Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Tomcat Java2 Security Issue: modifyThread and modifyThreadGroup

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I deployed axis2 on WebSphere7 with switched on java2 security and got the next expected errors:



and




When I'm deploying axis2 on Tomcat 5/6/7 with switched on java2 security I can't get the same "access denied" exception.

I have to track "modifyThread" security violations on Tomcat.
Do you know why Tomcat java2 security behaves differently?

-Orest
 
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tomcat does not run by default with a security manager enabled; if you turn that on (by using the "-security" switch of the catalina.sh script), it's possible that you'll see the same exceptions.

You should look into the security policy that's used by WebSphere, and see if it can possibly be relaxed.
 
Orest Ivasiv
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've enabled tomcat security: catalina start -security and modified catalina.policy file.
And this policy file has no permissions for "modifyThread" and "modifyThreadGroup":


 
Ulf Dittmer
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So your WebSphere server runs with a different security policy than the default one Tomcat ships with.
 
Orest Ivasiv
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I permitted everything on WebSphere and Tomcat except "modifyThread" and "modifyThreadGroup".
But axis2 works on Tomcat without any "access denied". And axis2 + WepSphere blames "modifyThreadGroup : Access denied" with the similar policy file.

 
Saloon Keeper
Posts: 24557
168
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tomcat typically gets run under the Sun/Oracle JVM. WebSphere is often run under the IBM J9 JVM. While access rights like the ones mentioned would appear to me to be something both JVMs would support and do so in an identical manner, it's worth checking to make sure that that's not the issue.
reply
    Bookmark Topic Watch Topic
  • New Topic