[opencms-dev] OpenCms and Tomcat security manager
TechnoSophos
technosophos at gmail.com
Mon Apr 21 18:11:55 CEST 2008
I run OpenCms on both Debian Etch and Ubuntu 7.10 (soon to be 8.04).
Here are instructions for configuring the security manager correctly
for OpenCms 7.0.4.
http://aleph-null.tv/article/20080416-1439-301.xml/OpenCms-7.04-with-Tomcat-on-Ubuntu-Feisty-%287.10%29
Let me know if they work well for you. I just jotted them down last
week (after doing a fresh install on my laptop), and I might have made
a typo or two.
Matt
On Sun, Apr 20, 2008 at 2:22 PM, Wolfgang Jeltsch
<lmegd704 at acme.softbase.org> wrote:
> Hello,
>
> I try to run OpenCms with Tomcat 5.0 on Debian GNU/Linux 4.0. The Debian
> Tomcat 5.0 package uses a security manager. This causes an
> java.security.AccessControlException during the deployment of OpenCms.
> Disabling the security manager results in absence of this exception.
>
> However, I don't want to run Tomcat without the security manager. So what
> rights do I have to grant to OpenCms in the Tomcat configuration?
>
> Here the relevant part of /usr/share/doc/tomcat5/README.Debian.gz:
>
> > Tomcat is started using a security manager, you can define the permissions
> > for your servlets and JSPs in /etc/tomcat5/policy.d/*. All files in this
> > directory are joined to /etc/tomcat5/catalina.policy at startup.
> >
> > If your webapp does not work with the tomcat5 Debian package but works fine
> > with the binary distribution from Jakarta, try to disbale the security
> > manager in /etc/default/tomcat5 first. If this works, add the required
> > permissions in a new file in /etc/tomcat5/policy.d/ restart and re-enable
> > the security manager.
> >
> > Disabling the security manager is not recommended on production systems
> > since a call to System.exit() in a servlet of JSP page would then stop the
> > whole virtual machine that is running Tomcat.
>
> Thanks a lot for any help.
>
> Best wishes,
> Wolfgang
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev
More information about the opencms-dev
mailing list