

010011010110000101110100011101000010000001000010011101010111010001100011011010000110010101110010

Quick Links
Home Docs & How-Tos Search

Books

Drupal

LDAP

OpenCMS

Projects
Anadem Caryatid OpenCms Modules Pilaster Sinciput Utilities Widgets (AJAX) iPhone Apps

OpenCms 7.04 with Tomcat on Ubuntu Feisty (7.10)

Successfully deploying opencms.war

Author: M Butcher
Date: 2008-04-16 13:29:53 -0400

Deploying OpenCms 7.04 on Tomcat 5.5 in Ubuntu 7.10 can be a little tricky if you have not already configured Tomcat. The main reason for this is that the security manager for Tomcat is configured (under Debian and Ubuntu) to be very strict.

In this short article, we will cover the process of getting Tomcat conifgured to correctly unpack and deploy the opencms.war WAR file.

Before we begin, the following is assumed:

You have Sun's Java 6 JSDK installed and set to be the default Java version.
You have Tomcat5.5 (as found in the Ubuntu repository) installed. You will need the tomcat5.5 package, and probably the tomcat5.5-webapps and tomcat5.5-admin packages, too.
You have the opencms.war file. Usually, you get this from the pre-built binary packages available at OpenCms.org.

This article will not walk you through the installer. We're just interested in getting you to the point where you can access http://localhost:8180/opencms/setup/. While you will need to have a SQL database (e.g. MySQL) installed and configured, this is not covered in the present article.

There are few things that you should know before we start:

In Debian and Ubuntu, Tomcat is configured to listen (over HTTP) on port 8180, (not port 8080).
Tomcat webapps are stored in /var/lib/tomcat5.5/webapps. In Ubuntu, there is also a symbolic link from /usr/share/tomcat5.5/webapps to the location listed above.
Configuration files for Tomcat are located in /etc/tomcat5.5.
Logs are in /var/log/tomcat5.5. The catalina.<date>.log (where <date> is the current date) is a very important source of troubleshooting information. Get to know it... really well.

Deploying the WAR

The first thing to do is move the opencms.war file to the correct location. Change directories into the location where you have the opencms.war file, and issue the following command:

sudo cp opencms.war /var/lib/tomcat5.5/webapps

Now the WAR is in the correct place. By default, Tomcat is configured to automatically unpack the WAR file. So if you look in the /var/lib/tomcat5.5/webapps directory, you should see both opencms.war and a directory opencms/:

$ ls -1 /var/lib/tomcat5.5/webapps/

opencms

opencms.war

(Note that in the command above, that is the digit one, not a lowercase L.)

Try accessing the OpenCms installer in a browser. The URL should be http://localhost:8180/opencms/setup/. (Note: If you are accessing OpenCms from a machine that is NOT the server, you will need to substitute an IP address or domain name for localhost.

If you get the setup page you can quite reading this article. It won't be much help.

If you get a 404 error (or, in rare cases, a 500 error), don't fret. That's the problem that this article is intended to help you solve.

Problem 1: The Logger Needs More Permissions

In Debian (not so much in Ubuntu), the JULI logging system is granted insufficient permissions to do its little logging thing.

Check out /etc/tomcat5.5/policy.d/03catalina.policy. Hunt for a section that looks like this:

grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {

 permission java.security.AllPermission;

};

If you find it, you're doing fine. Skip to the next problem.

If you don't (or if the permission is different than java.security.AllPermission), then you have a problem.

You will probably see AccessControlException messages about logging in the catalina log when this is the issue.

To solve this problem, you need to edit /etc/tomcat5.5/policy.d/50user.policy and add the following:

grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {

permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}SERVLET_NAME${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";

};

(See this article for more information).

Once you have added this, you will have to restart Tomcat:

$sudo invoke-rc.d tomcat5.5 restart

But we're not done yet. We also need to grant OpenCms some additional permissions.

Problem 2: OpenCms needs write permissions

OpenCms needs to be able to read and write files in its own directory. It also makes use of a few other privileges. But by default, Debian and Ubuntu do not grant these permissions to web apps.

