Problem: The zipfile distribution of Apache-Tomcat-5.5.26 contains an improper conf/catalina.policy file with regards to logging permissions when running with -security option. It may exist in the other distribution packages. I have not checked them. To reproduce: Download apache-tomcat-5.5.26.zip distribution Expand the zip file to a folder Run the command {catalina.hom}/bin/catalina run -security Cause: There are two corrections that need to be made actually. 1. The commons-logging-api jar that is packaged with apache-tomcat-5.5.26 is named "commons-logging-api-1.1.1.jar". The catalina.policy file grants permissions to "commons-logging-api.jar". 2. After correcting the first cause, you will need three permissions set for ${catalina.home}/bin/tomcat-juli.jar. These are due to the bundled example webapps. Please add the following lines to the default permissions list for juli -- permission java.io.FilePermission "${catalina.base}${file.seaparator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read"; permission java.io.FilePermission "${catalina.base}${file.seaparator}webapps${file.separator}servlets-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read"; permission java.io.FilePermission "${catalina.base}${file.seaparator}webapps${file.separator}jsp-examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
The first issue has already been fixed. The second isn't going to be fixed. Work is in hand to handle the errors more gracefully. In a security conscious environment, the examples should not be installed so I don't see the need to add explicit permissions for this web app. *** This bug has been marked as a duplicate of bug 45293 ***
Thanks