QueueMetrics > QueueMetrics installation
TOMCAT5_SECURITY=yes, one issue left
Wessel:
Hi,
I know I can switch of security, but wouldn't it be nice to have it working :-)
I've managed to get most of QM working with security tight enabled in tomcat5. I used the following security rules:
// QueueMetrics rules
grant {
permission java.net.SocketPermission "localhost:3306", "connect,resolve";
permission java.io.FilePermission "/var/log/asterisk/queue_log", "read";
permission java.io.FilePermission "/var/lib/tomcat5.5/webapps/queuemetrics/WEB-INF/classes/logging.properties", "rea
d";
};
This will work for all the functions (as far as i tested it) but it breaks as soon as I request the license information with the error below, If anybody was able to work around this error, please let me know
Wessel
It forwards to the page: http://localhost:8180/queuemetrics/$WEBAPP/sys_errore.jsp
And in the log it bumps the following dump.
[F56D8F8D70E367938D4451F1DCC357E5] Tempo totale esecuzione verbo 'qm_start': 467 ms
[F56D8F8D70E367938D4451F1DCC357E5] [ERR] -- Inner Exception --
Exception: java.security.AccessControlException
Error:
access denied (java.util.PropertyPermission * read,write)Stack trace:
java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
at java.lang.System.getProperties(System.java:561)
at it.loway.app.queuemetrics.autenticazione.caricaDatiPaginaLicenza.doRun(Unknown Source)
at it.loway.tpf.transaction.servlets.LowayTransactionController.serveRequest(Unknown Source)
at it.loway.tpf.transaction.servlets.LowayTransactionController.serveRequestWrapper(Unknown Source)
at it.loway.tpf.transaction.servlets.LowayTransactionController.doPost(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:177)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
-- End Inner Exception --
<code>
silmaril:
As of now, i have used the following line for this:
permission java.util.PropertyPermission "*", "read,write";
but i think we can cut it down to the 'read' part.
BTW there is another issue with the security manager:
http://forum.queuemetrics.com/index.php?topic=249.0
QueueMetrics:
We're tracking this issue as bug #365
QueueMetrics:
This should be it:
--- Code: ---grant codeBase "file:/usr/local/queuemetrics/tomcat/webapps/queuemetrics/-" {
permission java.net.SocketPermission "localhost:3306", "connect,resolve";
permission java.io.FilePermission "/var/log/asterisk/queue_log", "read";
permission java.util.PropertyPermission "*", "read,write";
permission java.lang.RuntimePermission "createClassLoader";
permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete";
// if you use LIVE connection to Asterisk instances:
permission java.net.SocketPermission "127.0.0.1:5038", "connect,resolve";
};
--- End code ---
Of course you have to:
1. se t the correct path for your QM webapp
2. set the correct path to your database
3. set the cortrect path to your Asterisk server
4. if you use external XMl-RPC services, you should add "connect, resolve" grants for those as well.
Wessel:
Thanks!
I'll test it this week,
Wessel
Navigation
[0] Message Index
[#] Next page
Go to full version