# File Permissions



## vicodas (2. Nov 2007)

Hallo,

ich habe hier eine Anwendung, welche auf einem Tomcat 5.5 als war Archiv deployt wird. Bisher lief diese Anwendung problemlos, nun hat sich aber die Richtlinie zum Betrieb der DMZ Server geändert und ich habe die Aufgabe die Software im Tomcat Secure Modus am Laufen zu bringen. Hauptproblem ist, das es die Herstellerfirma leider nicht mehr gibt ;-(

Folgender Fehler tritt beim Start des Tomcat auf:

02.11.2007 10:12:06 org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive anwendung.war
02.11.2007 10:12:06 org.apache.catalina.startup.HostConfig deployWAR
SCHWERWIEGEND: Error deploying web application archive anwendung.war
org.apache.commons.logging.LogConfigurationException: java.lang.ExceptionInInitializerError (Caused by java.lang.ExceptionInInitializerError)
        at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:538)
        at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:235)
        at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:370)
        at org.apache.catalina.core.ContainerBase.getLogger(ContainerBase.java:380)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4114)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
        at org.apache.catalina.core.ContainerBase.access$0(ContainerBase.java:743)
        at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:737)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:809)
        at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:698)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:472)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
        at org.apache.catalina.core.StandardService.start(StandardService.java:450)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Caused by: java.lang.ExceptionInInitializerError
        at org.apache.log4j.Logger.getLogger(Logger.java:94)
        at org.apache.commons.logging.impl.Log4JLogger.getLogger(Log4JLogger.java:229)
        at org.apache.commons.logging.impl.Log4JLogger.<init>(Log4JLogger.java:65)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
        at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:529)
        ... 29 more
Caused by: java.security.AccessControlException: access denied (java.io.FilePermission /logs/anwendung.log write)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at java.security.AccessController.checkPermission(AccessController.java:427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkWrite(SecurityManager.java:962)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:169)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:102)
        at org.apache.log4j.FileAppender.setFile(FileAppender.java:273)
        at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:156)
        at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:152)
        at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:247)
        at org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:123)
        at org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:87)
        at org.apache.log4j.PropertyConfigurator.parseAppender(PropertyConfigurator.java:645)
        at org.apache.log4j.PropertyConfigurator.parseCategory(PropertyConfigurator.java:603)
        at org.apache.log4j.PropertyConfigurator.configureRootCategory(PropertyConfigurator.java:500)
        at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:406)
        at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:432)
        at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:460)
        at org.apache.log4j.LogManager.<clinit>(LogManager.java:113)
        ... 37 more

Ich habe schon versucht die policy zu ändern:

grant codeBase "file:${catalina.home}/anwendung/-" {
      permission java.io.FilePermission "${catalina.home}/logs/anwendung.log", "read,write,delete";
};

Dieses brachte leider keine Besserung ;-(

Woran könnte es noch liegen?


thx vicodas


----------



## Guest (5. Nov 2007)

also ich glaube er hat schon ein Problem beim deployen des *.war Archives.
Was muß ich Ihm da noch erlauben, außer der File.Permission?

thx vicodas


----------



## ms (5. Nov 2007)

Sind auch die Rechte vom Betriebssystem gegeben?

ms


----------



## Guest (5. Nov 2007)

die OS Rechte stimmen, da die Anwendung ja ohne Secure Modus sauber startet und auch arbeitet.

mfg vicodas


----------

