Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.java > #12495

Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml

From Emmanuel Bourg <ebourg@apache.org>
Newsgroups linux.debian.maint.java
Subject Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml
Date 2022-12-27 22:30 +0100
Message-ID <FHpGh-dHsq-1@gated-at.bofh.it> (permalink)
References <FFr9v-cnRl-3@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

Hi Alban,

Did you try this rule:

grant codeBase "file:/etc/tomcat9/-" {
   permission java.security.AllPermission;
};

Emmanuel Bourg


Le 22/12/2022 à 11:05, Alban Espié-Guillon a écrit :
> Hello,
> 
> I'm very new to tomcat, forgive me if I did not found my answer 
> elsewhere, i'm currently out of of ideas.
> 
> I'm trying to setup a standalone tomcat9 (9.0.31-1~deb10u7) on Debian 
> 11, with security manager enabled.
> 
> I'm seeing in catalina logs the following stacktrace (full stacktrace 
> provided in attachment):
> 
> 37 21-Dec-2022 16:12:04.587 SEVERE [main] 
> org.apache.tomcat.util.descriptor.web.WebXmlParser.parseWebXml Parse 
> error in application web.xml file at [file:/var/lib/tomcat9/conf/web.xml]
> 38     java.security.AccessControlException: access denied 
> ("java.lang.RuntimePermission" 
> "accessClassInPackage.org.apache.tomcat.util.buf")
> 
> Disabling the security manager makes it disappear, but I don't 
> understand why tomcat has an issue reading 
> /var/lib/tomcat9/conf/web.xml, which is a simlink to 
> /etc/tomcat9/web.xml, and I did not edit the file as you see:
> 
> # ll /etc/tomcat9/web.xml
> -rw-r----- 1 root tomcat 169K Feb  5  2020 /etc/tomcat9/web.xml
> 
> I tried to add the following policy in case of it could help:
> 
> grant codeBase "file:/var/lib/tomcat9/conf/web.xml" {
>          permission java.security.AllPermission;
> };
> 
> But the error was still logged.
> 
> I tried to report the issue to users@tomcat.apache.org and I got the 
> following answser:
> 
>  >The security manager is deprecated in newer versions of Java. If you 
> are new to Tomcat, whatever problem using the security manager is 
> intended to solve, I'd strongly encourage you to find an alternative 
> solution.
> 
>  >The codebase refers to the JAR trying to read the file, not the file 
> the JAR is trying to read.
> 
>  >I suspect the Debian distribution hasn't updated the catalina.policy 
> file to take account of the way Debian redistributes the Tomcat files 
> around the file system. If you really do want to use the security 
> manager, you'll need to take that up with the Debian folks.
> 
>  >Mark
>

Back to linux.debian.maint.java | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

tomcat9 access denied /var/lib/tomcat9/conf/web.xml Alban Espié-Guillon <alban.espie-guillon@ow2.org> - 2022-12-22 11:40 +0100
  Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml Emmanuel Bourg <ebourg@apache.org> - 2022-12-27 22:30 +0100
    Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml alban.espie-guillon@ow2.org - 2022-12-29 12:00 +0100

csiph-web