Tomcat – java.security.AccessControlException: access denied (logging.properties read)

After upgraded to Tomcat version 5.5.25, it hit a lot errors in security policy path.

Caused by: java.security.AccessControlException: access denied (java.io.FilePermission /usr/share/tomcat5.5-webapps/jsp-examples/WEB-INF/classes/logging.properties read)

Above error is cause by policy file, Tomcat 5.5.25 made a lot modified at policy file, we need to modify policy file(03catalina.policy) file to fix it.

vi 03catalina.policy which usually located at policy.d folder

mkyong@mkyong-desktop:/etc/tomcat5.5/policy.d$ vi 03catalina.policy
find below
[sourcecode language=”java”]
grant codeBase “file:${catalina.home}/bin/tomcat-juli.jar” {
permission java.util.PropertyPermission “java.util.logging.config.class”, “read”;
permission java.util.PropertyPermission “java.util.logging.config.file”, “read”;
permission java.lang.RuntimePermission “shutdownHooks”;
permission java.io.FilePermission “${catalina.base}${file.separator}conf${file.separator}logging.properties”, “read”;
permission java.util.PropertyPermission “catalina.base”, “read”;
permission java.util.logging.LoggingPermission “control”;
permission java.io.FilePermission “${catalina.base}${file.separator}logs”, “read, write”;
permission java.io.FilePermission “${catalina.base}${file.separator}logs${file.separator}*”, “read, write”;
permission java.lang.RuntimePermission “getClassLoader”;
// To enable per context logging configuration, permit read access to the appropriate file.
// Be sure that the logging configuration is secure before enabling such access
// eg for the examples web application:
//permission java.io.FilePermission “${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties”, “read”;
};
CHANGED TO below to allow all permission like before

grant codeBase “file:${catalina.home}/bin/tomcat-juli.jar” {
permission java.security.AllPermission;
};
OR enable permission explicitly to your web app path

permission java.io.FilePermission “${catalina.base}${file.separator}webapps${file.separator}YOUR_PATH_HERE
${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties”, “read”;

full command is

grant codeBase “file:${catalina.home}/bin/tomcat-juli.jar” {
permission java.util.PropertyPermission “java.util.logging.config.class”, “read”;
permission java.util.PropertyPermission “java.util.logging.config.file”, “read”;
permission java.lang.RuntimePermission “shutdownHooks”;
permission java.io.FilePermission “${catalina.base}${file.separator}conf${file.separator}logging.properties”, “read”;
permission java.util.PropertyPermission “catalina.base”, “read”;
permission java.util.logging.LoggingPermission “control”;
permission java.io.FilePermission “${catalina.base}${file.separator}logs”, “read, write”;
permission java.io.FilePermission “${catalina.base}${file.separator}logs${file.separator}*”, “read, write”;
permission java.lang.RuntimePermission “getClassLoader”;
// To enable per context logging configuration, permit read access to the appropriate file.
// Be sure that the logging configuration is secure before enabling such access
// eg for the examples web application:
permission java.io.FilePermission “${catalina.base}${file.separator}webapps${file.separator}YOUR_PATH_HERE${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties”, “read”;
};
[/sourcecode]

Done, restart Tomcat.
sudo /etc/init.d/tomcat5.5 restart

来源:Programmer Life

经过测试http://127.0.0.1:8180/,Tomcat不再抛出500错误。

打赏

《Tomcat – java.security.AccessControlException: access denied (logging.properties read)》有一个想法

  1. Ubuntu下,莫忘了是sudo vi /etc/tomcat5.5/policy/03catalina.policy

    另外,安装tomcat6再卸载,/etc下也会有一个/etc/tomcat6目录,小心。

发表评论

电子邮件地址不会被公开。 必填项已用*标注