Tomcat - java.security.AccessControlException: access denied (java.io.FilePermission C:\log\ write)

Hi

I am getting below two access denied issue when my servlet trying to initialize log file in Tomcat. Same war working fine in Testing environment and only facing issue in production. Even i have added necessary grant permission in "catalina.policy" file similar like my testing region. but still i getting the same set of issue. Can someone please help me on this for finding solution. Thanks in advance

java.security.AccessControlException: access denied (java.io.FilePermission C:\log\application.log write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)

java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)

-----------------------
My Catalina.policy

grant codeBase "${catalina.home}/webapps/appName/-" {
permission java.util.PropertyPermission "*", "read,write";
permission java.security.AllPermission;
};

permission java.io.FilePermission "C:/log/application.log/-", "read, write";

Neither the TOMCAT_HOME/webapps directory nor your logfile path should normally require special security policy rules. Unlike such restricted environments as the Java Applet sandbox, a normal Java application VM (which is what Tomcat runs is) has full read-write access to the local filesystem, including local mounts of remote filesystems.

So unless there's something that was added to your catalina policy to forbid it, your problem shouldn't be coming from missing/incorrect Catalina policy. Thus, I'd recommend checking to see if the Tomcat user has appropriate read/write privileges without regard to what program is actually running.

Incidentally, it's EXTREMELY hazardous for web applications to write into WARs, regardless of access rights. Depending on configuration, it may not work at all, and even if it does, there are significant risks.

Thanks Tim, one more thing i forgot to add it here, Actually all other applications which are running in that same servers are accessing the same LOG directory. I cross verified those grant privileges with my new application too. I dont know what i am missing in it.

Thanks Tim

Got a solution . Tried with all grant permission individually as trial and error method. Finally below security permission for application directory resolved my issue. I dont know what is that reason behind that.

grant codeBase "file:${catalina.home}/webapps/ApplicationName/-" {
permission java.security.AllPermission ;
};

It may helpful for other members too. Thank you for all JavaRanch members