[opencms-dev] tomcat policy for opencms

Rod Thorburn rod.thorburn at pavtech.co.nz
Thu Feb 13 19:36:07 CET 2003


Hi Lars,
I'm not sure. Just check carefully that all the paths in catalina.policy are
correct. Other than that (and I'm guessing), make sure that you have granted
codeBase to the required jar:file and file: ; such as:-
 
grant codeBase
"jar:file:${catalina.home}/webapps/MyOpencmsApp/WEB-NF/oclib/opencms.jar!/-"
{
   permission java.io.FilePermission "${catalina.home}/-", "read";
};
grant codeBase "file:${catalina.home}/webapps/MyOpencmsApp/-" {
};

Keep trying - you will crack it!

It would be nice to have a 'set' of standard permissions for catalina.policy
with the opencms distribution, as the architects / developers of the
application are best placed to know what permissions are required.
Otherwise, like you, we have to hunt around in the dark for required
permissions through trial and error. The problem with that approach is, you
may add a permission that is not required which defeats the object of the
exercise (i.e. to do the job properly one has to 'fine tune' the permissions
granted).

Keep me / the list posted. We may be on the way to getting a 'set' of
permissions from the community, for the community!

Regards

Rod
-----Original Message-----
From: Lars Piehler [mailto:lars.piehler at epimusic.de]
Sent: Friday, 14 February 2003 2:16 a.m.
To: opencms-dev at www.opencms.org
Subject: Re: [opencms-dev] tomcat policy for opencms


Hi Rod,

first thanx for your fast help. Now I understand a little bit more about the
security settings.

>If it 'breaks' read the catalina log for a
> 'permission denied' - and if found add it to catalina.policy. all
functions
> In my experience the only way to do this is by trial and error (as above),
> or simply grant all permissions (thereby applying no restrictions at all).

I did it like you said. He wanted  permission for many classes in the
"opencms/WEB-INF/occlasses and I have given him the permissions he wanted.
But now he stopped with the error:

java.lang.ClassNotFoundException: Something really bad happened while
loading class com.opencms.file.mySql.CmsResourceBroker:
java.lang.NoClassDefFoundError:
com/opencms/file/genericSql/CmsResourceBroker

First he ask me for the permission of this class and after I have given him
this permission, he could not find the class.
I don`t understand it, because without the Security Manager opencms is
running very well!!
In this case he has to load this class as well, isn`t it?!!
Perhaps you or anybody else who is reading this mail have an idea, what I`m
doing wrong.

I`m happy for any help, because this Security Settings makes me crazy.

Thanx,

Lars
----- Original Message -----
From: "Rod Thorburn" <rod.thorburn at pavtech.co.nz>
To: <opencms-dev at www.opencms.org>
Sent: Wednesday, February 12, 2003 7:57 PM
Subject: RE: [opencms-dev] tomcat policy for opencms


> Attached is a text file containing some (perhaps all) catalina.policy
> settings for an instance of opencms running under a tomcat security
manager.
> There should be enough here to at least get you started. Some of the more
> generic settings will already be in your catalina.policy, so be careful
not
> to duplicate these.
> After adding these permissions to catalina.policy and restarting tomcat,
> test using your opencms app. If it 'breaks' read the catalina log for a
> 'permission denied' - and if found add it to catalina.policy. all
functions
> In my experience the only way to do this is by trial and error (as above),
> or simply grant all permissions (thereby applying no restrictions at all).
>
> Rod
>
>
> -----Original Message-----
> From: Alois Franz [mailto:alois.franz at epimusic.de]
> Sent: Wednesday, 12 February 2003 10:31 p.m.
> To: opencms-dev at opencms.org
> Subject: [opencms-dev] tomcat policy for opencms

NOTICE: The information contained in this electronic mail message and any
attachments is confidential to Pavilion Technologies, Inc. or one of its
subsidiaries and may contain proprietary information or be legally
privileged. This message and any attachments are intended only for the
personal and confidential use of the designated recipient(s). If you are not
the intended recipient or an agent responsible for delivering it to the
intended recipient, you are hereby notified that you have received this
message in error, and that any review, dissemination, distribution or
copying of this message and any attachments is unauthorised and strictly
prohibited. If you have received this message in error, please notify me
immediately by telephone and electronic mail, and delete this message, any
attachments, and all copies thereof. Thank you very much.



More information about the opencms-dev mailing list