Comments for haxx qua non

Comment on Security policy permissions for Grails in Tomcat by jja

jja — Tue, 17 Jan 2012 18:42:24 +0000

It depends on your servlet container where the security policy is stored. For a production Tomcat 6 instance, it’s usually in the conf/ directory and named “catalina.policy”, and your Tomcat startup uses the same -D arguments to java, e.g. -Djava.security.manager -Djava.security.policy=${CATALINA_BASE}/conf/catalina.policy

Comment on Security policy permissions for Grails in Tomcat by Tom

Tom — Wed, 11 Jan 2012 17:47:53 +0000

Hi,

I am new to Grails. I am trying to run the following java RMI-client code from within my Grails web app:

(grails/appname/src/java/ClientProgram.java)

…

import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.math.BigDecimal;
import compute.Compute;
import java.util.Properties;
import java.io.FileInputStream;

public class ClientProgram {
…

public static void run( String regHost, String precision ) {
setSystemProps();
if(System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
}
try {
String name = “Compute”;
Registry registry = LocateRegistry.getRegistry(regHost);
Compute comp = (Compute) registry.lookup(name);
Pi task = new Pi(Integer.parseInt(precision));
BigDecimal pi = comp.executeTask(task);
System.out.println(pi);
} catch(Exception e) {
System.err.println(“ComputePi exception.”);
e.printStackTrace();
}
}

…
}

See http://pastebin.com/GpQVhvee for the complete class source.

I get the following error when the code is executed:

2012-01-09 19:20:48,794 [http-9876-1] ERROR [/smartmeters].[gsp] – Servlet.service() for servlet gsp threw exception
java.security.AccessControlException: access denied (java.util.PropertyPermission grails.full.stacktrace read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:650)
…

Please see http://pastebin.com/jTzaiWfj for the full error message.

I believe this error may appear because I have not got the correct policy settings for this code. I need the following rule in the security policy:

grant codeBase “file:/opt/grails/grails-1.3.7/appname/src/” {
permission java.security.AllPermission;
};

But I cannot find where the policy file is created or stored. If this was just a normal java application I would pass the security policy file in as a system property as follows:

java -Djava.security.policy=policy.file main-class

But I don’t know how to achieve the same effect in Grails. Please can someone tell me how to set the java security policy for my Grails app?

Thanks,
Tom

Comment on GORM nullables and unsaved transient instance by mamram

mamram — Sat, 02 Jul 2011 16:04:01 +0000

thanks, params.remove() was the trick…

Comment on less, sudo, and /dev/null: Permission denied by Jesper

Jesper — Wed, 01 Jun 2011 13:22:06 +0000

Interesting, thanks for the analysis. I just stumbled on this problem myself.

Scenario:
$ export LESSHISTFILE=/dev/null
$ sudo -s
# history|less (or any other invocation of less I guess)
*poof* /dev/null is 700, thus unusable for non-root users.

I guess the sudo -s carried over the LESSHISTFILE variable to the privileged shell, and less got a bit too eager about permissions on what it believed to be its history file.

Comment on Tomcat AJP/1.3 Connector issues by Clustering Tomcat « Teh Tech Blogz0r by Luke Meyer

Clustering Tomcat « Teh Tech Blogz0r by Luke Meyer — Sat, 14 Aug 2010 03:01:02 +0000

[...] really know why the APR isn’t working properly, but a little searching turned up some obscure facts: if the APR isn’t loaded, then for the AJP connector Tomcat makes a default choice of [...]

Comment on Grails 1.1 logging by jja

jja — Mon, 26 Apr 2010 20:39:56 +0000

@Edwardo: catalina.base is originally set in the Tomcat startup script catalina.sh or catalina.bat via a -D argument to the java executable. Sorry for the delay in replying.

Comment on Grails 1.1 logging by Edwardo

Edwardo — Mon, 08 Feb 2010 20:10:02 +0000

Is there a way to set the catalina.base automatically? I get null when i do getProperty. I know I can set it in a shell window with export. Is there another alternative location to place the log files?

Comment on Grails 1.1 logging by Paul Alexandrow

Paul Alexandrow — Tue, 26 Jan 2010 09:51:46 +0000

Thank you! This saved my day.

Comment on Grails stacktrace.log by How to Setup a VPS to Run Grails on Jetty – Anders Zakrisson

How to Setup a VPS to Run Grails on Jetty – Anders Zakrisson — Tue, 05 Jan 2010 09:15:36 +0000

[...] Jetty on Port 80 Virtual hosts in Jetty Fixing the stacktrace.log Using GNU Screen MySQL Console [...]

Comment on Grails 1.1 logging by Conrad Bruchmann

Conrad Bruchmann — Tue, 10 Nov 2009 09:46:11 +0000

Thank you very much. I had a lot of issues with log4j before. With your description everything runs fine!

Best regards,
Conrad