9/conf/web.xml Alban Espié-Guillon <alban.espie-guillon@ow2.org> - 2022-12-22 11:40 +0100
Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml Emmanuel Bourg <ebourg@apache.org> - 2022-12-27 22:30 +0100
Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml alban.espie-guillon@ow2.org - 2022-12-29 12:00 +0100
csiph-web