从 Tomcat servlet 连接到 HTTP 服务器时出现 AccessControlException
我试图让我的 tomcat servlet 下载许多文件,但我有 apache 和 tomcat 在同一台服务器上运行,所以我认为这就是它不起作用的原因。我已经在不运行 apache 的服务器上进行了测试,一切都很好。
这是当我尝试使用 new Url( fileUrl ).openStream() 时遇到的异常:
Opening input stream Attempted to download: http://www.stefankendall.com/files/test.txt java.security.AccessControlException: access denied (java.net.SocketPermission www.stefankendall.com:80 connect,resolve)
如何在运行 apache 的同时通过 tomcat 运行 http 下载?我被困住了吗?
编辑:
无论我做什么,我都无法超越tomcat。这是 03catalina.policy:
// ========== CATALINA 代码权限 ================================ =========
// These permissions apply to the logging API
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
permission java.util.PropertyPermission "catalina.base", "read";
permission java.util.logging.LoggingPermission "control";
permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
permission java.lang.RuntimePermission "getClassLoader";
// To enable per context logging configuration, permit read access to the appropriate file.
// Be sure that the logging configuration is secure before enabling such access
// eg for the examples web application:
// permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
};
// These permissions apply to the server startup code
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
permission java.security.AllPermission;
permission java.net.socketPermission "*:80", "connect, resolve";
};
// These permissions apply to the servlet API classes
// and those that are shared across all class loaders
// located in the "lib" directory
grant codeBase "file:${catalina.home}/lib/-" {
permission java.security.AllPermission;
permission java.net.socketPermission "*:80", "connect, resolve";
};
grant codeBase "file:${catalina.home}/webapps/-" {
permission java.security.AllPermission;
permission java.net.socketPermission "*:80", "connect, resolve";
};
I'm trying to make my tomcat servlet download a number of files, but I have apache and tomcat running on the same server, so I assume that is why it doesn't work. I've tested on servers not running apache, and all is well.
Here's the exception I'm getting when I try to use new Url( fileUrl ).openStream():
Opening input stream Attempted to download: http://www.stefankendall.com/files/test.txt java.security.AccessControlException: access denied (java.net.SocketPermission www.stefankendall.com:80 connect,resolve)
How can I run http downloads via tomcat while running apache at the same time? Am I stuck?
EDIT:
No matter what I do, I can't get past tomcat. Here's 03catalina.policy:
// ========== CATALINA CODE PERMISSIONS =======================================
// These permissions apply to the logging API
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
permission java.util.PropertyPermission "java.util.logging.config.class", "read";
permission java.util.PropertyPermission "java.util.logging.config.file", "read";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
permission java.util.PropertyPermission "catalina.base", "read";
permission java.util.logging.LoggingPermission "control";
permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
permission java.lang.RuntimePermission "getClassLoader";
// To enable per context logging configuration, permit read access to the appropriate file.
// Be sure that the logging configuration is secure before enabling such access
// eg for the examples web application:
// permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
};
// These permissions apply to the server startup code
grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
permission java.security.AllPermission;
permission java.net.socketPermission "*:80", "connect, resolve";
};
// These permissions apply to the servlet API classes
// and those that are shared across all class loaders
// located in the "lib" directory
grant codeBase "file:${catalina.home}/lib/-" {
permission java.security.AllPermission;
permission java.net.socketPermission "*:80", "connect, resolve";
};
grant codeBase "file:${catalina.home}/webapps/-" {
permission java.security.AllPermission;
permission java.net.socketPermission "*:80", "connect, resolve";
};
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您的问题与同一机器上运行的某些程序的存在或不存在无关;这与 Tomcat 中存在 SecurityManager 有关(这可能意味着您正在运行旧版本的 Tomcat)。
以下是有关如何配置 Tomcat SecurityManager。在您的情况下,您将在 local.policy 文件中添加一些行,如下所示:
Your problem has nothing to do with the presence or absence of some program running on the same box; it has to do with the presence of a SecurityManager in Tomcat (which, probably, means that you're running an old version of Tomcat).
Here is detailed documentation on how to configure the Tomcat SecurityManager. In your case, you'll add some lines to the local.policy file, along the lines of