asked on java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.")
Hi,
kindly please suggest
I injected below lines in tomcat catalina.policy,
But I still get
kindly please suggest
I injected below lines in tomcat catalina.policy,
grant codeBase "file:/<path_to_directory>/-" {
permission java.security.AllPermission;
permission java.io.FilePermission "", "read,write,execute";
permission java.util.PropertyPermission "", "read";
permission java.lang.RuntimePermission "getenv.*";
};
But I still get
Error in Full Agent Registration Info Resolver reading environment variable/system property
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.")
LinuxJavaDocker* TomcatApache Web Server
Last Comment
enthuguy
Changing your policy at a code level has no effect on the underlying filesystem.
Your first test will be to run shell commands under your Apache user (or Tomcat user if this differs from Apache) to determine if the user has sufficient privilege to execute whatever file operation you're attempting in Tomcat.
Normally a simple cat (read file) or touch (write file) under your runtime user (using su or sudo) will instantly tell you if you have a code problem or require work at the filesystem level to open permissions.
Your first test will be to run shell commands under your Apache user (or Tomcat user if this differs from Apache) to determine if the user has sufficient privilege to execute whatever file operation you're attempting in Tomcat.
Normally a simple cat (read file) or touch (write file) under your runtime user (using su or sudo) will instantly tell you if you have a code problem or require work at the filesystem level to open permissions.
Tip: You'll use the setfacl command to manage complex ACLs.
ASKER
Thanks CEHJ and David,
Will check these
Will check these
Your problem is about the inability to read env vars is it not?
ASKER
I think so CEHJ,
may be I"m not passing they required variable....but I dont think, java will fail this bad. :)
I believe application would handle it in a better way
may be I"m not passing they required variable....but I dont think, java will fail this bad. :)
I believe application would handle it in a better way
I think so CEHJ,Well the error is certainly about reading env vars.
It might not be present to read. You need to find out what your code is doing and which env var is to be read
ASKER
Sure, will check that tomorrow along with the application team
Also use stat to ensure that policy file is actually being read. It might not be
ASKER
I think, it is reading
Reason, before below change, it was throwing this error.
Error in Full Agent Registration Info Resolver reading environment variable/system property
java.security.AccessContro
After above, it is now this error.
Reason, before below change, it was throwing this error.
Error in Full Agent Registration Info Resolver reading environment variable/system property
java.security.AccessContro
permission java.io.FilePermission "*", "read,write,execute";
permission java.util.PropertyPermission "*", "read,write";
After above, it is now this error.
java.lang.NoClassDefFoundError: com/singularity/ee/util/string/e
No class error is probably caused by a faulty install of the API. FInd out which API it is and make sure you install it properly
Maybe check out THIS
Maybe check out THIS
ASKER
Found below policy helped to resolve the issue but I think its overly permissive.
Is this too bad? :)
grant {
permission java.security.AllPermissio
permission java.lang.management.Manag
permission java.lang.reflect.ReflectP
};
Is this too bad? :)
grant {
permission java.security.AllPermissio
permission java.lang.management.Manag
permission java.lang.reflect.ReflectP
};
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Open in new window
to this
Open in new window
Looks like it progressed a bit, but getting below now
Open in new window