[sword-devel] Corba-bindings of sword

Greg Hellings greg.hellings at gmail.com
Wed Aug 20 12:51:25 MST 2008


Peter,

On Wed, Aug 20, 2008 at 2:41 PM, Peter von Kaehne <refdoc at gmx.net> wrote:
> Thanks Troy.
>
> I will now go and try this out.
>
> But I found a file in my [~tomcat]/conf called catalina.policy. It lists permissions for every aspect of java and of tomcat + has a section of permission for webapplications. e.g. it appears that each webapplication needs permissions set to connect to a TCP port and also permissions to execute/access stuff from the operating system etc.

My own experiences (nightmares?) getting Catalina setup and running on
a Linux system seem to indicate that the catalina.policy file is
generated at Tomcat's startup time by Tomcat.  Every time I tried to
change a setting in catalina.policy, then restarted the server, it
would overwrite all the changes I had made to the file.  To make
matters even more frustrating, the default Tomcat installation from
Ubuntu and Debian (and, I would imagine, the RPM-based distros also)
completely locks down all TCP/IP connections from webapps, even those
to the loopback device.  Since I could not locate the source of the
original settings that were used to generate catalina.policy, I
eventually threw my hands up in the air and downloaded the latest
version of Tomcat (that works with your Java version) off of the
Apache sites.  It ran everything beautifully, including my connections
to the PostgreSQL database.  The downside is -- now the webapps are
almost entirely free to access the host system.  So you have to be
much more careful about what apps you install on the Tomcat instance.
But -- it'll probably serve you fewer headaches if you're willing to
put up with the slightly lowered security.

--Greg

>
> My best guess right now is that this is where you (on Crosswire) and I (here) have different settings and I experience my problems. I am not allowed to access /usr/local/tomcat/conf/catalina.policy on the server. Would it be possible for you to have a look at this? Are there any specific (or even generalised) settings in catalina.policy which might cause the different behaviour?
>
> Thanks!
>
> Peter
> Peter
>
>
>
>
>
> -------- Original-Nachricht --------
>> Datum: Wed, 20 Aug 2008 19:30:24 +0100
>> Von: "Troy A. Griffitts" <scribe at crosswire.org>
>> An: SWORD Developers\' Collaboration Forum <sword-devel at crosswire.org>
>> Betreff: Re: [sword-devel] Corba-bindings of sword
>
>> Dear Peter,
>>
>> That's odd.  How are you launching tomcat?  Have you tried bypassing any
>> /etc/rc.d startup scripts and just running (as the same user that you
>> ran the java testclient) tomcat/bin/startup.sh
>>
>> The testclient doesn't really do anything so the output of it isn't
>> important, except if it throws a bunch of exceptions.  Looks like it
>> successfully talked with the C++ engine and received an answer back to a
>> request for the sword module paths.  So I think we're ok there.  I'm not
>> sure what user tomcat is trying to run as, but if you launch it from the
>> startup script, it might work ok.
>>
>> Peter von Kaehne wrote:
>> > Sorry, not sure what happened there....
>> >
>> > orbitrc's are liberally strewn around the system
>> >
>> > running the testclient gives an odd response:
>> >
>> > Connected:
>> > PrefixPath: /usr/share/sword/
>> > ConfigPath: /usr/share/sword/mods.d
>> > KeyText: Genesis 2:8
>> > Text:
>> > KeyText: Genesis 2:9
>> > Text:
>> > KeyText: Genesis 2:10
>> > Text:
>> >
>> > As you see it is empty.
>> >
>> > Looking at the logs suggests further that java is actually unable to
>> execute swordorbserver (something I can do from the CLI)
>> >
>> > trying to attach to newly launched ORB
>> > calling finalize.
>> > trying to attach to running ORB
>> > no ORB running; trying to launch
>> > java.security.AccessControlException: access denied
>> (java.io.FilePermission <<ALL FILES>> execute)
>> >         at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
>> >         at
>> java.security.AccessController.checkPermission(AccessController.java:427)
>> >         at
>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>> >         at java.lang.SecurityManager.checkExec(SecurityManager.java:782)
>> >         at java.lang.ProcessBuilder.start(ProcessBuilder.java:447)
>> >         at java.lang.Runtime.exec(Runtime.java:591)
>> >         at java.lang.Runtime.exec(Runtime.java:429)
>> >         at java.lang.Runtime.exec(Runtime.java:326)
>> >         at org.crosswire.sword.orb.SwordOrb.startOrb(SwordOrb.java:116)
>> >         at
>> org.crosswire.sword.orb.SwordOrb.getSWMgrInstance(SwordOrb.java:159)
>> >         at org.crosswire.sword.orb.SwordOrb.finalize(SwordOrb.java:74)
>> >         at java.lang.ref.Finalizer.invokeFinalizeMethod(Native Method)
>> >         at java.lang.ref.Finalizer.runFinalizer(Finalizer.java:83)
>> >         at java.lang.ref.Finalizer.access$100(Finalizer.java:14)
>> >         at
>> java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:160)
>> > trying to attach to newly launched ORB
>> >         at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
>> >         at
>> java.security.AccessController.checkPermission(AccessController.java:427)
>> >         at
>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>> >         at java.lang.SecurityManager.checkExec(SecurityManager.java:782)
>> >         at java.lang.ProcessBuilder.start(ProcessBuilder.java:447)
>> >         at java.lang.Runtime.exec(Runtime.java:591)
>> >         at java.lang.Runtime.exec(Runtime.java:429)
>> >         at java.lang.Runtime.exec(Runtime.java:326)
>> >         at org.crosswire.sword.orb.SwordOrb.startOrb(SwordOrb.java:116)
>> >         at
>> org.crosswire.sword.orb.SwordOrb.getSWMgrInstance(SwordOrb.java:159)
>> >         at
>> org.crosswire.sword.orb.SwordOrb.getSWMgrInstance(SwordOrb.java:216)
>> >         at org.apache.jsp.index_jsp._jspService(index_jsp.java:182)
>> >         at
>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
>> >         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>> >         at
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
>> >         at
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
>> >         at
>> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
>> >         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>> >         at sun.reflect.GeneratedMethodAccessor37.invoke(Unknown Source)
>> >         at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> >         at java.lang.reflect.Method.invoke(Method.java:585)
>> >         at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
>> >         at java.security.AccessController.doPrivileged(Native Method)
>> >         at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
>> >         at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272)
>> >         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
>> >         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
>> >         at
>> org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:50)
>> >         at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
>> >         at java.security.AccessController.doPrivileged(Native Method)
>> >         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
>> >         at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
>> >         at
>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
>> >         at
>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
>> >         at
>> org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
>> >         at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
>> >         at
>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
>> >         at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
>> >         at
>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
>> >         at
>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
>> >         at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
>> >         at
>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
>> >         at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
>> >         at
>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
>> >         at
>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
>> >         at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> >         at
>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
>> >         at
>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
>> >         at
>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
>> >         at
>> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
>> >         at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
>> >         at
>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
>> >
>> >
>> >
>>
>>
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>
> --
> GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion!
> http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>



More information about the sword-devel mailing list