Tomcat – java.security.AccessControlException: access denied (logging.properties read)
Problem
After upgraded to Tomcat version 5.5.25, it starting to hit a lot of errors in security policy :
Caused by: java.security.AccessControlException: access denied
(java.io.FilePermission /usr/share/tomcat5.5-
webapps/jsp-examples/WEB-INF/classes/logging.properties read)
Solution
Above error is caused by the Tomcat’s policy file, Tomcat 5.5.25 made a lot of modification on policy file. To fix it, you need to make some changes in the policy file(03catalina.policy)…
Issue vi 03catalina.policy, the file is usually located at policy.d folder
mkyong@mkyong-desktop:/etc/tomcat5.5/policy.d$ vi 03catalina.policy
find following pattern :
File : 03catalina.policy
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
//...omitted for readability
};
CHANGED TO this, grant all permission.
File : 03catalina.policy
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.security.AllPermission;
};
Done, restart Tomcat.
Alternatively…
You can enable permission to your web app path explicitly.
permission java.io.FilePermission "${catalina.base}${file.separator}
webapps${file.separator}YOUR_PATH_HERE${file.separator}WEB-INF
${file.separator}classes${file.separator}logging.properties", "read";
full command is
File : 03catalina.policy
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
//...omitted for readability
permission java.io.FilePermission "${catalina.base}${file.separator}webapps$
{file.separator}YOUR_PATH_HERE${file.separator}WEB-INF${file.separator}
classes${file.separator}logging.properties", "read";
};
About Author
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter. If you like my tutorials, consider make a donation to these charities.
Hi everybody,
Here : https://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html
is written :
java.security.AllPermission <=> Allows access to all permissions, just as if you were running Tomcat without a SecurityManager.
So I think we should avoir : java.security.AllPermission
no ?
You can disable security if your tomcat won’t host third party wars, you can set the TOMCAT5_SECURITY variable to false in /etc/default/tomcat5.5
Thanks for the tricks
That’s what i did , but my problem stays the same. It’s impossible to launch Admin and Manager tomcats app and in the same time it’s impossible to run the cmsc application http://www.cmscontainer.org
Here is my new environment:
Using CATALINA_BASE: /usr/share/tomcat6
Using CATALINA_HOME: /usr/share/tomcat6
Using CATALINA_TMPDIR: /usr/share/tomcat6/temp
Using JRE_HOME: /usr/lib/jvm/java6
Server version: Apache Tomcat/6.0.20
Server built: Aug 8 2009 10:43:00
Server number: 6.0.0.0
OS Name: Linux
OS Version: 2.6.20.1-1-686
Architecture: i386
JVM Version: 1.6.0_14-b08
JVM Vendor: Sun Microsystems Inc.
Any suggestion will be appreciated .
THanks
not really sure your root cause of it, try send your question to Tomcat mail list , see will anyone facing the same problem before?
http://tomcat.apache.org/lists.html
I ‘ll do the upgrade to Tomcat6 . Will i do the same modifications in policy files ?
Thanks Mkyong.
No, Tomcat 6 is more stable and easy to use.
Hello Mkyong,
Thanks for this real helping blog. Could you please help with this …
I have the same problem earlier solved by you . I follow the solution proposed but i still have the same errors !
I made the change in 03catalina.policy
here is what shows tomcat version.sh
Using CATALINA_BASE: /usr/share/tomcat5.5
Using CATALINA_HOME: /usr/share/tomcat5.5
Using CATALINA_TMPDIR: /usr/share/tomcat5.5/temp
Using JRE_HOME: /usr/lib/jvm/java5
Server version: Apache Tomcat/5.5
Server built: Oct 15 2008 12:57:44
Server number: 5.5.26.0
OS Name: Linux
OS Version: 2.6.20.1-1-686
Architecture: i386
JVM Version: 1.5.0_17-b04
JVM Vendor: Sun Microsystems Inc.
and here is my errors log
SEVERE: Error unregistering mbean
java.security.AccessControlException: access denied (java.io.FilePermission /WEB-INF/classes/logging.properties read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:700)
at org.apache.naming.resources.FileDirContext.file(FileDirContext.java:828)
at org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:211)
Thanks for any suggestions.
How about this?
set permission java.security.AllPermission; in your Tomcat policy file?
If possible please upgrade to Tomcat 6.
Thank you.
O…i ‘ve met the same problem.And it really got me crazy for a whole afternoon.
Thank you!Good job.
hmm… i still suggest upgrade to tomcat version 6 if possible
🙂 thank you!
Great, seem work to you, however i suggest upgrade tomcat to version 5.5.26 or version 6, because tomcat 5.5.25 really a lot of bugs.