从Tomcat servlet连接到HTTP服务器时出现AccessControlException

时间:2009-10-08 13:17:19

标签: tomcat permissions securitymanager

我正在尝试让我的tomcat servlet下载大量文件,但我在同一台服务器上运行apache和tomcat,所以我认为这就是为什么它不起作用。我已经在没有运行apache的服务器上进行了测试,一切都很顺利。

这是我尝试使用新的Url(fileUrl).openStream()时遇到的异常:

 Opening input stream Attempted to download: http://www.stefankendall.com/files/test.txt java.security.AccessControlException: access denied (java.net.SocketPermission www.stefankendall.com:80 connect,resolve)

如何在运行apache的同时通过tomcat运行http下载?我被困了吗?

修改
无论我做什么,我都无法超越tomcat。这是03catalina.policy:

// ========== CATALINA CODE PERMISSIONS ================================ ======= 

// These permissions apply to the logging API
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
        permission java.lang.RuntimePermission "shutdownHooks";
        permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
        permission java.util.PropertyPermission "catalina.base", "read";
        permission java.util.logging.LoggingPermission "control";
        permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
        permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
        permission java.lang.RuntimePermission "getClassLoader";
        // To enable per context logging configuration, permit read access to the appropriate file.
        // Be sure that the logging configuration is secure before enabling such access
        // eg for the examples web application:
        // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
};

// These permissions apply to the server startup code
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
        permission java.security.AllPermission;
 permission java.net.socketPermission "*:80", "connect, resolve";
};

// These permissions apply to the servlet API classes
// and those that are shared across all class loaders
// located in the "lib" directory
grant codeBase "file:${catalina.home}/lib/-" {
        permission java.security.AllPermission;
       permission java.net.socketPermission "*:80", "connect, resolve";
};

grant codeBase "file:${catalina.home}/webapps/-" {
 permission java.security.AllPermission;
 permission java.net.socketPermission "*:80", "connect, resolve";
};

1 个答案:

答案 0 :(得分:2)

您的问题与在同一个盒子上运行的某些程序的存在与否无关;它与Tomcat中存在的SecurityManager有关(这可能意味着您运行的是旧版Tomcat)。

以下是how to configure the Tomcat SecurityManager的详细文档。在您的情况下,您将沿

行向local.policy文件添加一些行 
grant codeBase "file:${catalina.home}/webapps/-" {
  permission java.net.SocketPermission "*:80", "connect";
};
相关问题
最新问题