wood burning stoves 2.0*
The moose likes Tomcat and the fly likes much tighter security on new box Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "much tighter security on new box" Watch "much tighter security on new box" New topic
Author

much tighter security on new box

Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Hi,

I've been deploying a Tomcat 5.5 app, JDK 1.5 and am getting a ton of security stops. This is on a fresh Debian Etch machine, I've run it on other Debian Etch systems, and can't figure out what is triggering the increased security.

Things like
by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)

when I try a simple 'System.getProperty("user.home")

which have always worked.

Clearly something is setting up tighter security. Pointers to where this is will be greatly appreciated.

Thanks
Pat
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Did you download and install Tomcat from their site or was this a Debian package that came with your distro?

If the latter, whoever packaged it probably configured it to run under a security manager.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Don't know the answer, probably just apt-get from some Debian package repository.

Clearly the security is high. And while security is important, its keeping me from even seeing if my code will run on this box.

I guess I need to figure out where it is turned on, loosen it for a bit, and get it working, then turn it secure, and track down stuff.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

You'll have to do some digging to see how Tomcat is being started.

At some point the -security flag is being set.
This flag causes tomcat to be run under a security manager configured in tomcat/conf/catalina.policy. Either alter catalina.policy to loosen restrictions as needed, or remove the flag from the script that is starting Tomcat.

I use RPM and Debian packages (apt-get) for a lot of thing, but not Tomcat or Java. For Tomcat, I prefer to grab the most recent releases from http://tomcat.apache.org and keep the whole application in one directory.
I use the JDK from http://java.sun.com.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

found the line, its in /etc/init.d/tomcat5.5

The line is


Change it to
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: much tighter security on new box