Uploaded image for project: 'Jetspeed 2 (Retired)'
  1. Jetspeed 2 (Retired)
  2. JS2-205

Using Tomcat Security Policy breaks RdbmsPolicy

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0-M2
    • 2.0-M4
    • Security
    • None

    Description

      I set my Tomcat Security policy to:

      grant {
      permission java.security.AllPermission;
      };

      Start Tomcat 5.0.31 as:

      catalina run -security

      And it gets a stack overflow from recursive loop in policy setup:

      at java.security.AccessController.checkPermission(AccessController.java:
      401)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
      at javax.security.auth.Subject.getSubject(Subject.java:251)
      at org.apache.jetspeed.security.impl.RdbmsPolicy.getPermissions(RdbmsPol
      icy.java:90)
      at java.security.Policy.getPermissions(Policy.java:343)
      at java.security.Policy.implies(Policy.java:397)
      at java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
      at java.security.AccessControlContext.checkPermission(AccessControlConte

      As an interim fix, if you don't need the Rdbms Policy,
      In the jetspeed-spring.xml, comment out:

      <!-- Security: RDBMS Policy implementation for JAAS -->
      <!--
      <bean id="org.apache.jetspeed.security.impl.RdbmsPolicy"
      class="org.apache.jetspeed.security.impl.RdbmsPolicy"
      >
      <constructor-arg ><ref bean="org.apache.jetspeed.security.PermissionManager"/></constructor-arg>
      </bean>
      -->
      <!-- Security: Authorization Provider -->
      <!--
      <bean id="org.apache.jetspeed.security.AuthorizationProvider"
      class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl"
      >
      <constructor-arg ><ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/></constructor-arg>
      </bean>
      -->

      Attachments

        1. Rdbms.patch
          4 kB
          Santiago Gala

        Activity

          People

            dlestrat David LeStrat
            taylor David Sean Taylor
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: