Security Manager in Tomcat
I have a Tomcat Java application, and I want it to be secure, so I created a custom SecurityManager where I blocked all actions I thought was dangerous (I probably missed some, but that's for another question). It worked well for a while, but then my application stopped working, and in catalina.out I saw the following message:
12/07/2011 10:31:42 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler process
SEVERE: Error reading request, ignored
java.lang.SecurityException
at gwtchat.server.ScriptBotSecurityManager.checkWrite(ScriptBotSecurityManager.java:167)
at java.io.FileOutputStream.<init>(FileOutputStream.java:234)
at java.net.SocketOutputStream.<init>(SocketOutputStream.java:58)
at java.net.AbstractPlainSocketImpl.getOutputStream(AbstractPlainSocketImpl.java:411)
at java.net.Socket$3.run(Socket.java:857)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.Socket.getOutputStream(Socket.java:854)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:163)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:288)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)
In the first line, gwtchat.server.ScriptBotSecurityManager is my custom SecurityManager, and the function is checkWrite(FileDescriptor fd), which I blocked because don't want my application to开发者_开发百科 write to files.
Of course I want to block only my application, and not the Tomcat server itself. How can I do this?
精彩评论