1

I'm running tomcat7 on SunOS 5.10 and I'm developping a webapp under the webapp/ROOT/ directory. I'm trying, within the app, to see if the webapp/foo directory is there:

String invpath = application.getRealPath( "user" ) //I also use this for something else
String soapPath = invpath.substring( 0, invpath.indexOf( "ROOT/user" ) ) + "foo";
            out.print(soapPath);
            //test if SOAP is installed
            File soap = new File( soapPath );
            if( soap.exists() )   //this is the line he doesn't like much
            {//html code}

but tomcat throws me:

org.apache.jasper.JasperException: An exception occurred processing JSP page /content/home.jsp at line 83

java.security.AccessControlException: access denied ("java.io.FilePermission" "/path/to/tomcat/webapps/foo" "read")

And the absolute path to the directory is the good one.

I do have read permissions for everyone on this directory, and when I run this code on a debian machine it works fine... I barely know Solaris/SunOS (but I do know linux rather well), so my mistake might be very stupid!

MacTapin
  • 11
  • 2
  • Testing requires execute privilege on the directory. And you need execute in all of the directories in the path: /path/to/tomcat/webapps/ – jim mcnamara Dec 06 '12 at 22:45
  • The permissions on the directory I want to test are `drwxr-xr-x` and I am (tomcat) the owner, so it should not be an issue... – MacTapin Dec 06 '12 at 22:57
  • Also I tried to run a script through my app under `ROOT/scripts/zip.sh` with the permissions `rwxr-xr-x` and I am still the owner. Could it be that something is wrong in tomcat's configuration? – MacTapin Dec 06 '12 at 22:59
  • EDIT: I forgot to mention that the script execution goes wrong and tomcat's log gives me pretty much the same thing: `java.security.AccessControlException: access denied ("java.io.FilePermission" "/path/to/tomcat/webapps/ROOT/scripts/zip.sh" "execute")` even though it is executable for all! – MacTapin Dec 06 '12 at 23:06
  • ALL of the directories above foo, have to have execute for you. what does ls -ld show for webapps, tomcat and on upwards? You will get errors until you hit the uppermost directory that you can execute/read. If permissions is the case. Does your app run as you? Some some configurations run apache as users like nobody or as the app owner. getfacl will show you if there are ACL's active. – jim mcnamara Dec 06 '12 at 23:11
  • So I verified from root to my app and to foo, and every parent directory has at least `rwxr-xr-x` plus I checked and I own the processes. But apparently, this could be a SecurityManager issue. I'm gonna look into catalina.policy but thanks for helping :) – MacTapin Dec 07 '12 at 14:48

1 Answers1

0

So it appears that tomcat was launched with the -security parameter which basically prevents access to almost eveything unless mentionned in the Security Manager configuration file (conf/catalina.policy)... Documentation here: http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html

MacTapin
  • 11
  • 2