Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12496
| Path | csiph.com!1.us.feeder.erje.net!3.eu.feeder.erje.net!feeder.erje.net!news.mb-net.net!open-news-network.org!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | alban.espie-guillon@ow2.org |
| Newsgroups | linux.debian.maint.java |
| Subject | Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml |
| Date | Thu, 29 Dec 2022 12:00:01 +0100 |
| Message-ID | <FHYNH-e5bd-3@gated-at.bofh.it> (permalink) |
| References | <FFr9v-cnRl-3@gated-at.bofh.it> <FHpGh-dHsq-1@gated-at.bofh.it> |
| X-Original-To | Emmanuel Bourg <ebourg@apache.org>, debian-java@lists.debian.org |
| X-Mailbox-Line | From debian-java-request@lists.debian.org Thu Dec 29 10:54:12 2022 |
| Old-Return-Path | <alban.espie-guillon@ow2.org> |
| X-Amavis-Spam-Status | No, score=-2.548 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, BODY_8BITS=1.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.148, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no autolearn_force=no |
| X-Policyd-Weight | NOT_IN_SBL_XBL_SPAMHAUS=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .ow2. - helo: .smtp-auth2.xsalto. - helo-domain: .xsalto.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=0; rate: -3.5 |
| MIME-Version | 1.0 |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 |
| Content-Type | text/plain; charset=UTF-8; format=flowed |
| Content-Transfer-Encoding | 8bit |
| X-Mailing-List | <debian-java@lists.debian.org> archive/latest/23139 |
| List-ID | <debian-java.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-java/> |
| List-Archive | https://lists.debian.org/msgid-search/8aba31de-d9de-9d3a-32bf-e68d8ed4109a@ow2.org |
| Approved | robomod@news.nic.it |
| Lines | 75 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Thu, 29 Dec 2022 11:37:34 +0100 |
| X-Original-Message-ID | <8aba31de-d9de-9d3a-32bf-e68d8ed4109a@ow2.org> |
| X-Original-References | <f66ceb71-ab42-cc98-673b-16b69759a638@ow2.org> <b89c4b03-299e-4ac0-5ed1-3d7eec2699f4@apache.org> |
| Xref | csiph.com linux.debian.maint.java:12496 |
Show key headers only | View raw
Hi Emmanuel,
I added the rule and restarted tomcat but the error remains.
Regards,
On 12/27/22 10:21 PM, Emmanuel Bourg <ebourg@apache.org> wrote:
> Hi Alban,
>
> Did you try this rule:
>
> grant codeBase "file:/etc/tomcat9/-" {
> permission java.security.AllPermission;
> };
>
> Emmanuel Bourg
>
>
> Le 22/12/2022 à 11:05, Alban Espié-Guillon a écrit :
> > Hello,
> >
> > I'm very new to tomcat, forgive me if I did not found my answer
> > elsewhere, i'm currently out of of ideas.
> >
> > I'm trying to setup a standalone tomcat9 (9.0.31-1~deb10u7) on Debian
> > 11, with security manager enabled.
> >
> > I'm seeing in catalina logs the following stacktrace (full stacktrace
> > provided in attachment):
> >
> > 37 21-Dec-2022 16:12:04.587 SEVERE [main]
> > org.apache.tomcat.util.descriptor.web.WebXmlParser.parseWebXml Parse
> > error in application web.xml file at [file:/var/lib/tomcat9/conf/web.xml]
> > 38 java.security.AccessControlException: access denied
> > ("java.lang.RuntimePermission"
> > "accessClassInPackage.org.apache.tomcat.util.buf")
> >
> > Disabling the security manager makes it disappear, but I don't
> > understand why tomcat has an issue reading
> > /var/lib/tomcat9/conf/web.xml, which is a simlink to
> > /etc/tomcat9/web.xml, and I did not edit the file as you see:
> >
> > # ll /etc/tomcat9/web.xml
> > -rw-r----- 1 root tomcat 169K Feb 5 2020 /etc/tomcat9/web.xml
> >
> > I tried to add the following policy in case of it could help:
> >
> > grant codeBase "file:/var/lib/tomcat9/conf/web.xml" {
> > permission java.security.AllPermission;
> > };
> >
> > But the error was still logged.
> >
> > I tried to report the issue to users@tomcat.apache.org and I got the
> > following answser:
> >
> > >The security manager is deprecated in newer versions of Java. If you
> > are new to Tomcat, whatever problem using the security manager is
> > intended to solve, I'd strongly encourage you to find an alternative
> > solution.
> >
> > >The codebase refers to the JAR trying to read the file, not the file
> > the JAR is trying to read.
> >
> > >I suspect the Debian distribution hasn't updated the catalina.policy
> > file to take account of the way Debian redistributes the Tomcat files
> > around the file system. If you really do want to use the security
> > manager, you'll need to take that up with the Debian folks.
> >
> > >Mark
> >
>
>
>
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Find similar
tomcat9 access denied /var/lib/tomcat9/conf/web.xml Alban Espié-Guillon <alban.espie-guillon@ow2.org> - 2022-12-22 11:40 +0100
Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml Emmanuel Bourg <ebourg@apache.org> - 2022-12-27 22:30 +0100
Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml alban.espie-guillon@ow2.org - 2022-12-29 12:00 +0100
csiph-web