Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12496
| From | alban.espie-guillon@ow2.org |
|---|---|
| Newsgroups | linux.debian.maint.java |
| Subject | Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml |
| Date | 2022-12-29 12:00 +0100 |
| Message-ID | <FHYNH-e5bd-3@gated-at.bofh.it> (permalink) |
| References | <FFr9v-cnRl-3@gated-at.bofh.it> <FHpGh-dHsq-1@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Hi Emmanuel,
I added the rule and restarted tomcat but the error remains.
Regards,
On 12/27/22 10:21 PM, Emmanuel Bourg <ebourg@apache.org> wrote:
> Hi Alban,
>
> Did you try this rule:
>
> grant codeBase "file:/etc/tomcat9/-" {
> permission java.security.AllPermission;
> };
>
> Emmanuel Bourg
>
>
> Le 22/12/2022 à 11:05, Alban Espié-Guillon a écrit :
> > Hello,
> >
> > I'm very new to tomcat, forgive me if I did not found my answer
> > elsewhere, i'm currently out of of ideas.
> >
> > I'm trying to setup a standalone tomcat9 (9.0.31-1~deb10u7) on Debian
> > 11, with security manager enabled.
> >
> > I'm seeing in catalina logs the following stacktrace (full stacktrace
> > provided in attachment):
> >
> > 37 21-Dec-2022 16:12:04.587 SEVERE [main]
> > org.apache.tomcat.util.descriptor.web.WebXmlParser.parseWebXml Parse
> > error in application web.xml file at [file:/var/lib/tomcat9/conf/web.xml]
> > 38 java.security.AccessControlException: access denied
> > ("java.lang.RuntimePermission"
> > "accessClassInPackage.org.apache.tomcat.util.buf")
> >
> > Disabling the security manager makes it disappear, but I don't
> > understand why tomcat has an issue reading
> > /var/lib/tomcat9/conf/web.xml, which is a simlink to
> > /etc/tomcat9/web.xml, and I did not edit the file as you see:
> >
> > # ll /etc/tomcat9/web.xml
> > -rw-r----- 1 root tomcat 169K Feb 5 2020 /etc/tomcat9/web.xml
> >
> > I tried to add the following policy in case of it could help:
> >
> > grant codeBase "file:/var/lib/tomcat9/conf/web.xml" {
> > permission java.security.AllPermission;
> > };
> >
> > But the error was still logged.
> >
> > I tried to report the issue to users@tomcat.apache.org and I got the
> > following answser:
> >
> > >The security manager is deprecated in newer versions of Java. If you
> > are new to Tomcat, whatever problem using the security manager is
> > intended to solve, I'd strongly encourage you to find an alternative
> > solution.
> >
> > >The codebase refers to the JAR trying to read the file, not the file
> > the JAR is trying to read.
> >
> > >I suspect the Debian distribution hasn't updated the catalina.policy
> > file to take account of the way Debian redistributes the Tomcat files
> > around the file system. If you really do want to use the security
> > manager, you'll need to take that up with the Debian folks.
> >
> > >Mark
> >
>
>
>
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Find similar
tomcat9 access denied /var/lib/tomcat9/conf/web.xml Alban Espié-Guillon <alban.espie-guillon@ow2.org> - 2022-12-22 11:40 +0100
Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml Emmanuel Bourg <ebourg@apache.org> - 2022-12-27 22:30 +0100
Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml alban.espie-guillon@ow2.org - 2022-12-29 12:00 +0100
csiph-web