If you have this particular problem, you will be able to find a big nasty stack trace in the catalina log file that looks something like this:

Apr 16, 2008 11:24:02 AM org.apache.catalina.startup.HostConfig deployWAR

INFO: Deploying web application archive opencms.war

Apr 16, 2008 11:24:02 AM org.apache.catalina.startup.HostConfig deployWAR

SEVERE: Error deploying web application archive opencms.war

org.apache.commons.logging.LogConfigurationException: java.lang.ExceptionInIniti

alizerError (Caused by java.lang.ExceptionInInitializerError)

 at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactory

Impl.java:538)

 at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactory

Impl.java:235)

 at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:370)

 at org.apache.catalina.core.ContainerBase.getLogger(ContainerBase.java:3

81)

 at org.apache.catalina.core.StandardContext.start(StandardContext.java:4

119)

 at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase

.java:760)

 at org.apache.catalina.core.ContainerBase.access$0(ContainerBase.java:74

4)

[MANY lines skipped]

Caused by: java.security.AccessControlException: access denied (java.io.FilePermission opencms_init.log write)

 at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)

 at java.security.AccessController.checkPermission(AccessController.java:546)

 at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

 at java.lang.SecurityManager.checkWrite(SecurityManager.java:962)

 at java.io.FileOutputStream.<init>(FileOutputStream.java:169)

 at java.io.FileOutputStream.<init>(FileOutputStream.java:102)

 at org.apache.log4j.FileAppender.setFile(FileAppender.java:289)

 at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:167)

 at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:163)

 at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:256)

[More lines omitted]

The root cause, as can be seen in the Caused by line, is that OpenCms cannot write to opencms_init.log. The security manager has denied write access.

I have seen it suggested on too many websites that the solution to this problem is to disable webapp security for Tomcat. This is a BAD IDEA (for obvious reasons).

I have also heard of some people getting around this problem by disabling Tomcat security just for OpenCms. That's better, I guess. But not the route I will go.

Instead, I suggest using the security manager to grant OpenCms with the permissions it needs. While we may be able to get away with more stringent permissions, here I will show you how to grant OpenCms all privileges. If that offends you, feel free to create finer grained permissions. (And if you send a thouroughly tested working list to me -- matt at this domain -- I'll post it here).

The following line needs to be added the /etc/tomcat5.5/policy.d/50user.policy:

grant codeBase "file:${catalina.home}/webapps/opencms/-" {

 permission java.security.AllPermission;

};

(Note the semicolon at the end of the second and third lines.)

This file will be used for generating the main catalina.policy file that Tomcat uses. What it does is grant all permissions to everything inside of the $CATALINA_HOME/webapps/opencms/ directory.

IMPORTANT NOTE FOR DEBIAN USERS:

By default (at least in the last Tomcat package I tested), $CATALINA_HOME does not have a webapps/ directory. This is because $CATALINA_HOME points to /usr/share/tomcat5.5, and web apps are stored in /var/lib/tomcat5.5/webapps. One solution to this problem is to use the entire path instead of relying upon the ${catalina_home} variable:

grant codeBase "file:/var/lib/tomcat5.5/webapps/opencms/-" {

 permission java.security.AllPermission;

};

(This is the solution I posted in another related article)

Finishing Up

Once these changes have been made, you should be a Tomcat restart away from being able to run the installer.

Restart Tomcat:

$ sudo invoke-rc.d tomcat5.5 restart

Then try accessing the installer:
http://localhost:8180/opencms/setup/

Help! Tomcat won't restart!

Here's a common problem: You modify the policy and restart Tomcat. The init script runs fine and reports that Tomcat has been restarted, but in fact Tomcat is not running.

To make matters worse, there are no messages at all in the catalina log (or in the other logs, for that matter).

What's going on?

The likely culprit is a formatting error in the policy definition. Do the lines end with semicolons? Are the curly braces opened and closed? Is the path correct? Take another look at /etc/tomcat5.5/policy.d/50user.policy and make sure everything is okay. Since that's the only file we changed (and there are no such known errors with opencms.war itself), this is almost certainly the culprit.

News

R S S	News
R S S	Docs and How-To's

Releases

Links

Search

Questions? Comments? Consulting Opportunities? Email matt at aleph-null.tv.