aspose file tools*
The moose likes Tomcat and the fly likes Tomcat Java2 Security Issue: modifyThread and modifyThreadGroup Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat Java2 Security Issue: modifyThread and modifyThreadGroup" Watch "Tomcat Java2 Security Issue: modifyThread and modifyThreadGroup" New topic
Author

Tomcat Java2 Security Issue: modifyThread and modifyThreadGroup

Orest Ivasiv
Greenhorn

Joined: Jan 11, 2010
Posts: 9
Hi all,

I deployed axis2 on WebSphere7 with switched on java2 security and got the next expected errors:



and




When I'm deploying axis2 on Tomcat 5/6/7 with switched on java2 security I can't get the same "access denied" exception.

I have to track "modifyThread" security violations on Tomcat.
Do you know why Tomcat java2 security behaves differently?

-Orest
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42277
    
  64
Tomcat does not run by default with a security manager enabled; if you turn that on (by using the "-security" switch of the catalina.sh script), it's possible that you'll see the same exceptions.

You should look into the security policy that's used by WebSphere, and see if it can possibly be relaxed.


Ping & DNS - my free Android networking tools app
Orest Ivasiv
Greenhorn

Joined: Jan 11, 2010
Posts: 9
I've enabled tomcat security: catalina start -security and modified catalina.policy file.
And this policy file has no permissions for "modifyThread" and "modifyThreadGroup":


Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42277
    
  64
So your WebSphere server runs with a different security policy than the default one Tomcat ships with.
Orest Ivasiv
Greenhorn

Joined: Jan 11, 2010
Posts: 9
I permitted everything on WebSphere and Tomcat except "modifyThread" and "modifyThreadGroup".
But axis2 works on Tomcat without any "access denied". And axis2 + WepSphere blames "modifyThreadGroup : Access denied" with the similar policy file.

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16142
    
  21

Tomcat typically gets run under the Sun/Oracle JVM. WebSphere is often run under the IBM J9 JVM. While access rights like the ones mentioned would appear to me to be something both JVMs would support and do so in an identical manner, it's worth checking to make sure that that's not the issue.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
jQuery in Action, 2nd edition
 
subject: Tomcat Java2 Security Issue: modifyThread and modifyThreadGroup