GeoServer
 » 
GeoServer - User

GeoServer on Tomcat in Ubuntu Permissions Issue

View: New views
4 Messages — Rating Filter:   Alert me  

GeoServer on Tomcat in Ubuntu Permissions Issue

by Ryan Clark :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

I'm setting up an Ubuntu Server 9.04 machine with Tomcat 6 and GeoServer 2.0. I "installed" GeoServer by giving Tomcat a context snippet that points to a GeoServer directory that I extracted from a .war file. 

I restarted Tomcat and out-of-the-box, GeoServer didn't work. Tomcat Logs below indicated that it was a permissions issue.

So I adjusted the java permissions specified by tomcat in /etc/tomcat6/policy.d/04webapps.policy by adding the line 
"permission java.security.AllPermission;"

I'm concerned that I'm giving blanket permissions in a place where I should be specifying things more explicitly. Is there a cleaner way to deal with this issue that anyone is aware of?

Thanks,
Ryan

---------------------------------------------------------
Nov 4, 2009 7:16:14 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.geoserver.GeoserverInitStartupListener
java.security.AccessControlException: access denied (java.util.PropertyPermission org.geotools.referencing.forceXY read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:650)
at org.geoserver.GeoserverInitStartupListener.contextInitialized(GeoserverInitStartupListener.java:35)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4338)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1217)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:293)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1337)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1601)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1590)
at java.lang.Thread.run(Thread.java:619)
Nov 4, 2009 7:16:14 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.geoserver.logging.LoggingStartupContextListener
java.security.AccessControlException: access denied (java.util.PropertyPermission RELINQUISH_LOG4J_CONTROL read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:650)
at org.geoserver.platform.GeoServerExtensions.getProperty(GeoServerExtensions.java:294)
at org.geoserver.logging.LoggingStartupContextListener.contextInitialized(LoggingStartupContextListener.java:42)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4338)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1217)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:293)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1337)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1601)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1590)
at java.lang.Thread.run(Thread.java:619)
Nov 4, 2009 7:16:14 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
Nov 4, 2009 7:16:16 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'geoServerLoader' defined in URL [jar:file:/mnt/data-store/geoserver/gsvr/WEB-INF/lib/main-2.0.0.jar!/applicationContext.xml]: Initialization of bean failed; nested exception is java.security.AccessControlException: access denied (java.util.PropertyPermission GEOSERVER_DATA_DIR read)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:480)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:221)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:881)
at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:606)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:366)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4338)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1217)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:293)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1337)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1601)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1590)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission GEOSERVER_DATA_DIR read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:650)
at org.vfny.geoserver.global.GeoserverDataDirectory.findGeoServerDataDir(GeoserverDataDirectory.java:345)
at org.vfny.geoserver.global.GeoserverDataDirectory.init(GeoserverDataDirectory.java:292)
at org.geoserver.config.GeoServerLoader.setApplicationContext(GeoServerLoader.java:100)
at org.springframework.context.support.ApplicationContextAwareProcessor.postProcessBeforeInitialization(ApplicationContextAwareProcessor.java:70)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:350)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1330)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
... 33 more
Nov 4, 2009 7:16:16 PM org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext
Nov 4, 2009 7:16:28 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.geoserver.GeoserverInitStartupListener
java.security.AccessControlException: access denied (java.util.PropertyPermission org.geotools.referencing.forceXY read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:650)
at org.geoserver.GeoserverInitStartupListener.contextInitialized(GeoserverInitStartupListener.java:35)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4338)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)
Nov 4, 2009 7:16:28 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.geoserver.logging.LoggingStartupContextListener
java.security.AccessControlException: access denied (java.util.PropertyPermission RELINQUISH_LOG4J_CONTROL read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:650)
at org.geoserver.platform.GeoServerExtensions.getProperty(GeoServerExtensions.java:294)
at org.geoserver.logging.LoggingStartupContextListener.contextInitialized(LoggingStartupContextListener.java:42)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4338)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)
Nov 4, 2009 7:16:28 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
Nov 4, 2009 7:16:31 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'geoServerLoader' defined in URL [jar:file:/mnt/data-store/geoserver/gsvr/WEB-INF/lib/main-2.0.0.jar!/applicationContext.xml]: Initialization of bean failed; nested exception is java.security.AccessControlException: access denied (java.util.PropertyPermission GEOSERVER_DATA_DIR read)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:480)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:221)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:881)
at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:606)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:366)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4338)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission GEOSERVER_DATA_DIR read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:650)
at org.vfny.geoserver.global.GeoserverDataDirectory.findGeoServerDataDir(GeoserverDataDirectory.java:345)
at org.vfny.geoserver.global.GeoserverDataDirectory.init(GeoserverDataDirectory.java:292)
at org.geoserver.config.GeoServerLoader.setApplicationContext(GeoServerLoader.java:100)
at org.springframework.context.support.ApplicationContextAwareProcessor.postProcessBeforeInitialization(ApplicationContextAwareProcessor.java:70)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:350)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1330)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
... 45 more
Nov 4, 2009 7:16:31 PM org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext
Nov 4, 2009 7:16:50 PM org.apache.catalina.core.ApplicationContext log
INFO: HTMLManager: init: Associated with Deployer 'Catalina:type=Deployer,host=localhost'
Nov 4, 2009 7:16:50 PM org.apache.catalina.core.ApplicationContext log
INFO: HTMLManager: init: Global resources are available
Nov 4, 2009 7:16:50 PM org.apache.catalina.core.ApplicationContext log
INFO: HTMLManager: list: Listing contexts for virtual host 'localhost'


