spring / log4j security permission

10-01-2006

Hi, i'm trying to solve a security permission issue when running a
spring application in tomcat (v5.5.4) with the security manager turned
on. I'm not sure if the root cause is log4j or spring, and i'm also
confused why either would need such a permission.
Any ideas/help would be great.

I can solve the issue by with an addition to the policy as below for all
files in my web context as its needed for .jars and .jsp files:

permission java.lang.RuntimePermission "defineClassInPackage.java.lang";

Below is part of my security log.

Thanks,

Tim

access: access allowed (java.io.FilePermission
/usr/local/jakarta-tomcat-5.5.4/common/classes/org/apache/log4j/LayoutBeanInfo.class
read)
access: access allowed (java.io.FilePermission
/usr/local/jakarta-tomcat-5.5.4/server/classes/org/apache/log4j/LayoutBeanInfo.class
read)
access: access denied (java.lang.RuntimePermission
defineClassInPackage.java.lang)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1206)
at
java.security.AccessControlContext.checkPermission (AccessControlContext.java:313)
at
java.security.AccessController.checkPermission(Acc essController.java:546)
at
java.lang.SecurityManager.checkPermission(Security Manager.java:532)
at
java.lang.SecurityManager.checkPackageDefinition(S ecurityManager.java:1580)
at
org.apache.catalina.loader.WebappClassLoader.findC lass(WebappClassLoader.java:834)
at
org.apache.catalina.loader.WebappClassLoader.loadC lass(WebappClassLoader.java:1299)
at
org.apache.catalina.loader.WebappClassLoader.loadC lass(WebappClassLoader.java:1181)
at java.beans.Introspector.instantiate(Introspector.j ava:1460)
at
java.beans.Introspector.findExplicitBeanInfo(Intro spector.java:410)
at java.beans.Introspector.<init>(Introspector.java:3 59)
at java.beans.Introspector.getBeanInfo(Introspector.j ava:159)
at java.beans.Introspector.getBeanInfo(Introspector.j ava:220)
at java.beans.Introspector.<init>(Introspector.java:3 6

at java.beans.Introspector.getBeanInfo(Introspector.j ava:159)
at java.beans.Introspector.getBeanInfo(Introspector.j ava:220)
at java.beans.Introspector.<init>(Introspector.java:3 6

at java.beans.Introspector.getBeanInfo(Introspector.j ava:159)
at
org.apache.log4j.config.PropertySetter.introspect( PropertySetter.java:66)
at
org.apache.log4j.config.PropertySetter.getProperty Descriptor(PropertySetter.java:234)
at
org.apache.log4j.config.PropertySetter.setProperty (PropertySetter.java:146)
at
org.apache.log4j.config.PropertySetter.setProperti es(PropertySetter.java:120)
at
org.apache.log4j.config.PropertySetter.setProperti es(PropertySetter.java:87)
at
org.apache.log4j.PropertyConfigurator.parseAppende r(PropertyConfigurator.java:640)
at
org.apache.log4j.PropertyConfigurator.parseCategor y(PropertyConfigurator.java:603)
at
org.apache.log4j.PropertyConfigurator.configureRoo tCategory(PropertyConfigurator.java:500)
at
org.apache.log4j.PropertyConfigurator.doConfigure( PropertyConfigurator.java:406)
at
org.apache.log4j.PropertyConfigurator.doConfigure( PropertyConfigurator.java:307)
at
org.apache.log4j.PropertyWatchdog.doOnChange(Prope rtyConfigurator.java:673)
at
org.apache.log4j.helpers.FileWatchdog.checkAndConf igure(FileWatchdog.java:80)
at
org.apache.log4j.helpers.FileWatchdog.<init>(FileW atchdog.java:49)
at
org.apache.log4j.PropertyWatchdog.<init>(PropertyC onfigurator.java:665)
at
org.apache.log4j.PropertyConfigurator.configureAnd Watch(PropertyConfigurator.java:373)
at
org.springframework.util.Log4jConfigurer.initLoggi ng(Log4jConfigurer.java:64)
at
org.springframework.web.util.Log4jWebConfigurer.in itLogging(Log4jWebConfigurer.java:97)
at
org.springframework.web.util.Log4jConfigListener.c ontextInitialized(Log4jConfigListener.java:44)
at
org.apache.catalina.core.StandardContext.listenerS tart(StandardContext.java:3631)
at
org.apache.catalina.core.StandardContext.start(Sta ndardContext.java:4065)
at
org.apache.catalina.core.ContainerBase.addChildInt ernal(ContainerBase.java:755)
at
org.apache.catalina.core.ContainerBase.access$000( ContainerBase.java:121)
at
org.apache.catalina.core.ContainerBase$PrivilegedA ddChild.run(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(Co ntainerBase.java:737)
at
org.apache.catalina.core.StandardHost.addChild(Sta ndardHost.java:525)
at
org.apache.catalina.startup.HostConfig.deployDescr iptor(HostConfig.java:590)
at
org.apache.catalina.startup.HostConfig.deployDescr iptors(HostConfig.java:535)
at
org.apache.catalina.startup.HostConfig.deployApps( HostConfig.java:470)
at
org.apache.catalina.startup.HostConfig.start(HostC onfig.java:1079)
at
org.apache.catalina.startup.HostConfig.lifecycleEv ent(HostConfig.java:310)
at
org.apache.catalina.util.LifecycleSupport.fireLife cycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.core.ContainerBase.start(Conta inerBase.java:1011)
at
org.apache.catalina.core.StandardHost.start(Standa rdHost.java:71

