tomcat安全管理原則

文章目錄

• Apache Tomcat/6.0.24

這段時間在使用apache.xmlrpc和pgsql-jdbc碰到tomcat安全問題

 

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: Could not initialize class org.apache.xmlrpc.webserver.XmlRpcServletServerorg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:324)org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115)org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)java.lang.Thread.run(Thread.java:662)

 

note The full stack trace of the root cause is available in the Apache Tomcat/6.0.24 logs.

Apache Tomcat/6.0.24

 

#postgresql－jdbc－error：

 

SQLException: Your security policy has prevented the connection from being attempted. You probably need to grant the connect java.net.SocketPermission to the database server host and port that you wish to connect to.
SQLState: 99999
VendorError: 0

 

＃原來etc/init.d/tomcat6在ubuntu8.0+伺服器預設開啟保護，設定關閉就可以訪問xmlrpc.

sudo vim /etc/init.d/tomcat6

# Use the Java security manager? (yes/no)

 TOMCAT6_SECURITY=yes

＃但關閉後tomcat環境安全層級比較低,易找到漏洞，後來找到瞭解決方案！

 

#更改策略檔案

 

sudo vim /var/lib/tomcat6/conf/policy.d/50local.policy 

#然後在最後一行添加, database是我的專案檔配置有所有許可權

 

grant codeBase "file:${catalina.base}/webapps/database/-" {

         permission java.security.AllPermission;

 };

 

#ok搞定jdbc串連和xmlrpc訪問

 

 

 

參考:http://www.jaxmao.org/tomcat-docs/security-manager-howto.html