[sword-devel] Corba-bindings of sword

Troy A. Griffitts scribe at crosswire.org
Wed Aug 20 13:03:54 MST 2008


Dear Peter,

Yeah, as Greg said, we just use the latest tomcat binary download from 
apache's site.

Your last error in the email I just saw come through is completely a 
different issue and one I've never seen before.  It has to do with our 
custom i18n system for the web pages.  I'm not sure what might be 
causing that. Hmmm.  Well, let me know if switching the tomcat package 
helps.   It's really an easy test.  Apache just distributes a tar.gz 
file you can unzip anywhere and then run the tomcat/bin/startup.sh file.


Greg Hellings wrote:
> Peter,
> 
> On Wed, Aug 20, 2008 at 2:41 PM, Peter von Kaehne <refdoc at gmx.net> wrote:
>> Thanks Troy.
>>
>> I will now go and try this out.
>>
>> But I found a file in my [~tomcat]/conf called catalina.policy. It lists permissions for every aspect of java and of tomcat + has a section of permission for webapplications. e.g. it appears that each webapplication needs permissions set to connect to a TCP port and also permissions to execute/access stuff from the operating system etc.
> 
> My own experiences (nightmares?) getting Catalina setup and running on
> a Linux system seem to indicate that the catalina.policy file is
> generated at Tomcat's startup time by Tomcat.  Every time I tried to
> change a setting in catalina.policy, then restarted the server, it
> would overwrite all the changes I had made to the file.  To make
> matters even more frustrating, the default Tomcat installation from
> Ubuntu and Debian (and, I would imagine, the RPM-based distros also)
> completely locks down all TCP/IP connections from webapps, even those
> to the loopback device.  Since I could not locate the source of the
> original settings that were used to generate catalina.policy, I
> eventually threw my hands up in the air and downloaded the latest
> version of Tomcat (that works with your Java version) off of the
> Apache sites.  It ran everything beautifully, including my connections
> to the PostgreSQL database.  The downside is -- now the webapps are
> almost entirely free to access the host system.  So you have to be
> much more careful about what apps you install on the Tomcat instance.
> But -- it'll probably serve you fewer headaches if you're willing to
> put up with the slightly lowered security.
> 
> --Greg
> 
>> My best guess right now is that this is where you (on Crosswire) and I (here) have different settings and I experience my problems. I am not allowed to access /usr/local/tomcat/conf/catalina.policy on the server. Would it be possible for you to have a look at this? Are there any specific (or even generalised) settings in catalina.policy which might cause the different behaviour?
>>
>> Thanks!
>>
>> Peter
>> Peter
>>
>>
>>
>>
>>
>> -------- Original-Nachricht --------
>>> Datum: Wed, 20 Aug 2008 19:30:24 +0100
>>> Von: "Troy A. Griffitts" <scribe at crosswire.org>
>>> An: SWORD Developers\' Collaboration Forum <sword-devel at crosswire.org>
>>> Betreff: Re: [sword-devel] Corba-bindings of sword
>>> Dear Peter,
>>>
>>> That's odd.  How are you launching tomcat?  Have you tried bypassing any
>>> /etc/rc.d startup scripts and just running (as the same user that you
>>> ran the java testclient) tomcat/bin/startup.sh
>>>
>>> The testclient doesn't really do anything so the output of it isn't
>>> important, except if it throws a bunch of exceptions.  Looks like it
>>> successfully talked with the C++ engine and received an answer back to a
>>> request for the sword module paths.  So I think we're ok there.  I'm not
>>> sure what user tomcat is trying to run as, but if you launch it from the
>>> startup script, it might work ok.
>>>
>>> Peter von Kaehne wrote:
>>>> Sorry, not sure what happened there....
>>>>
>>>> orbitrc's are liberally strewn around the system
>>>>
>>>> running the testclient gives an odd response:
>>>>
>>>> Connected:
>>>> PrefixPath: /usr/share/sword/
>>>> ConfigPath: /usr/share/sword/mods.d
>>>> KeyText: Genesis 2:8
>>>> Text:
>>>> KeyText: Genesis 2:9
>>>> Text:
>>>> KeyText: Genesis 2:10
>>>> Text:
>>>>
>>>> As you see it is empty.
>>>>
>>>> Looking at the logs suggests further that java is actually unable to
>>> execute swordorbserver (something I can do from the CLI)
>>>> trying to attach to newly launched ORB
>>>> calling finalize.
>>>> trying to attach to running ORB
>>>> no ORB running; trying to launch
>>>> java.security.AccessControlException: access denied
>>> (java.io.FilePermission <<ALL FILES>> execute)
>>>>         at
>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
>>>>         at
>>> java.security.AccessController.checkPermission(AccessController.java:427)
>>>>         at
>>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>>>         at java.lang.SecurityManager.checkExec(SecurityManager.java:782)
>>>>         at java.lang.ProcessBuilder.start(ProcessBuilder.java:447)
>>>>         at java.lang.Runtime.exec(Runtime.java:591)
