[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-developers] Tomcat Security Manager Problem
- Subject: RE: [cobalt-developers] Tomcat Security Manager Problem
- From: "Alexander Povargo" <alpo@xxxxxxxxxxxxxxxxxx>
- Date: Sat Nov 10 14:07:44 2001
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
Hi William,
if you state "permission java.security.AllPermission;" it is not necessary
describe rest of permissions.
Test the following:
grant codeBase "file:/home/sites/home/web/-" {
permission java.security.AllPermission;
};
and no more. It allows all socket connections to all hosts.
And next: did you restart Tomcat after you change tomcat.policy?
Log with telnet with root privileges and make
/etc/rc.d/init.d/httpd restart
or
/etc/rc.d/init.d/tomcat.init restart
All changes will be accepted by Tomcat after restart only. If you
use Cobalt's scripts with Tomcat you need to place your custom
permissions to tomcat.policy.custom file as described in Cobalt's
docs, see docs for details.
If it will not help to you I will send to you all details from my server
here JavaMail, Interclient and much more is working perfectly.
Regards,
Alex
> Well no go, here the whole scope,
>
> grant codeBase "file:/home/sites/home/web/-" {
> permission java.security.AllPermission;
> permission java.net.SocketPermission
> "mail.obsidian-studios.com:25-","accept,listen,connect,resolve";
> permission java.net.SocketPermission
> "mail.obsidian-studios.com:-","accept,listen,connect,resolve";
> permission java.net.SocketPermission
> "www.obsidian-studios.com:25-","accept,listen,connect,resolve";
> permission java.net.SocketPermission
> "www.obsidian-studios.com:-","accept,listen,connect,resolve";
> permission java.net.SocketPermission
> "www.obsidian-studios.com:3060","accept,listen,connect,resolve";
> };
>
> I have even tried *.obsidian-studios.com:*, and a variety of others.
> Really makes no sense. I have started looking at the java code that
> makes up the JavaMail API to see if something in there is causing a
> problem.
>
> I ran into similar problems with interclient, thus the line above for
> port 3060, but the no luck on the other two.
>
> Suggestions ?
>
> William L. Thomson Jr. wrote:
>
> > Alex,
> > I have tried,
> > obsidian-studios.com:
> >
> > And a variety of other combo's, although I have not tried,
> > "mail.obsidian-studios.com:25-","listen,connect,resolve"
> >
> > but as mentioned in another post, that the - is a minus sign, that
> > represents that port and all below.
> >
> >
> > I would prefer only the ports I need, but am getting desperate
> so I will
> > give it a try.
> >
> > Thanks.
> >
> > Alexander Povargo wrote:
> >
> >> Hi William,
> >>
> >> try to use following in tomcat.policy:
> >> "mail.obsidian-studios.com:25-","listen,connect,resolve";
> >> Take attention which domain name has your SMTP, may be you need write
> >> "obsidian-studios.com:...."
> >>
> >> Regards,
> >> Alex
> >>
> >>
> >>> -----Original Message-----
> >>> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> >>> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of William
> >>> L. Thomson Jr.
> >>> Sent: Saturday, November 10, 2001 3:40 AM
> >>> To: Cobalt Developers Group
> >>> Subject: [cobalt-developers] Tomcat Security Manager Problem
> >>>
> >>>
> >>> I cannot seem to make the following error go away. I have tried
> >>> almost everything in the tomcat.policy.master file.
> >>>
> >>> I keep getting the following, when using JavaMail.
> >>>
> >>> Ctx( www.obsidian-studios.com: ): Exception in: R( +
> >>> /servlet/MyServlet + null) - java.security.AccessControlException:
> >>> access denied (java.net.SocketPermission mail.obsidian-studios.com
> >>> resolve)
> >>> at
> >>> java.security.AccessControlContext.checkPermission(AccessControlCo
> >>> ntext.java:273)
> >>> at
> >>>
> java.security.AccessController.checkPermission(AccessController.java:400)
> >>>
> >>> at
> >>> java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
> >>> at
> java.lang.SecurityManager.checkConnect(SecurityManager.java:1042)
> >>> at java.net.InetAddress.getAllByName0(InetAddress.java:767)
> >>> at java.net.InetAddress.getAllByName0(InetAddress.java:748)
> >>> at java.net.InetAddress.getAllByName(InetAddress.java:742)
> >>> at java.net.InetAddress.getByName(InetAddress.java:679)
> >>> at javax.mail.URLName.getHostAddress(URLName.java:445)
> >>> at javax.mail.URLName.hashCode(URLName.java:421)
> >>> at java.util.Hashtable.get(Hashtable.java:320)
> >>> at javax.mail.Session.getPasswordAuthentication(Session.java:640)
> >>> at javax.mail.Service.connect(Service.java:217)
> >>> at javax.mail.Service.connect(Service.java:135)
> >>> at javax.mail.Service.connect(Service.java:87)
> >>> at com.sun.mail.smtp.SMTPTransport.connect(SMTPTransport.java:93)
> >>> at javax.mail.Transport.send0(Transport.java:163)
> >>> at javax.mail.Transport.send(Transport.java:81)
> >>>
> >>>
> >>> Here are some of the scenarios I have attempted so far.
> >>>
> >>> permission java.net.SocketPermission
> >>> "www.obsidian-studios.com:25","resolve";
> >>> permission java.net.SocketPermission
> >>> "www.obsidian-studios.com:80","resolve";
> >>> permission java.net.SocketPermission
> >>> "www.obsidian-studios.com:110","resolve";
> >>>
> >>> I tried using mail as the host instead of www (both the same
> >>> machine). I have used * wildcards as the hostname and port.
> >>>
> >>> I have tried just about everything I know to try.
> >>>
> >>> Any suggestions?
> >>>
> >>> --
> >>> Sincerely,
> >>> William L. Thomson Jr.
> >>> Obsidian-Studios, Inc.
> >>> 439 Amber Way
> >>> Petaluma, Ca. 94952
> >>> Phone 707.766.9509
> >>> Fax 707.766.8989
> >>> http://www.obsidian-studios.com
> >>>
> >>> _______________________________________________
> >>> cobalt-developers mailing list
> >>> cobalt-developers@xxxxxxxxxxxxxxx
> >>> http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >>>
> >>>
> >>>
> >>
> >> _______________________________________________
> >> cobalt-developers mailing list
> >> cobalt-developers@xxxxxxxxxxxxxxx
> >> http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >>
> >>
> >>
> >
> >
>
>
> --
> Sincerely,
> William L. Thomson Jr.
> Obsidian-Studios, Inc.
> 439 Amber Way
> Petaluma, Ca. 94952
> Phone 707.766.9509
> Fax
> 707.766.8989
> http://www.obsidian-studios.com
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
>