https://issues.apache.org/bugzilla/show_bug.cgi?id=45737
Summary: AcessControlException when using security manager: juli
can't read logging.properties
Product: Tomcat 5
Version: 5.5.26
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
When using the security manager with the default security policy
(catalina.policy), Tomcat 5.5.26 and 5.5.27 will throw an
AccessControlException for each loaded context during startup.
Workaround
----------
Check the contents of the files WEB-INF/lib/logging.properties for each of your
contexts. If those look safe, you can add read permission for these files to
the juli package in your security policy. See "per context logging" in
catalina.policy. Note that by CVE-2007-5342 you should make sure, that the
webapp provided logging.properties do not try to manipulate data outdise of the
context, like overwriting other contexts log files.
Fix
---
A fix has been proposed for backport from trunk. It will log the situation and
no longer throw an exception.
This issue is meant as a reference for users running into the problem. It
should be closed after the backport.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
