Tomcat – java.security.AccessControlException: access denied (logging.properties read)

Problem

After upgraded to Tomcat version 5.5.25, it starting to hit a lot of errors in security policy :


Caused by: java.security.AccessControlException: access denied 
      (java.io.FilePermission /usr/share/tomcat5.5-
            webapps/jsp-examples/WEB-INF/classes/logging.properties read)

Solution

Above error is caused by the Tomcat’s policy file, Tomcat 5.5.25 made a lot of modification on policy file. To fix it, you need to make some changes in the policy file(03catalina.policy)…

Issue vi 03catalina.policy, the file is usually located at policy.d folder


mkyong@mkyong-desktop:/etc/tomcat5.5/policy.d$ vi 03catalina.policy 

find following pattern :

File : 03catalina.policy


grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
        //...omitted for readability  
};

CHANGED TO this, grant all permission.

File : 03catalina.policy


grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.security.AllPermission;
};

Done, restart Tomcat.

Alternatively…

You can enable permission to your web app path explicitly.


permission java.io.FilePermission "${catalina.base}${file.separator}
   webapps${file.separator}YOUR_PATH_HERE${file.separator}WEB-INF
   ${file.separator}classes${file.separator}logging.properties", "read";

full command is

File : 03catalina.policy


grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
        //...omitted for readability  
        permission java.io.FilePermission "${catalina.base}${file.separator}webapps$
        {file.separator}YOUR_PATH_HERE${file.separator}WEB-INF${file.separator}
        classes${file.separator}logging.properties", "read";
};

About the Author

author image
mkyong
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider make a donation to these charities.

Comments

avatar
9 Comment threads
6 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
6 Comment authors
Java Exceptions – Well Explained - Tech Forum NetworkTomcat – java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)LeanAhlonkoVinod Recent comment authors
newest oldest most voted
trackback
Java Exceptions – Well Explained - Tech Forum Network

[…] 3. Tomcat – java.security.AccessControlException: access denied (logging.properties read)  […]

trackback
Tomcat – java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)

[…] i said in previously post, Tomcat 5.5.25 made a lot modification at policy file, which may enhance security on web […]

Lean
Guest
Lean

You can disable security if your tomcat won’t host third party wars, you can set the TOMCAT5_SECURITY variable to false in /etc/default/tomcat5.5

Ahlonko
Guest
Ahlonko

That’s what i did , but my problem stays the same. It’s impossible to launch Admin and Manager tomcats app and in the same time it’s impossible to run the cmsc application http://www.cmscontainer.org Here is my new environment: Using CATALINA_BASE: /usr/share/tomcat6 Using CATALINA_HOME: /usr/share/tomcat6 Using CATALINA_TMPDIR: /usr/share/tomcat6/temp Using JRE_HOME: /usr/lib/jvm/java6 Server version: Apache Tomcat/6.0.20 Server built: Aug 8 2009 10:43:00 Server number: 6.0.0.0 OS Name: Linux OS Version: 2.6.20.1-1-686 Architecture: i386 JVM Version: 1.6.0_14-b08 JVM Vendor: Sun Microsystems Inc. Any suggestion will be appreciated . THanks

Ahlonko
Guest
Ahlonko

I ‘ll do the upgrade to Tomcat6 . Will i do the same modifications in policy files ?

Thanks Mkyong.

Ahlonko
Guest
Ahlonko

Hello Mkyong, Thanks for this real helping blog. Could you please help with this … I have the same problem earlier solved by you . I follow the solution proposed but i still have the same errors ! I made the change in 03catalina.policy here is what shows tomcat version.sh Using CATALINA_BASE: /usr/share/tomcat5.5 Using CATALINA_HOME: /usr/share/tomcat5.5 Using CATALINA_TMPDIR: /usr/share/tomcat5.5/temp Using JRE_HOME: /usr/lib/jvm/java5 Server version: Apache Tomcat/5.5 Server built: Oct 15 2008 12:57:44 Server number: 5.5.26.0 OS Name: Linux OS Version: 2.6.20.1-1-686 Architecture: i386 JVM Version: 1.5.0_17-b04 JVM Vendor: Sun Microsystems Inc. and here is my errors log SEVERE: Error unregistering… Read more »

Vinod
Guest
Vinod

Thank you.

Jeff
Guest
Jeff

O…i ‘ve met the same problem.And it really got me crazy for a whole afternoon.
Thank you!Good job.

simon
Guest
simon

:) thank you!