Tomcat – java.security.AccessControlException: access denied (logging.properties read)

Problem

After upgraded to Tomcat version 5.5.25, it starting to hit a lot of errors in security policy :


Caused by: java.security.AccessControlException: access denied 
      (java.io.FilePermission /usr/share/tomcat5.5-
            webapps/jsp-examples/WEB-INF/classes/logging.properties read)

Solution

Above error is caused by the Tomcat’s policy file, Tomcat 5.5.25 made a lot of modification on policy file. To fix it, you need to make some changes in the policy file(03catalina.policy)…

Issue vi 03catalina.policy, the file is usually located at policy.d folder


mkyong@mkyong-desktop:/etc/tomcat5.5/policy.d$ vi 03catalina.policy 

find following pattern :

File : 03catalina.policy


grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
        //...omitted for readability  
};

CHANGED TO this, grant all permission.

File : 03catalina.policy


grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.security.AllPermission;
};

Done, restart Tomcat.

Alternatively…

You can enable permission to your web app path explicitly.


permission java.io.FilePermission "${catalina.base}${file.separator}
   webapps${file.separator}YOUR_PATH_HERE${file.separator}WEB-INF
   ${file.separator}classes${file.separator}logging.properties", "read";

full command is

File : 03catalina.policy


grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
        //...omitted for readability  
        permission java.io.FilePermission "${catalina.base}${file.separator}webapps$
        {file.separator}YOUR_PATH_HERE${file.separator}WEB-INF${file.separator}
        classes${file.separator}logging.properties", "read";
};
author image

mkyong

Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter. If you like my tutorials, consider make a donation to these charities. Read all published posts by

Comments

avatar
3000
newest oldest most voted
trackback
Java Exceptions – Well Explained - Tech Forum Network

[…] 3. Tomcat – java.security.AccessControlException: access denied (logging.properties read)  […]

trackback
Tomcat – java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)

[…] i said in previously post, Tomcat 5.5.25 made a lot modification at policy file, which may enhance security on web […]

Lean
Guest
Lean

You can disable security if your tomcat won’t host third party wars, you can set the TOMCAT5_SECURITY variable to false in /etc/default/tomcat5.5

Ahlonko
Guest
Ahlonko

That’s what i did , but my problem stays the same. It’s impossible to launch Admin and Manager tomcats app and in the same time it’s impossible to run the cmsc application http://www.cmscontainer.org

Here is my new environment:

Using CATALINA_BASE: /usr/share/tomcat6
Using CATALINA_HOME: /usr/share/tomcat6
Using CATALINA_TMPDIR: /usr/share/tomcat6/temp
Using JRE_HOME: /usr/lib/jvm/java6
Server version: Apache Tomcat/6.0.20
Server built: Aug 8 2009 10:43:00
Server number: 6.0.0.0
OS Name: Linux
OS Version: 2.6.20.1-1-686
Architecture: i386
JVM Version: 1.6.0_14-b08
JVM Vendor: Sun Microsystems Inc.

Any suggestion will be appreciated .

THanks

Ahlonko
Guest
Ahlonko

I ‘ll do the upgrade to Tomcat6 . Will i do the same modifications in policy files ?

Thanks Mkyong.

Ahlonko
Guest
Ahlonko

Hello Mkyong,

Thanks for this real helping blog. Could you please help with this …

I have the same problem earlier solved by you . I follow the solution proposed but i still have the same errors !
I made the change in 03catalina.policy

here is what shows tomcat version.sh

Using CATALINA_BASE: /usr/share/tomcat5.5
Using CATALINA_HOME: /usr/share/tomcat5.5
Using CATALINA_TMPDIR: /usr/share/tomcat5.5/temp
Using JRE_HOME: /usr/lib/jvm/java5
Server version: Apache Tomcat/5.5
Server built: Oct 15 2008 12:57:44
Server number: 5.5.26.0
OS Name: Linux
OS Version: 2.6.20.1-1-686
Architecture: i386
JVM Version: 1.5.0_17-b04
JVM Vendor: Sun Microsystems Inc.

and here is my errors log

SEVERE: Error unregistering mbean
java.security.AccessControlException: access denied (java.io.FilePermission /WEB-INF/classes/logging.properties read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:700)
at org.apache.naming.resources.FileDirContext.file(FileDirContext.java:828)
at org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:211)

Thanks for any suggestions.

Vinod
Guest
Vinod

Thank you.

Jeff
Guest
Jeff

O…i ‘ve met the same problem.And it really got me crazy for a whole afternoon.
Thank you!Good job.

simon
Guest
simon

🙂 thank you!