Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12495
| Path | csiph.com!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | Emmanuel Bourg <ebourg@apache.org> |
| Newsgroups | linux.debian.maint.java |
| Subject | Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml |
| Date | Tue, 27 Dec 2022 22:30:01 +0100 |
| Message-ID | <FHpGh-dHsq-1@gated-at.bofh.it> (permalink) |
| References | <FFr9v-cnRl-3@gated-at.bofh.it> |
| X-Original-To | Alban Espié-Guillon <alban.espie-guillon@ow2.org>, debian-java@lists.debian.org |
| X-Mailbox-Line | From debian-java-request@lists.debian.org Tue Dec 27 21:21:34 2022 |
| Old-Return-Path | <ebourg@apache.org> |
| X-Amavis-Spam-Status | No, score=-11.649 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, BODY_8BITS=1.5, LDO_WHITELIST=-5, NICE_REPLY_A=-1.148, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no |
| X-Policyd-Weight | NOT_IN_SBL_XBL_SPAMHAUS=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .apache. - helo: .mxout1-ec2-va.apache. - helo-domain: .apache.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -5.5 |
| Authentication-Results | apache.org; auth=none |
| MIME-Version | 1.0 |
| User-Agent | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 |
| Content-Language | fr, en-US |
| Content-Type | text/plain; charset=UTF-8; format=flowed |
| Content-Transfer-Encoding | 8bit |
| X-Mailing-List | <debian-java@lists.debian.org> archive/latest/23138 |
| List-ID | <debian-java.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-java/> |
| List-Archive | https://lists.debian.org/msgid-search/b89c4b03-299e-4ac0-5ed1-3d7eec2699f4@apache.org |
| Approved | robomod@news.nic.it |
| Lines | 64 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Tue, 27 Dec 2022 22:21:07 +0100 |
| X-Original-Message-ID | <b89c4b03-299e-4ac0-5ed1-3d7eec2699f4@apache.org> |
| X-Original-References | <f66ceb71-ab42-cc98-673b-16b69759a638@ow2.org> |
| Xref | csiph.com linux.debian.maint.java:12495 |
Show key headers only | View raw
Hi Alban,
Did you try this rule:
grant codeBase "file:/etc/tomcat9/-" {
permission java.security.AllPermission;
};
Emmanuel Bourg
Le 22/12/2022 à 11:05, Alban Espié-Guillon a écrit :
> Hello,
>
> I'm very new to tomcat, forgive me if I did not found my answer
> elsewhere, i'm currently out of of ideas.
>
> I'm trying to setup a standalone tomcat9 (9.0.31-1~deb10u7) on Debian
> 11, with security manager enabled.
>
> I'm seeing in catalina logs the following stacktrace (full stacktrace
> provided in attachment):
>
> 37 21-Dec-2022 16:12:04.587 SEVERE [main]
> org.apache.tomcat.util.descriptor.web.WebXmlParser.parseWebXml Parse
> error in application web.xml file at [file:/var/lib/tomcat9/conf/web.xml]
> 38 java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission"
> "accessClassInPackage.org.apache.tomcat.util.buf")
>
> Disabling the security manager makes it disappear, but I don't
> understand why tomcat has an issue reading
> /var/lib/tomcat9/conf/web.xml, which is a simlink to
> /etc/tomcat9/web.xml, and I did not edit the file as you see:
>
> # ll /etc/tomcat9/web.xml
> -rw-r----- 1 root tomcat 169K Feb 5 2020 /etc/tomcat9/web.xml
>
> I tried to add the following policy in case of it could help:
>
> grant codeBase "file:/var/lib/tomcat9/conf/web.xml" {
> permission java.security.AllPermission;
> };
>
> But the error was still logged.
>
> I tried to report the issue to users@tomcat.apache.org and I got the
> following answser:
>
> >The security manager is deprecated in newer versions of Java. If you
> are new to Tomcat, whatever problem using the security manager is
> intended to solve, I'd strongly encourage you to find an alternative
> solution.
>
> >The codebase refers to the JAR trying to read the file, not the file
> the JAR is trying to read.
>
> >I suspect the Debian distribution hasn't updated the catalina.policy
> file to take account of the way Debian redistributes the Tomcat files
> around the file system. If you really do want to use the security
> manager, you'll need to take that up with the Debian folks.
>
> >Mark
>
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Next in thread | Find similar
tomcat9 access denied /var/lib/tomcat9/conf/web.xml Alban Espié-Guillon <alban.espie-guillon@ow2.org> - 2022-12-22 11:40 +0100
Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml Emmanuel Bourg <ebourg@apache.org> - 2022-12-27 22:30 +0100
Re: tomcat9 access denied /var/lib/tomcat9/conf/web.xml alban.espie-guillon@ow2.org - 2022-12-29 12:00 +0100
csiph-web