开发者

Security Manager in Tomcat

I have a Tomcat Java application, and I want it to be secure, so I created a custom SecurityManager where I blocked all actions I thought was dangerous (I probably missed some, but that's for another question). It worked well for a while, but then my application stopped working, and in catalina.out I saw the following message:

12/07/2011 10:31:42 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler process
SEVERE: Error reading request, ignored
java.lang.SecurityException
    at gwtchat.server.ScriptBotSecurityManager.checkWrite(ScriptBotSecurityManager.java:167)
    at java.io.FileOutputStream.<init>(FileOutputStream.java:234)
    at java.net.SocketOutputStream.<init>(SocketOutputStream.java:58)
    at java.net.AbstractPlainSocketImpl.getOutputStream(AbstractPlainSocketImpl.java:411)
    at java.net.Socket$3.run(Socket.java:857)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.Socket.getOutputStream(Socket.java:854)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:163)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:288)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
    at java.lang.Thread.run(Thread.java:636)

In the first line, gwtchat.server.ScriptBotSecurityManager is my custom SecurityManager, and the function is checkWrite(FileDescriptor fd), which I blocked because don't want my application to开发者_开发百科 write to files.

Of course I want to block only my application, and not the Tomcat server itself. How can I do this?

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