|
If you were logged in you would be able to see more operations.
|
|
|
|
File Attachments:
|
| |
Size |
|
Rdbms.patch |
2005-09-23 04:45 AM |
Santiago Gala |
4 kB |
|
|
| Resolution Date: |
24/Sep/05 09:34 PM
|
|
I set my Tomcat Security policy to:
grant {
permission java.security.AllPermission;
};
Start Tomcat 5.0.31 as:
catalina run -security
And it gets a stack overflow from recursive loop in policy setup:
at java.security.AccessController.checkPermission(AccessController.java:
401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at javax.security.auth.Subject.getSubject(Subject.java:251)
at org.apache.jetspeed.security.impl.RdbmsPolicy.getPermissions(RdbmsPol
icy.java:90)
at java.security.Policy.getPermissions(Policy.java:343)
at java.security.Policy.implies(Policy.java:397)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
at java.security.AccessControlContext.checkPermission(AccessControlConte
As an interim fix, if you don't need the Rdbms Policy,
In the jetspeed-spring.xml, comment out:
<!-- Security: RDBMS Policy implementation for JAAS -->
<!--
<bean id="org.apache.jetspeed.security.impl.RdbmsPolicy"
class="org.apache.jetspeed.security.impl.RdbmsPolicy"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg>
</bean>
-->
<!-- Security: Authorization Provider -->
<!--
<bean id="org.apache.jetspeed.security.AuthorizationProvider"
class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg>
</bean>
-->
|
|
Description
|
I set my Tomcat Security policy to:
grant {
permission java.security.AllPermission;
};
Start Tomcat 5.0.31 as:
catalina run -security
And it gets a stack overflow from recursive loop in policy setup:
at java.security.AccessController.checkPermission(AccessController.java:
401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at javax.security.auth.Subject.getSubject(Subject.java:251)
at org.apache.jetspeed.security.impl.RdbmsPolicy.getPermissions(RdbmsPol
icy.java:90)
at java.security.Policy.getPermissions(Policy.java:343)
at java.security.Policy.implies(Policy.java:397)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
at java.security.AccessControlContext.checkPermission(AccessControlConte
As an interim fix, if you don't need the Rdbms Policy,
In the jetspeed-spring.xml, comment out:
<!-- Security: RDBMS Policy implementation for JAAS -->
<!--
<bean id="org.apache.jetspeed.security.impl.RdbmsPolicy"
class="org.apache.jetspeed.security.impl.RdbmsPolicy"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg>
</bean>
-->
<!-- Security: Authorization Provider -->
<!--
<bean id="org.apache.jetspeed.security.AuthorizationProvider"
class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl"
>
<constructor-arg ><ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg>
</bean>
-->
|
Show » |
| There are no subversion log entries for this issue yet.
|
|
Bug
Resolved
Major
Using Tomcat Security Policy breaks RdbmsPolicy
