CODEWITHSUNDEEP
javaeclipsesecuritytomcat
Tony
Tony

Reputation: 15

Modify catalina.policy

Does anyone know how to modify catalina.policy to eliminate this AccessControlException:

Feb 25, 2016 2:31:14 PM org.apache.tomee.catalina.ServerListener install

**SEVERE: TomEE Listener can't start OpenEJB**
java.security.AccessControlException: access denied (**"java.util.PropertyPermission" "tomee.skip-tomcat-log" "read"**)
    at

java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294) at java.lang.System.getProperty(System.java:717) at java.lang.Boolean.getBoolean(Boolean.java:254) at org.apache.tomee.TomEELogConfigurer.configureLogs(TomEELogConfigurer.java:30) at org.apache.tomee.catalina.ServerListener.install(ServerListener.java:170) at org.apache.tomee.catalina.ServerListener.lifecycleEvent(ServerListener.java:55) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:110) at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at org.apache.catalina.startup.Catalina.load(Catalina.java:663) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)

All I did was click on Enable Security in Eclipse and then restarted the server. Tomcat doesn't even have to load a web app to error out. Tomcat is launched from within Eclipse with the option: -Dwtp.configured.security=true

For the record: Server: Apache Tomcat (TomEE)/7.0.62 (1.7.2) Eclipse: Eclipse Java EE IDE Version: Mars.1 Release (4.5.1) Java: jdk 1.8.0_73

Enable Security checkbox checked in Eclipse on Server Overview page

Driving me crazy...

Upvotes: 1

Views: 1645

Answers (2)

Rene
Rene

Reputation: 11

This is a bug in TomEE catalina.policy regarding tomcat-juli.
Currently TomEE 8.0.9 and TomEE 9.0.0-M7 are affected.

Add the following two lines to your catalina.policy:

grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
    ...
    permission java.util.PropertyPermission "tomee.skip-tomcat-log", "read";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
   ...
};

See:
https://issues.apache.org/jira/browse/TOMEE-3840
https://issues.apache.org/jira/browse/TOMEE-3843

Feel free to create a bug ticket at TomEE project.

Upvotes: 1

Artur Linhart
Artur Linhart

Reputation: 127

I had the same issue and I think, there are two ways which I have discovered as a possible solution, only the first tried:

  1. especially for development purposes is useful to enable everything in catalina.policy, so put following code to the end of the file, then the error disappeared to me:

grant { permission java.security.AllPermission; };

  1. I looked into the source code where can be found the given permission and found there is following checking of the given property:

if (!Boolean.getBoolean("tomee.skip-tomcat-log")) { // do some log initialisation ... }

so, if you set the environment property "tomee.skip-tomcat-log" to "true" for the Tomcat, the property could be read and initialisation should not happen so the exception possibly could not be thrown...

Upvotes: 1

Related Questions