Tomcat – java.security.AccessControlException: access denied (logging.properties read)
Problem
After upgraded to Tomcat version 5.5.25, it starting to hit a lot of errors in security policy :
Caused by: java.security.AccessControlException: access denied
(java.io.FilePermission /usr/share/tomcat5.5-
webapps/jsp-examples/WEB-INF/classes/logging.properties read)
Solution
Above error is caused by the Tomcat’s policy file, Tomcat 5.5.25 made a lot of modification on policy file. To fix it, you need to make some changes in the policy file(03catalina.policy)…
Issue vi 03catalina.policy
, the file is usually located at policy.d folder
mkyong@mkyong-desktop:/etc/tomcat5.5/policy.d$ vi 03catalina.policy
find following pattern :
File : 03catalina.policy
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
//...omitted for readability
};
CHANGED TO this, grant all permission.
File : 03catalina.policy
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.security.AllPermission;
};
Done, restart Tomcat.
Alternatively…
You can enable permission to your web app path explicitly.
permission java.io.FilePermission "${catalina.base}${file.separator}
webapps${file.separator}YOUR_PATH_HERE${file.separator}WEB-INF
${file.separator}classes${file.separator}logging.properties", "read";
full command is
File : 03catalina.policy
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
//...omitted for readability
permission java.io.FilePermission "${catalina.base}${file.separator}webapps$
{file.separator}YOUR_PATH_HERE${file.separator}WEB-INF${file.separator}
classes${file.separator}logging.properties", "read";
};
Hi everybody,
Here : https://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html
is written :
java.security.AllPermission <=> Allows access to all permissions, just as if you were running Tomcat without a SecurityManager.
So I think we should avoir : java.security.AllPermission
no ?
You can disable security if your tomcat won’t host third party wars, you can set the TOMCAT5_SECURITY variable to false in /etc/default/tomcat5.5
Thanks for the tricks
That’s what i did , but my problem stays the same. It’s impossible to launch Admin and Manager tomcats app and in the same time it’s impossible to run the cmsc application http://www.cmscontainer.org
Here is my new environment:
Using CATALINA_BASE: /usr/share/tomcat6
Using CATALINA_HOME: /usr/share/tomcat6
Using CATALINA_TMPDIR: /usr/share/tomcat6/temp
Using JRE_HOME: /usr/lib/jvm/java6
Server version: Apache Tomcat/6.0.20
Server built: Aug 8 2009 10:43:00
Server number: 6.0.0.0
OS Name: Linux
OS Version: 2.6.20.1-1-686
Architecture: i386
JVM Version: 1.6.0_14-b08
JVM Vendor: Sun Microsystems Inc.
Any suggestion will be appreciated .
THanks
not really sure your root cause of it, try send your question to Tomcat mail list , see will anyone facing the same problem before?
http://tomcat.apache.org/lists.html
I ‘ll do the upgrade to Tomcat6 . Will i do the same modifications in policy files ?
Thanks Mkyong.
No, Tomcat 6 is more stable and easy to use.
Hello Mkyong,
Thanks for this real helping blog. Could you please help with this …
I have the same problem earlier solved by you . I follow the solution proposed but i still have the same errors !
I made the change in 03catalina.policy
here is what shows tomcat version.sh
Using CATALINA_BASE: /usr/share/tomcat5.5
Using CATALINA_HOME: /usr/share/tomcat5.5
Using CATALINA_TMPDIR: /usr/share/tomcat5.5/temp
Using JRE_HOME: /usr/lib/jvm/java5
Server version: Apache Tomcat/5.5
Server built: Oct 15 2008 12:57:44
Server number: 5.5.26.0
OS Name: Linux
OS Version: 2.6.20.1-1-686
Architecture: i386
JVM Version: 1.5.0_17-b04
JVM Vendor: Sun Microsystems Inc.
and here is my errors log
SEVERE: Error unregistering mbean
java.security.AccessControlException: access denied (java.io.FilePermission /WEB-INF/classes/logging.properties read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:700)
at org.apache.naming.resources.FileDirContext.file(FileDirContext.java:828)
at org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:211)
Thanks for any suggestions.
How about this?
set permission java.security.AllPermission; in your Tomcat policy file?
If possible please upgrade to Tomcat 6.
Thank you.
O…i ‘ve met the same problem.And it really got me crazy for a whole afternoon.
Thank you!Good job.
hmm… i still suggest upgrade to tomcat version 6 if possible
🙂 thank you!
Great, seem work to you, however i suggest upgrade tomcat to version 5.5.26 or version 6, because tomcat 5.5.25 really a lot of bugs.