[Bug 509528] [NEW] Security manager breaks session listing
imagine
the.box at gmx.net
Tue Jan 19 09:04:10 GMT 2010
Public bug reported:
Binary package hint: tomcat6
The current settings of the security manager in /etc/policy.d/ do not allow to list the active sessions in the Tomcat Web Application Manager.
Steps to reproduce:
* Install tomcat6-admin including dependencies
* Open Tomcat Web Application Manager (default location http://localhost:8080/manager/html/)
* Try to open the session list of an application
* Instead of seeing the sessions administration, a "java.security.AccessControlException" error occurs (example stacktrace is attached)
This was tested on Karmic with Tomcat version 6.0.20-2ubuntu2 and
openjdk-6-jre-headless 6b16-1.6.1-3ubuntu1.
To fix this add the following rules to the security manager settings (not thoroughly tested):
grant {
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
}
** Affects: tomcat6 (Ubuntu)
Importance: Undecided
Status: New
--
Security manager breaks session listing
https://bugs.launchpad.net/bugs/509528
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list