010011010110000101110100011101000010000001000010011101010111010001100011011010000110010101110010
Quick Links  
Home
Docs & How-Tos
Search
 
QueryPath

Books  

Drupal

Drupal, JavaScript, and jQuery.


LDAP


OpenCMS
 
Projects  
Anadem
Caryatid
OpenCms Modules
Pilaster
Sinciput
Utilities
Widgets (AJAX)
iPhone Apps
 

Tomcat 5.5 On Debian: AccessControlException for logging.properties

A Fix for Debian's Tomcat Logging Error

Author: M Butcher
Date: 2008-03-27 01:06:10 -0400

While setting up a new servlet in a default installation of Tomcat 5.5 under Debian, I was getting an exception like this:
SEVERE: Error deploying web application archive LanternNotes.war
org.apache.commons.logging.LogConfigurationException: 
java.security.AccessControlException: access denied 
(java.io.FilePermission /var/lib/tomcat5.5/webapps/[SERVLET_NAME]/WEB-INF/classes/logging.properties read) 
(Caused by java.security.AccessControlException: access denied 
(java.io.FilePermission /var/lib/tomcat5.5/webapps/[SERVLET_NAME]/WEB-INF/classes/logging.properties read))
 at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:538)

And on the exception went for a couple dozen lines.

Along with this nasty exception, any attempt to access my new servlet was met with a 404 error. The servlet was never even started.

What is going on, here? In a nutshell, the logging subsystem doesn't have the necessary permissions to read the new servlet's logging configuration file (logging.properties).

To fix the error, we need to alter the permissions for the logging subsystem, granting it explicit access to read this one particular file.

Permissions for Tomcat 5.5 in Debian are stored in /etc/tomcat5.5/policy.d/*.policy.
We want to cd to that directory and edit 50user.policy, which is the location where user-defined policy changes should go. (And, yes, "user", in this case, means us.)

The following lines, added at the bottom of the file, did it for my configuration:
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
 permission java.io.FilePermission \
"${catalina.base}${file.separator}webapps${file.separator}\
SERVLET_NAME${file.separator}WEB-INF${file.separator}classes\
${file.separator}logging.properties", "read";
};
Note that SERVLET_NAME should be replaced by the real name of the servlet you have installed.

Note also that the policy statement should all be on one line, with no spaces and the \ characters removed.

The above simply grants read-only permissions to the Juli logging subsystem. It lets that system read my servlet's logging.properties file.

Once Tomcat has restarted, the exception disappears and the servlet starts up correctly.

Update: There is a Debian Security mailinglist thread archived on Nabble that follows this same problem, though the solutions are different.

News
R
S
S		 News
Docs and How-To's
Releases
Links
 

Search

Google
  Web aleph-null.tv   

 

  

Questions? Comments? Consulting Opportunities? Email matt at aleph-null.tv.

This site and all of its content is Copyright © 2003-2005, Aleph-Null, Inc. All rights reserved.