tomcat安全管理策略

这段时间在使用apache.xmlrpc和pgsql-jdbc碰到tomcat安全问题

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: Could not initialize class org.apache.xmlrpc.webserver.XmlRpcServletServer
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:324)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
java.lang.Thread.run(Thread.java:662)

note The full stack trace of the root cause is available in the Apache Tomcat/6.0.24 logs.

Apache Tomcat/6.0.24

#postgresql－jdbc－error：

SQLException: Your security policy has prevented the connection from being attempted. You probably need to grant the connect java.net.SocketPermission to the database server host and port that you wish to connect to.
SQLState: 99999
VendorError: 0

＃原来etc/init.d/tomcat6在ubuntu8.0+服务器默认开启保护，设置关闭就可以访问xmlrpc.

sudo vim /etc/init.d/tomcat6

# Use the Java security manager? (yes/no)

TOMCAT6_SECURITY=yes

＃但关闭后tomcat环境安全级别比较低,易找到漏洞，后来找到了解决方案！

#更改策略文件

sudo vim /var/lib/tomcat6/conf/policy.d/50local.policy

#然后在最后一行添加, database是我的项目文件配置有所有权限

grant codeBase "file:${catalina.base}/webapps/database/-" {

permission java.security.AllPermission;

};

#ok搞定jdbc连接和xmlrpc访问

参考:http://www.jaxmao.org/tomcat-docs/security-manager-howto.html