Search code examples
tomcatsecuritymanager

Tomcat AccessControlException:access denied ("java.io.FilePermission" "logs" "read")

I'm using Security Manager feature in tomcat and was able to make use of the Catalina.policy file in managing the permission. In spite of which I get this error log for my web-app

enter image description here

Following are the permissions given in the policy file

permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; 
permission java.util.PropertyPermission "java.util.logging.config.class", "read";

The section of CATALINA CODE PERMISSIONS which is present by default in policy file is not modified.I'd created a separate codeBase section where I keep my webapps and added the above permissions.

These are the logging handlers that I've enabled in logging.properties file

handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler

.handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler

2localhost.org.apache.juli.AsyncFileHandler.level = INFO
2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.AsyncFileHandler

org.apache.jasper.compiler.TldLocationsCache.level = WARNING

org.apache.jasper.level = WARNING

Am I missing something? Please guide me. Thanx

Solution

  • Even though this mkyong link solves my problem but I think it's kind of hack (I may be wrong too) Is it okay to grant all permission to tomcat-juli.jar? I found this answer later which also points to the same above link.

    UPDATE: The error trace was due to excess of logging handlers that were registered in logging.properties file deregistering them caused the stack trace to disappear. Still, don't know why this 

    permission java.security.AllPermission;

    Worked though as per the link.