>>>>         at java.lang.Runtime.exec(Runtime.java:429)
>>>>         at java.lang.Runtime.exec(Runtime.java:326)
>>>>         at org.crosswire.sword.orb.SwordOrb.startOrb(SwordOrb.java:116)
>>>>         at
>>> org.crosswire.sword.orb.SwordOrb.getSWMgrInstance(SwordOrb.java:159)
>>>>         at org.crosswire.sword.orb.SwordOrb.finalize(SwordOrb.java:74)
>>>>         at java.lang.ref.Finalizer.invokeFinalizeMethod(Native Method)
>>>>         at java.lang.ref.Finalizer.runFinalizer(Finalizer.java:83)
>>>>         at java.lang.ref.Finalizer.access$100(Finalizer.java:14)
>>>>         at
>>> java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:160)
>>>> trying to attach to newly launched ORB
>>>>         at
>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
>>>>         at
>>> java.security.AccessController.checkPermission(AccessController.java:427)
>>>>         at
>>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>>>         at java.lang.SecurityManager.checkExec(SecurityManager.java:782)
>>>>         at java.lang.ProcessBuilder.start(ProcessBuilder.java:447)
>>>>         at java.lang.Runtime.exec(Runtime.java:591)
>>>>         at java.lang.Runtime.exec(Runtime.java:429)
>>>>         at java.lang.Runtime.exec(Runtime.java:326)
>>>>         at org.crosswire.sword.orb.SwordOrb.startOrb(SwordOrb.java:116)
>>>>         at
>>> org.crosswire.sword.orb.SwordOrb.getSWMgrInstance(SwordOrb.java:159)
>>>>         at
>>> org.crosswire.sword.orb.SwordOrb.getSWMgrInstance(SwordOrb.java:216)
>>>>         at org.apache.jsp.index_jsp._jspService(index_jsp.java:182)
>>>>         at
>>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
>>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>         at
>>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
>>>>         at
>>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
>>>>         at
>>> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
>>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>>         at sun.reflect.GeneratedMethodAccessor37.invoke(Unknown Source)
>>>>         at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>         at java.lang.reflect.Method.invoke(Method.java:585)
>>>>         at
>>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
>>>>         at java.security.AccessController.doPrivileged(Native Method)
>>>>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
>>>>         at
>>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272)
>>>>         at
>>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
>>>>         at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
>>>>         at
>>> org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:50)
>>>>         at
>>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
>>>>         at java.security.AccessController.doPrivileged(Native Method)
>>>>         at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
>>>>         at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
>>>>         at
>>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
>>>>         at
>>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
>>>>         at
>>> org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
>>>>         at
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
>>>>         at
>>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
>>>>         at
>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
>>>>         at
>>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
>>>>         at
>>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
>>>>         at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
>>>>         at
>>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
>>>>         at
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
>>>>         at
>>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
>>>>         at
>>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
>>>>         at
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>         at
>>> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
>>>>         at
>>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
>>>>         at
>>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
>>>>         at
>>> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
>>>>         at
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
>>>>         at
>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
>>>>
>>>>
>>>
>>> _______________________________________________
>>> sword-devel mailing list: sword-devel at crosswire.org
>>> http://www.crosswire.org/mailman/listinfo/sword-devel
>>> Instructions to unsubscribe/change your settings at above page
>> --
>> GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion!
>> http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196
>>
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>>
> 
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page




More information about the sword-devel mailing list