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Geoserver-users mailing list
Geoserver-users@...
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: GeoServer on Tomcat in Ubuntu Permissions Issue

by Andrea Aime-4 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Ryan Clark ha scritto:

> I'm setting up an Ubuntu Server 9.04 machine with Tomcat 6 and GeoServer
> 2.0. I "installed" GeoServer by giving Tomcat a context snippet that
> points to a GeoServer directory that I extracted from a .war file.
>
> I restarted Tomcat and out-of-the-box, GeoServer didn't work. Tomcat
> Logs below indicated that it was a permissions issue.
>
> So I adjusted the java permissions specified by tomcat in
> /etc/tomcat6/policy.d/04webapps.policy by adding the line
> "permission java.security.AllPermission;"
>
> I'm concerned that I'm giving blanket permissions in a place where I
> should be specifying things more explicitly. Is there a cleaner way to
> deal with this issue that anyone is aware of?

What I do is to avoid the mutilated version of Tomcat they provide with
Ubuntu and download the official version from Apache instead.
Which, btw, allows full permissions to applications, so your concerns
should be the same.

The Tomcat distributed in Ubuntu assumes all applications running in it
are fully database based, which is ok for business applications.
GeoServer obviously does not fall in that
category, as file access is required for both data access and
configuration storage.

Also make sure installing Tomcat did not force in OpenJDK, GS will work
on it starting with version 2.0 but you'll get significantly reduced
WMS performance. install and use a Sun JDK instead.

Cheers
Andrea

--
Andrea Aime
OpenGeo - http://opengeo.org
Expert service straight from the developers.

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Geoserver-users mailing list
Geoserver-users@...
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: GeoServer on Tomcat in Ubuntu Permissions Issue

by Ryan Clark :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

I am running Tomcat6 off the Sun JDK. You mentioned that the official version of Tomcat allows full permissions -- is this then something that I don't really need to be concerned about? Does it just mean that if I'm running some poorly written servlets I might have problems, or does it mean that I'm opening up a huge, gaping security hole?

... perhaps better suited for a Tomcat list somewhere ...

Thanks,
Ryan



On Wed, Nov 4, 2009 at 3:00 PM, Andrea Aime <aaime@...> wrote:
Ryan Clark ha scritto:

I'm setting up an Ubuntu Server 9.04 machine with Tomcat 6 and GeoServer 2.0. I "installed" GeoServer by giving Tomcat a context snippet that points to a GeoServer directory that I extracted from a .war file.
I restarted Tomcat and out-of-the-box, GeoServer didn't work. Tomcat Logs below indicated that it was a permissions issue.

