[Bug 591802] Re: tomcat fails to start using a security manager

Thierry Carrez thierry.carrez at ubuntu.com
Mon Jul 5 14:38:07 BST 2010 

** Description changed:

  Binary package hint: tomcat6
  
  Using tomcat6 package version 6.0.24-2ubuntu, after editing
  /etc/default/tomcat6 to set TOMCAT6_SECURITY=yes, Tomcat breaks on
  startup with (in catalina.out):
  
  Using CATALINA_BASE:   /var/lib/tomcat6
  Using CATALINA_HOME:   /usr/share/tomcat6
  Using CATALINA_TMPDIR: /tmp/tomcat6-tmp
  Using JRE_HOME:        /usr/lib/jvm/java-6-openjdk
  Using CLASSPATH:       /usr/share/tomcat6/bin/bootstrap.jar
  Using Security Manager
  Exception in thread "main" java.lang.ExceptionInInitializerError
-         at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
-         at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
-         at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
-         at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
+         at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
+         at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
+         at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
+         at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
  Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.util.logging.config.class read)
-         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
-         at java.security.AccessController.checkPermission(AccessController.java:553)
-         at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
-         at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
-         at java.lang.System.getProperty(System.java:669)
-         at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
-         ... 4 more
+         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
+         at java.security.AccessController.checkPermission(AccessController.java:553)
+         at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
+         at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
+         at java.lang.System.getProperty(System.java:669)
+         at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
+         ... 4 more
  Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit.
  
- 
- The problem is that -Djava.security.policy is being set twice, firstly in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), secondly in /usr/share/tomcat6/bin/catalina.sh to $CATALINA_BASE/conf/catalina.policy (an invalid path).  Unfortunately the second takes precedence, and so no policy file is actually used.
+ The problem is that -Djava.security.policy is being set twice, firstly
+ in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct),
+ secondly in /usr/share/tomcat6/bin/catalina.sh to
+ $CATALINA_BASE/conf/catalina.policy (an invalid path).  Unfortunately
+ the second takes precedence, and so no policy file is actually used.
  
  To fix this, I suggest patching catalina.sh to change
  'conf/catalina.policy' references to 'work/catalina.policy'. It would
  also be good to remove the explicit setting of -Djava.security.manager
  and -Djava.security.policy from the init.d script, since it is done
  anyway in the init script.  I've attached two patches for this.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: tomcat6 6.0.24-2ubuntu1
  ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
  Uname: Linux 2.6.32-22-generic i686
  NonfreeKernelModules: nvidia
  Architecture: i386
  Date: Thu Jun 10 01:14:40 2010
  InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100427.1)
  PackageArchitecture: all
  ProcEnviron:
-  PATH=(custom, user)
-  LANG=en_US.utf8
-  SHELL=/bin/bash
+  PATH=(custom, user)
+  LANG=en_US.utf8
+  SHELL=/bin/bash
  SourcePackage: tomcat6
+ 
+ == SRU Report ==
+ Impact:
+ Regression for users of TOMCAT6_SECURITY=yes, that won't work after upgrading to Lucid.
+ 
+ Development branch fix:
+ 6.0.26-4 has this fix, and a sync request to 6.0.26-5 was filed (bug 599265)
+ 
+ Minimal patch:
+ See attached at comment 9.
+ 
+ TEST CASE:
+ $ sudo apt-get install tomcat6
+ $ sudo sed -i "s/#TOMCAT6_SECURITY=no/TOMCAT6_SECURITY=yes/" /etc/default/tomcat6
+ $ sudo service tomcat6 restart
+ Affected = FAIL
+ Fixed = PASS
+ 
+ Regression potential:
+ The patch only affects the options used when TOMCAT6_SECURITY=yes, and the current duplicated options prevent it from working completely.

** Attachment added: "Minimal SRU patch"
   http://launchpadlibrarian.net/51412745/patch

-- 
tomcat fails to start using a security manager
https://bugs.launchpad.net/bugs/591802
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in ubuntu.

More information about the Ubuntu-server-bugs mailing list