tags:

views:

460

answers:

1
+1  Q: 

AccessControlException when connecting to HTTP server from Tomcat servlet

I'm trying to make my tomcat servlet download a number of files, but I have apache and tomcat running on the same server, so I assume that is why it doesn't work. I've tested on servers not running apache, and all is well.

Here's the exception I'm getting when I try to use new Url( fileUrl ).openStream():

 Opening input stream Attempted to download: http://www.stefankendall.com/files/test.txt java.security.AccessControlException: access denied (java.net.SocketPermission www.stefankendall.com:80 connect,resolve)

How can I run http downloads via tomcat while running apache at the same time? Am I stuck?

EDIT:
No matter what I do, I can't get past tomcat. Here's 03catalina.policy:

// ========== CATALINA CODE PERMISSIONS =======================================

// These permissions apply to the logging API
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
        permission java.lang.RuntimePermission "shutdownHooks";
        permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
        permission java.util.PropertyPermission "catalina.base", "read";
        permission java.util.logging.LoggingPermission "control";
        permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
        permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
        permission java.lang.RuntimePermission "getClassLoader";
        // To enable per context logging configuration, permit read access to the appropriate file.
        // Be sure that the logging configuration is secure before enabling such access
        // eg for the examples web application:
        // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
};

// These permissions apply to the server startup code
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
        permission java.security.AllPermission;
 permission java.net.socketPermission "*:80", "connect, resolve";
};

// These permissions apply to the servlet API classes
// and those that are shared across all class loaders
// located in the "lib" directory
grant codeBase "file:${catalina.home}/lib/-" {
        permission java.security.AllPermission;
       permission java.net.socketPermission "*:80", "connect, resolve";
};

grant codeBase "file:${catalina.home}/webapps/-" {
 permission java.security.AllPermission;
 permission java.net.socketPermission "*:80", "connect, resolve";
};
+2  A: 

Your problem has nothing to do with the presence or absence of some program running on the same box; it has to do with the presence of a SecurityManager in Tomcat (which, probably, means that you're running an old version of Tomcat).

Here is detailed documentation on how to configure the Tomcat SecurityManager. In your case, you'll add some lines to the local.policy file, along the lines of

grant codeBase "file:${catalina.home}/webapps/-" {
  permission java.net.SocketPermission "*:80", "connect";
};
Jonathan Feinberg  2009-10-08 17:13:11
Clearly I did not understand the problem, as I believed my only setup difference to be the existence of apache. I'll try this and see if it works. The perils of using preconfigured software....
Stefan Kendall  2009-10-08 17:20:01
Didn't work. See comment.
Stefan Kendall  2009-10-08 19:18:19
Changes need to be in 50local.policy.
Stefan Kendall  2009-10-08 20:10:05
Thanks for the "accept". Since I don't have edit privileges yet, may i suggest that you edit your question to say something like "AccessControlException when connecting to HTTP server from Tomcat servlet", or something like that?
Jonathan Feinberg  2009-10-08 23:41:15

related questions

Can't copy file with appropriate permissions using FileIOPermission
GetProcessesByName() and Windows Server 2003 scheduled task
Starting a process in C# with username & password throws "Access is Denied" exception
How do you set directory permissions in NSIS?
PHP: How to check if a directory is writeable?
Sharepoint Item Level Access & performance
sudo echo "something" >> /etc/privilegedFile doesn't work... is there an alternative?
What is the best way to create a security architecture?
Hierarchical Group Permissions Theory/Resources?
Why is access denied when installing SSL cert on IIS 5?
What databases do I have permissions on
Can an iPhone App Be Run as Root?
SQLite/PHP read-only?
Multiple permission types (roles) stored in database as single decimal
SharePoint Permissions
CakePHP ACL Database Setup: ARO / ACO structure?
LINQ and Database Permissions
What's the best way to implement a SQL script that will grant select, references, insert, update, and delete permissions to a database role on all the user tables in a database?
php scripts writing to non-world-writable files
How do I detect if a function is available during JNLP execution?
Implementing permissions in PHP
Access Control Lists & Access Control Objects, good tutorial?
In Visual Studio you must be a member of Debug Users or Administrators to start debugging. What if you are but it doesn't work?
Where should I put my log file for an asp.net application?
What is the best way to handle multiple permission types?