at
org.apache.catalina.core.ContainerBase.start(Conta inerBase.java:1003)
at
org.apache.catalina.core.StandardEngine.start(Stan dardEngine.java:437)
at
org.apache.catalina.core.StandardService.start(Sta ndardService.java:450)
at
org.apache.catalina.core.StandardServer.start(Stan dardServer.java:2010)
at org.apache.catalina.startup.Catalina.start(Catalin a.java:537)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:589)
at org.apache.catalina.startup.Bootstrap.start(Bootst rap.java:271)
at org.apache.catalina.startup.Bootstrap.main(Bootstr ap.java:409)
access: access allowed (java.security.SecurityPermission getPolicy)
access: access allowed (java.io.FilePermission
/home/tim/temp/tempcontext/WEB-INF/lib/spring.jar read)
access: domain that failed ProtectionDomain
(file:/home/tim/temp/tempcontext/WEB-INF/lib/spring.jar <no signer
certificates>)
WebappClassLoader
delegate: false
repositories:
/WEB-INF/classes/
----------> Parent Classloader:
org.apache.catalina.loader.StandardClassLoader@145 d068

<no principals>
java.security.Permissions@b8bef7 (
(java.net.SocketPermission localhost:3306 connect,resolve)
(java.net.SocketPermission *:25 connect,resolve)
(java.net.SocketPermission *:80 connect,resolve)
(java.net.SocketPermission localhost:3306 connect,resolve)

10-01-2006

none wrote:
> Hi, i'm trying to solve a security permission issue when running a
> spring application in tomcat (v5.5.4) with the security manager turned
> on. I'm not sure if the root cause is log4j or spring, and i'm also
> confused why either would need such a permission.
> Any ideas/help would be great.
>
> I can solve the issue by with an addition to the policy as below for all
> files in my web context as its needed for .jars and .jsp files:
>
> permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
>
> Below is part of my security log.

http://java.sun.com/developer/JDCTec...01/tt0130.html

has an explanation of what it means.

Arne

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Spring Python 0.8.0 has been released/Spring Python goes green	Goldfish	Python	1	11-06-2008 06:12 PM
differences between Spring WebFlow,Spring MVC,and String Portlet MVC?	rmn190	Java	2	01-10-2008 02:27 AM
Spring and Log4j	Scott Smith	Java	2	11-24-2005 05:18 PM
log4j: locating log4j.proprties in same folder as jar	Alex Hunsley	Java	2	05-28-2004 09:57 PM
eclipse, junit, log4j, & finding log4j.xml	Alexandra Stehman	Java	0	01-19-2004 03:25 PM