Win a copy of Micro Frontends in Action this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Tomcat Java2 Security Issue: modifyThread and modifyThreadGroup

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I deployed axis2 on WebSphere7 with switched on java2 security and got the next expected errors:



and




When I'm deploying axis2 on Tomcat 5/6/7 with switched on java2 security I can't get the same "access denied" exception.

I have to track "modifyThread" security violations on Tomcat.
Do you know why Tomcat java2 security behaves differently?

-Orest
 
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tomcat does not run by default with a security manager enabled; if you turn that on (by using the "-security" switch of the catalina.sh script), it's possible that you'll see the same exceptions.

You should look into the security policy that's used by WebSphere, and see if it can possibly be relaxed.
 
Orest Ivasiv
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've enabled tomcat security: catalina start -security and modified catalina.policy file.
And this policy file has no permissions for "modifyThread" and "modifyThreadGroup":


 
Ulf Dittmer
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So your WebSphere server runs with a different security policy than the default one Tomcat ships with.
 
Orest Ivasiv
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I permitted everything on WebSphere and Tomcat except "modifyThread" and "modifyThreadGroup".
But axis2 works on Tomcat without any "access denied". And axis2 + WepSphere blames "modifyThreadGroup : Access denied" with the similar policy file.

 
Saloon Keeper
Posts: 22511
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tomcat typically gets run under the Sun/Oracle JVM. WebSphere is often run under the IBM J9 JVM. While access rights like the ones mentioned would appear to me to be something both JVMs would support and do so in an identical manner, it's worth checking to make sure that that's not the issue.
 
Legend has it that if you rub the right tiny ad, a genie comes out.
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic