[Bug 591802] [NEW] tomcat fails to start using a security manager

Jeff Turner jeff at biccard.com
Wed Jun 9 17:13:20 BST 2010 

Public bug reported:

Binary package hint: tomcat6

Using tomcat6 package version 6.0.24-2ubuntu, after editing
/etc/default/tomcat6 to set TOMCAT6_SECURITY=yes, Tomcat breaks on
startup with (in catalina.out):

Using CATALINA_BASE:   /var/lib/tomcat6
Using CATALINA_HOME:   /usr/share/tomcat6
Using CATALINA_TMPDIR: /tmp/tomcat6-tmp
Using JRE_HOME:        /usr/lib/jvm/java-6-openjdk
Using CLASSPATH:       /usr/share/tomcat6/bin/bootstrap.jar
Using Security Manager
Exception in thread "main" java.lang.ExceptionInInitializerError
        at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
        at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
        at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
        at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.util.logging.config.class read)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
        at java.security.AccessController.checkPermission(AccessController.java:553)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
        at java.lang.System.getProperty(System.java:669)
        at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
        ... 4 more
Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit.


The problem is that -Djava.security.policy is being set twice, firstly in /etc/init.d/tomcat6 to $CATALINA_BASE/work/catalina.policy (correct), secondly in /usr/share/tomcat6/bin/catalina.sh to $CATALINA_BASE/conf/catalina.policy (an invalid path).  Unfortunately the second takes precedence, and so no policy file is actually used.

To fix this, I suggest patching catalina.sh to change
'conf/catalina.policy' references to 'work/catalina.policy'. It would
also be good to remove the explicit setting of -Djava.security.manager
and -Djava.security.policy from the init.d script, since it is done
anyway in the init script.  I've attached two patches for this.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: tomcat6 6.0.24-2ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-22.33-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Thu Jun 10 01:14:40 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100427.1)
PackageArchitecture: all
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: tomcat6

** Affects: tomcat6 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug i386 lucid

-- 
tomcat fails to start using a security manager
https://bugs.launchpad.net/bugs/591802
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in ubuntu.

More information about the Ubuntu-server-bugs mailing list