Tomcat - java.security.AccessControlException: access denied (logging.properties read)
(2 votes, average: 6.5 out of 10)
Loading ...Jul 30
After upgraded to Tomcat version 5.5.25, it hit a lot errors in security policy path.
Caused by: java.security.AccessControlException: access denied (java.io.FilePermission /usr/share/tomcat5.5-webapps/jsp-examples/WEB-INF/classes/logging.properties read)
Above error is cause by policy file, Tomcat 5.5.25 made a lot modified at policy file, we need to modify policy file(03catalina.policy) file to fix it.
vi 03catalina.policy which usually located at policy.d folder
mkyong@mkyong-desktop:/etc/tomcat5.5/policy.d$ vi 03catalina.policy
find below
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
permission java.util.PropertyPermission "catalina.base", "read";
permission java.util.logging.LoggingPermission "control";
permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
permission java.lang.RuntimePermission "getClassLoader";
// To enable per context logging configuration, permit read access to the appropriate file.
// Be sure that the logging configuration is secure before enabling such access
// eg for the examples web application:
//permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
};CHANGED TO below to allow all permission like before
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.security.AllPermission;
};OR enable permission explicitly to your web app path
permission java.io.FilePermission “${catalina.base}${file.separator}webapps${file.separator}YOUR_PATH_HERE
${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties”, “read”;
full command is
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
permission java.util.PropertyPermission "catalina.base", "read";
permission java.util.logging.LoggingPermission "control";
permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
permission java.lang.RuntimePermission "getClassLoader";
// To enable per context logging configuration, permit read access to the appropriate file.
// Be sure that the logging configuration is secure before enabling such access
// eg for the examples web application:
permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}YOUR_PATH_HERE${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
};Done, restart Tomcat.
Great, seem work to you, however i suggest upgrade tomcat to version 5.5.26 or version 6, because tomcat 5.5.25 really a lot of bugs.