So I adjusted the java permissions specified by tomcat in /etc/tomcat6/policy.d/04webapps.policy by adding the line "permission java.security.AllPermission;"

I'm concerned that I'm giving blanket permissions in a place where I should be specifying things more explicitly. Is there a cleaner way to deal with this issue that anyone is aware of?

What I do is to avoid the mutilated version of Tomcat they provide with Ubuntu and download the official version from Apache instead.
Which, btw, allows full permissions to applications, so your concerns
should be the same.

The Tomcat distributed in Ubuntu assumes all applications running in it
are fully database based, which is ok for business applications.
GeoServer obviously does not fall in that
category, as file access is required for both data access and configuration storage.

Also make sure installing Tomcat did not force in OpenJDK, GS will work
on it starting with version 2.0 but you'll get significantly reduced
WMS performance. install and use a Sun JDK instead.


Cheers
Andrea

--
Andrea Aime
OpenGeo - http://opengeo.org
Expert service straight from the developers.


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Geoserver-users mailing list
Geoserver-users@...
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: GeoServer on Tomcat in Ubuntu Permissions Issue

by Arne Kepp :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Without security context is how most of these webapp technologies (PHP,
Python, Perl...) normally run. You should definitely not install
servlets you do not trust.

That said, I'm sure a proper security context configuration would be a
most welcome contribution, I am not aware that anyone has really tried
to sort it out. It makes a whole lot more sense to run things in a
separate servlet container if security is paramount.

If the tomcat user is not a member of any privileged groups, and you
keep your system patched, it should be reasonably contained. But you can
also use SELinux, App Armor, BSD Jails or a dedicated virtual machine to
clamp things down further.

-Arne



Ryan Clark wrote:

> I am running Tomcat6 off the Sun JDK. You mentioned that the official
> version of Tomcat allows full permissions -- is this then something
> that I don't really need to be concerned about? Does it just mean that
> if I'm running some poorly written servlets I might have problems, or
> does it mean that I'm opening up a huge, gaping security hole?
>
> ... perhaps better suited for a Tomcat list somewhere ...
>
> Thanks,
> Ryan
>
>
>
> On Wed, Nov 4, 2009 at 3:00 PM, Andrea Aime <aaime@...
> <mailto:aaime@...>> wrote:
>
>     Ryan Clark ha scritto:
>
>         I'm setting up an Ubuntu Server 9.04 machine with Tomcat 6 and
>         GeoServer 2.0. I "installed" GeoServer by giving Tomcat a
>         context snippet that points to a GeoServer directory that I
>         extracted from a .war file.
>         I restarted Tomcat and out-of-the-box, GeoServer didn't work.
>         Tomcat Logs below indicated that it was a permissions issue.
>
>         So I adjusted the java permissions specified by tomcat in
>         /etc/tomcat6/policy.d/04webapps.policy by adding the line
>         "permission java.security.AllPermission;"
>
>         I'm concerned that I'm giving blanket permissions in a place
>         where I should be specifying things more explicitly. Is there
>         a cleaner way to deal with this issue that anyone is aware of?
>
>
>     What I do is to avoid the mutilated version of Tomcat they provide
>     with Ubuntu and download the official version from Apache instead.
>     Which, btw, allows full permissions to applications, so your concerns
>     should be the same.
>
>     The Tomcat distributed in Ubuntu assumes all applications running
>     in it
>     are fully database based, which is ok for business applications.
>     GeoServer obviously does not fall in that
>     category, as file access is required for both data access and
>     configuration storage.
>
>     Also make sure installing Tomcat did not force in OpenJDK, GS will
>     work
>     on it starting with version 2.0 but you'll get significantly reduced
>     WMS performance. install and use a Sun JDK instead.
>
>
>     Cheers
>     Andrea
>
>     --
>     Andrea Aime
>     OpenGeo - http://opengeo.org
>     Expert service straight from the developers.
>
--
Arne Kepp
OpenGeo - http://opengeo.org
Expert service straight from the developers


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Geoserver-users mailing list
Geoserver-users@...
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Free embeddable forum powered by Nabble Forum Help