【发布时间】:2011-04-11 22:53:37
【问题描述】:
我通过 warbler 构建的战争将 jruby/rails 应用程序部署到 tomcat6。系统是ubuntu 8,运行tomcat6。当我尝试启动应用程序时,我得到以下堆栈跟踪
Sep 13, 2010 7:57:24 PM org.apache.catalina.core.ApplicationContext log
SEVERE: Application Error
java.security.AccessControlException: access denied (java.util.PropertyPermissio
n jruby.management.enabled read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
at java.security.AccessController.checkPermission(AccessController.java:553)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
at java.lang.System.getProperty(System.java:669)
at org.jruby.rack.DefaultRackApplicationFactory.setupJRubyManagement(DefaultRackApplicationFactory.java:94)
at org.jruby.rack.DefaultRackApplicationFactory.newRuntime(DefaultRackApplicationFactory.java:78)
at org.jruby.rack.DefaultRackApplicationFactory.createApplication(DefaultRackApplicationFactory.java:177)
at org.jruby.rack.DefaultRackApplicationFactory.newApplication(DefaultRackApplicationFactory.java:50)
at org.jruby.rack.DefaultRackApplicationFactory.getApplication(DefaultRackApplicationFactory.java:58)
at org.jruby.rack.PoolingRackApplicationFactory.getApplication(PoolingRackApplicationFactory.java:94)
at org.jruby.rack.servlet.DefaultServletDispatcher.process(DefaultServletDispatcher.java:36)
at org.jruby.rack.RackFilter.doFilter(RackFilter.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:636)
tomcat 是通过 aptitude 安装的,并且在默认配置中。默认的 tomcat 应用程序工作正常。日志文件被填充。
什么给了?
编辑:Nick 是对的,寻找的政策信息揭示了以下内容(记录在这里,供下次遇到同样愚蠢问题的人使用):
在(默认安装)/var/lib/tomcat6/conf/policy.d
下有一组策略配置文件。你关心的是 04webapps.policy。编辑它以添加 jruby 需要的权限。就我而言,他们是
// Required for jRuby
permission java.util.PropertyPermission "jruby.*", "read";
permission java.util.PropertyPermission "jruby.*", "write";
permission java.util.PropertyPermission "java.io.tmpdir", "read";
permission java.util.PropertyPermission "*", "read";
permission java.util.PropertyPermission "*", "write";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getenv.*";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.coyote";
【问题讨论】:
-
您是否通过暴力穷尽创建了该权限列表?
-
是的。考虑只是给予所有,但这并不适合我。
标签: ruby security ubuntu jruby tomcat6