Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within Tomcat Search Coderanch
Advance search Google search
Register / Login
polymorphism book review grid thread boost granny advertise on coderanch
Win a copy of Cloud Application Architecture Patterns: Designing, Building, and Modernizing for the Cloud this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
building better world book thread boost meaningless drivel advertise on coderanch book review grid
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

Urgent : Tomcat security Manager

 
shaju joseph
Ranch Hand
Posts: 30
posted 21 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Hi,
In order to connect to another server from a webapp, do I need to setup the securityManager ?. Can someone please give an example of what all changes I should make in catalina.policy.
I have an application which works fine from the shell command but fails to open the socket when deployed as a servlet under tomcat 4.1.29.
TIA
SJ
 
shaju joseph
Ranch Hand
Posts: 30
posted 21 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Hello....
I have setup catalina.policy in the following way.
>>
permission java.net.SocketPermission "IP ORT", "connect,accept,listen,resolve";
>>
However, when I run tomcat with security and debug option, I don't see any entry in the catalina.out for the IP I mentioned. What am doing wrong?
Anyone out there.....?

TIA
 
suneel suresh
Greenhorn
Posts: 9
posted 21 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
hi
u shouldint have any problems. I am running a servlet and using jaas to authenticate by connecting thru ldap using tomcat4.1. I have granted the code base and given socket permission 'connect' and works like a charm.
regards
suneel
 
suneel suresh
Greenhorn
Posts: 9
posted 21 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
oh i forgot..yes u need to run tomcat with the security manager. i use the following to startup
win32
catalina start -security
linux rh9
./catalina.sh start -security
regards
suneel
 
shaju joseph
Ranch Hand
Posts: 30
posted 21 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Suneel, thanks for the reply.
I have couple of questions.
1) Do I have to use SecurityManager if I want to connect to another server from servlet? I am not using any SecurityManager from Win2000 and that works fine. Th problem comes only in HP.
2) If you run tomcat with debug option, do you see anything in catalina.out saying 'access allowed' for IP specified. I don't see anything in my catalina.out file.
Following is the params setup for running in debug option.
CATALINA_OPTS=-Djava.security.debug=access,failure

TIA
 
suneel suresh
Greenhorn
Posts: 9
posted 21 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
no you do not need to run security manager to just connect to another remote server. If the remote server request explicitly for a secure connection, only https support needs to be enabled in tomcat and not security manager. I havent tried with the debug option
>>Catalina start -debug
>>Catalina start -security -debug
but i dnt think it will disp that access to socked granted. For example if u specify write access to file and write on it , it will not show that write access granted. You might have to check that with the API. For eg to check if you can write to a file ..i think it is <streamObj>.isWrtie(). Hope it helps
regards
suneel
 
Did you see how Paul cut 87% off of his electric heat bill with 82 watts of micro heaters?
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...