Details
-
Bug
-
Resolution: Done
-
Critical
-
JBossAS-3.2.7 Final, JBossAS-4.0.1 Final, JBossAS-4.0.1 SP1
-
None
Description
Hello,
Just to explain you the circumstances why this request has arised.
I try to secure JBoss with a java security policy. The policy should prevent
somebody from writing in the JBoss installation directory.
For this reason I set a File permission that allows only reading on the
JBoss installation directory.
It looks like this
grant {
permission java.io.FilePermission "${jboss.home.dir}/-", "read";
...
};
Now when I start JBoss and deploy a War file I receive the following AccessPermissionException
Caused by: java.security.AccessControlException: access denied (java.io.FilePermission /opt/jboss/4.0.1/server/myserver/conf/jboss.web/localhost write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:954)
at java.io.File.mkdir(File.java:1097)
at java.io.File.mkdirs(File.java:1122)
at org.apache.catalina.core.StandardContext.getConfigBase(StandardContext.java:4858)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4071)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:805)
at org.a
pache.catalina.core.StandardHost.addChild(StandardHost.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.commons.modeler.BaseModelMBean.invoke(BaseModelMBean.java:503)
... 152 more
The method that creates the Exception looks like this
private File org.apache.catalina.core.StandardContext#getConfigBase()
{
File configBase = new File(System.getProperty("catalina.base"), "conf");
if(!configBase.exists())
return null;
Container container = this;
Container host = null;
Container engine = null;
for(; container != null; container = container.getParent())
if(engine != null)
configBase = new File(configBase, engine.getName());
if(host != null)
configBase = new File(configBase, host.getName());
configBase.mkdirs(); // here it crashes
return configBase;
}
JBoss sets the saveConfig Flag of the StandardContext to false.
(see TomcatDeployer#performDeployInternal)
configBase.mkdirs() should only be invoked if the saveConfig Flag is set to true.
Regards
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
