[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Tomcat Security Manager Problem

Alex,
That's exactly what I thought. Once again we had just about everything the exact same on a different RaQ4r and did not have these problems with the security manager. I assume the update 1.0 was not properly installed on that server, even though we were using a security manager with only the AllPermissions.
When we migrated I used the same tomcat.policy.master file from our old server which included any modifications.
For some reason on this new server, despite the AllPermission entry, security errors were generated. Adding the lines for interclient seemed to resolve this for interclient.
I had to grant AllPermission to some other directories and etc, to get things to go so far.
The servlets that are generating the email errors, in the same directory as other servlets that were throwing the other errors. 

I have even tried in addition to the home/web
grant codeBase "file:/home/sites/home/web/WEB-INF/Classes-" {
         permission java.security.AllPermission;
};
I got around several other securiy errors and this is the last one that is driving my nuts. I cannot make it go away, no matter where I put the AllPermissions or anything else.
I even commented out lines in the pl script that genrates the tomcat.policy file when tomcat is started. So those entries would not be added, and still nothing. 

It only when I use this one method all errors are started
        try {
            Transport.send(mimeMsg);

        }
Even when I add the smtp port number 25 to the end still nothing. I am going to attempt with the same domain,
the servlet is under www.obsidian-studios.com and I am sending mail to mail.obsidian-studios.com. 

They are the same server at the moment, but will not be for long.

I will attempt to replace the mail with www and see what I get.

Still not sure why the AllPermissions doesn't do the job?


Alexander Povargo wrote:


Hi William,

if you state "permission java.security.AllPermission;" it is not necessary
describe rest of permissions.
Test the following:
grant codeBase "file:/home/sites/home/web/-" {
         permission java.security.AllPermission;
};
and no more. It allows all socket connections to all hosts.
And next: did you restart Tomcat after you change tomcat.policy?
Log with telnet with root privileges and make
/etc/rc.d/init.d/httpd restart
or
/etc/rc.d/init.d/tomcat.init restart
All changes will be accepted by Tomcat after restart only. If you
use Cobalt's scripts with Tomcat you need to place your custom
permissions to tomcat.policy.custom file as described in Cobalt's
docs, see docs for details.

If it will not help to you I will send to you all details from my server
here JavaMail, Interclient and much more is working perfectly.

Regards,
Alex



Well no go, here the whole scope,

grant codeBase "file:/home/sites/home/web/-" {
        permission java.security.AllPermission;
        permission java.net.SocketPermission
"mail.obsidian-studios.com:25-","accept,listen,connect,resolve";
        permission java.net.SocketPermission
"mail.obsidian-studios.com:-","accept,listen,connect,resolve";
        permission java.net.SocketPermission
"www.obsidian-studios.com:25-","accept,listen,connect,resolve";
        permission java.net.SocketPermission
"www.obsidian-studios.com:-","accept,listen,connect,resolve";
        permission java.net.SocketPermission
"www.obsidian-studios.com:3060","accept,listen,connect,resolve";
};

I have even tried *.obsidian-studios.com:*, and a variety of others.
Really makes no sense. I have started looking at the java code that
makes up the JavaMail API to see if something in there is causing a
problem.

I ran into similar problems with interclient, thus the line above for
port 3060, but the no luck on the other two.

Suggestions ?

William L. Thomson Jr. wrote:



Alex,
   I have tried,
obsidian-studios.com:

And a variety of other combo's, although I have not tried,
"mail.obsidian-studios.com:25-","listen,connect,resolve"

but as mentioned in another post, that the - is a minus sign, that
represents that port and all below.


I would prefer only the ports I need, but am getting desperate


so I will


give it a try.

Thanks.

Alexander Povargo wrote:



Hi William,

try to use following in tomcat.policy:
"mail.obsidian-studios.com:25-","listen,connect,resolve";
Take attention which domain name has your SMTP, may be you need write
"obsidian-studios.com:...."

Regards,
Alex




-----Original Message-----
From: cobalt-developers-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of William
L. Thomson Jr.
Sent: Saturday, November 10, 2001 3:40 AM
To: Cobalt Developers Group
Subject: [cobalt-developers] Tomcat Security Manager Problem


I cannot seem to make the following error go away. I have tried
almost everything in the tomcat.policy.master file.

I keep getting the following, when using JavaMail.

Ctx( www.obsidian-studios.com: ): Exception in: R(  +
/servlet/MyServlet + null) - java.security.AccessControlException:
access denied (java.net.SocketPermission mail.obsidian-studios.com
resolve)
   at
java.security.AccessControlContext.checkPermission(AccessControlCo
ntext.java:273)
   at



java.security.AccessController.checkPermission(AccessController.java:400)


   at
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
   at


java.lang.SecurityManager.checkConnect(SecurityManager.java:1042)


   at java.net.InetAddress.getAllByName0(InetAddress.java:767)
   at java.net.InetAddress.getAllByName0(InetAddress.java:748)
   at java.net.InetAddress.getAllByName(InetAddress.java:742)
   at java.net.InetAddress.getByName(InetAddress.java:679)
   at javax.mail.URLName.getHostAddress(URLName.java:445)
   at javax.mail.URLName.hashCode(URLName.java:421)
   at java.util.Hashtable.get(Hashtable.java:320)
   at javax.mail.Session.getPasswordAuthentication(Session.java:640)
   at javax.mail.Service.connect(Service.java:217)
   at javax.mail.Service.connect(Service.java:135)
   at javax.mail.Service.connect(Service.java:87)
   at com.sun.mail.smtp.SMTPTransport.connect(SMTPTransport.java:93)
   at javax.mail.Transport.send0(Transport.java:163)
   at javax.mail.Transport.send(Transport.java:81)


Here are some of the scenarios I have attempted so far.

       permission java.net.SocketPermission
"www.obsidian-studios.com:25","resolve";
       permission java.net.SocketPermission
"www.obsidian-studios.com:80","resolve";
       permission java.net.SocketPermission
"www.obsidian-studios.com:110","resolve";

I tried using mail as the host instead of www (both the same
machine). I have used * wildcards as the hostname and port.

I have tried just about everything I know to try.

Any suggestions?

--
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone     707.766.9509
Fax 707.766.8989
http://www.obsidian-studios.com

_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers





_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers








--
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 	707.766.9509
Fax
707.766.8989
http://www.obsidian-studios.com

_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers





_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers






--
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 	707.766.9509
Fax 707.766.8989 
http://www.obsidian-studios.com