ode-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Fonden" <christian.fon...@die-rooter.de>
Subject Re: ODE/Tomcat Setup with java security manager enabled
Date Tue, 09 Dec 2008 19:35:59 GMT
Ok, then I think I'm supposed to learn more about the tomcat sandbox before 
investigating that feature. When I found out more and think it's worth the 
work I'm going to tell you over the ode list.

Thanks for your help

chris


----- Original Message ----- 
From: "Alex Boisvert" <boisvert@intalio.com>
To: <user@ode.apache.org>
Sent: Tuesday, December 09, 2008 8:33 PM
Subject: Re: ODE/Tomcat Setup with java security manager enabled


> Understood; but if it means no webapps can read/write to disk, then 
> there's
> a problem.  I think you're the first to try to run Ode in this
> configuration.  We would need to understand the limitations when running 
> in
> that mode and address each issue individually.   Whether it's worth it or
> not, I don't know.
>
> alex
>
>
> On Tue, Dec 9, 2008 at 11:26 AM, Christian Fonden <
> christian.fonden@die-rooter.de> wrote:
>
>> Hi Alex,
>>
>> it seems that the java security manager is enabled with that flag.
>>
>> In my oppinion  this is something similar to a sandbox for java code
>> running as a servlet, hosted by the tomcat webserver.
>> In the past two years I worked with the Microsoft IIS Webserver and I 
>> think
>> the java security manager can be compared with the dotnet CLR runtime of 
>> a
>> dotnet web app hosted in the IIS.
>>
>> Please correct me if I'm wrong....
>>
>>
>> greets
>> Chris
>>
>> ----- Original Message ----- From: "Alex Boisvert" <boisvert@intalio.com>
>> To: <user@ode.apache.org>
>> Sent: Monday, December 08, 2008 7:44 PM
>> Subject: Re: ODE/Tomcat Setup with java security manager enabled
>>
>>
>>
>>  What does the TOMCAT5_SECURITY setting actually do?
>>>
>>> alex
>>>
>>> On Mon, Dec 8, 2008 at 5:08 AM, Christian Fonden <
>>> christian.fonden@die-rooter.de> wrote:
>>>
>>>  Hello ODE users list,
>>>>
>>>> I'm new to Apache ODE and Tomcat and just have set up ODE successfully
>>>> under debian linux.
>>>>
>>>> During the Setup process I encountered the following Exception Stack
>>>> Trace
>>>> when trying to access the ODE Url:
>>>> org.apache.jasper.JasperException: access denied
>>>> (java.lang.RuntimePermission
>>>>
>>>> accessClassInPackage.org.apache.jasper.compiler)
>>>>
>>>> org.apache.jasper.compiler.JspConfig.processWebDotXml(JspConfig.java:185)
>>>>  org.apache.jasper.compiler.JspConfig.init(JspConfig.java:198)
>>>>
>>>> Causing an HTTP 500 Error.
>>>>
>>>> When turning off the Tomcat Security settings in the 
>>>> /etc/init.d/tomcat55
>>>> startup script
>>>> in
>>>> # Use the Java security manager? (yes/no)
>>>>  TOMCAT5_SECURITY=yes (changed to no later)
>>>>
>>>> everything works fine. The axis2 start page is loading correctly when
>>>> accessing the ODE url.
>>>>
>>>> As turning off the TOMCAT5_SECURITY setting does not seem to be a very
>>>> trustworthy solution, my question is:
>>>>
>>>> How can I get ODE working without turning off that option in the tomcat
>>>> settings.
>>>>
>>>>
>>>> greets
>>>> Chris
>>>>
>>>
>>>
>>
> 


Mime
View raw message