• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat Java2 Security Issue: modifyThread and modifyThreadGroup

 
Orest Ivasiv
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I deployed axis2 on WebSphere7 with switched on java2 security and got the next expected errors:



and




When I'm deploying axis2 on Tomcat 5/6/7 with switched on java2 security I can't get the same "access denied" exception.

I have to track "modifyThread" security violations on Tomcat.
Do you know why Tomcat java2 security behaves differently?

-Orest
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tomcat does not run by default with a security manager enabled; if you turn that on (by using the "-security" switch of the catalina.sh script), it's possible that you'll see the same exceptions.

You should look into the security policy that's used by WebSphere, and see if it can possibly be relaxed.
 
Orest Ivasiv
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've enabled tomcat security: catalina start -security and modified catalina.policy file.
And this policy file has no permissions for "modifyThread" and "modifyThreadGroup":


 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So your WebSphere server runs with a different security policy than the default one Tomcat ships with.
 
Orest Ivasiv
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I permitted everything on WebSphere and Tomcat except "modifyThread" and "modifyThreadGroup".
But axis2 works on Tomcat without any "access denied". And axis2 + WepSphere blames "modifyThreadGroup : Access denied" with the similar policy file.

 
Tim Holloway
Saloon Keeper
Pie
Posts: 18212
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tomcat typically gets run under the Sun/Oracle JVM. WebSphere is often run under the IBM J9 JVM. While access rights like the ones mentioned would appear to me to be something both JVMs would support and do so in an identical manner, it's worth checking to make sure that that's not the issue.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic