Bug#461355: tomcat5.5: More restrictive JULI permissions break java.util.logging.

Alexander Hvostov alex at aoi.dyndns.org
Fri Jan 18 00:23:07 UTC 2008


Package: tomcat5.5
Version: 5.5.20-2etch1
Severity: important

As you know, in tomcat5.5 
5.5.20-2etch1, /etc/tomcat5.5/policy.d/03catalina.policy contains more 
restrictive permissions for JULI than was previously the case.

This causes uses of java.util.logging to break, at least in some 
instances. I'm not sure exactly why, but it seems that JULI is trying to 
look for a context-specific logging.properties file, and fails if it 
doesn't have permission to do so.

Stack trace:

org.apache.commons.logging.LogConfigurationException: 
java.security.AccessControlException: access denied 
(java.io.FilePermission /var/lib/tomcat5.5/webapps-opencms/ROOT/WEB-INF/classes/logging.properties 
read) (Caused by java.security.AccessControlException: access denied 
(java.io.FilePermission /var/lib/tomcat5.5/webapps-opencms/ROOT/WEB-INF/classes/logging.properties 
read))
	at 
org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:538)
	at 
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:235)
	at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:370)
	at 
org.apache.catalina.core.ContainerBase.getLogger(ContainerBase.java:380)
	at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4114)
	at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
	at org.apache.catalina.core.ContainerBase.access$0
(ContainerBase.java:743)
	at 
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
	at java.security.AccessController.doPrivileged(Native Method)
	at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:737)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
	at 
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:904)
	at 
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:867)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
	at 
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
	at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
	at 
org.apache.catalina.core.StandardService.start(StandardService.java:450)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Caused by: java.security.AccessControlException: access denied 
(java.io.FilePermission /var/lib/tomcat5.5/webapps-opencms/ROOT/WEB-INF/classes/logging.properties 
read)
	at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
	at 
java.security.AccessController.checkPermission(AccessController.java:546)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
	at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
	at java.io.File.exists(File.java:731)
	at 
org.apache.naming.resources.FileDirContext.file(FileDirContext.java:827)
	at 
org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:210)
	at 
org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:293)
	at 
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1887)
	at 
org.apache.catalina.loader.WebappClassLoader.findResource(WebappClassLoader.java:929)
	at 
org.apache.juli.ClassLoaderLogManager.readConfiguration(ClassLoaderLogManager.java:298)
	at 
org.apache.juli.ClassLoaderLogManager$2.run(ClassLoaderLogManager.java:272)
	at java.security.AccessController.doPrivileged(Native Method)
	at 
org.apache.juli.ClassLoaderLogManager.getClassLoaderInfo(ClassLoaderLogManager.java:269)
	at 
org.apache.juli.ClassLoaderLogManager.getLogger(ClassLoaderLogManager.java:174)
	at java.util.logging.Logger.getLogger(Logger.java:275)
	at 
org.apache.commons.logging.impl.Jdk14Logger.getLogger(Jdk14Logger.java:152)
	at 
org.apache.commons.logging.impl.Jdk14Logger.<init>(Jdk14Logger.java:53)
	at sun.reflect.GeneratedConstructorAccessor1.newInstance(Unknown Source)
	at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
	at 
org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:529)
	... 29 more

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages tomcat5.5 depends on:
ii  adduser                    3.102         Add and remove users and 
groups
ii  apache2-utils              2.2.3-4+etch3 utility programs for 
webservers
ii  apache2.2-common           2.2.3-4+etch3 Next generation, scalable, 
extenda
ii  ecj-bootstrap              3.2.1-3       bootstrap version of the 
Eclipse J
ii  gij-4.1 [java2-runtime]    4.1.1-20      The GNU Java bytecode 
interpreter
ii  libtomcat5.5-java          5.5.20-2etch1 Java Servlet engine -- core 
librar
ii  sun-java5-jre [java2-runti 1.5.0-10-3    Sun Java(TM) Runtime 
Environment (
ii  sun-java6-jre [java2-runti 6-00-2        Sun Java(TM) Runtime 
Environment (

tomcat5.5 recommends no packages.

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20080117/0387e986/attachment.pgp 


More information about the pkg-java-maintainers mailing list