tracker issue : CF-4201953

select a category, or use search below
(searches all categories and all time range)
Title:

Tomcat install of cfusion.war with security manager turned on

| View in Tracker

Status/Resolution/Reason: To Track//PRNeedInfo

Reporter/Name(from Bugbase): john thomason / ()

Created: 04/11/2018

Components: Installation/Config, JEE Deployment

Versions: 2016

Failure Type: Others

Found In Build/Fixed In Build: /

Priority/Frequency: Normal /

Locale/System: / SuSE Linux 12

Vote Count: 0

Need to install ColdFusion 2016 JEE cfusion.war file with Apache/Tomcat security manager active 'catalina.sh start -security'
requires setting permissions for the cfusion.war app to run.  Requesting instructions on what settings are needed in catalina.policy and other files

Attachments:

Comments:

Additional info SUSE Linux Enterprise Server 12 (x86_64) VERSION = 12 PATCHLEVEL = 3 ENV CATALINA_HOME=/opt/TomCat/tomcat CATALINA_BASE=/opt/TomCat/tomcat JRE_HOME=/opt/TomCat/java/jre JAVA_ROOT=/opt/TomCat/java/jre Java Runtime Environment build 1.8.0_162-b12 Apache-tomcat 9.0.5 exec "/opt/TomCat/tomcat/bin"/"catalina.sh" start \ -security \
Comment by john t.
27500 | April 13, 2018 04:19:34 PM GMT
Hi John, Just trying to reconfirm that your enquiry is around what the instructions are to run CF on tomcat with security manager on. Please refer to the following link: [https://tomcat.apache.org/tomcat-8.0-doc/security-manager-howto.html] under the section '"Configuring Tomcat With A SecurityManager" for the changes that are required to be done. Hope that this helps you, do let us know otherwise. Thanks!  
Comment by S P.
27501 | April 18, 2018 01:53:40 PM GMT
yes, can run ColdFusion cfusion.war with catalina.sh but when I run as catalina.sh -security i get permission issues Working through the catalina.policy file to add permissions one by one but hoping there was a document in place since I can not be the first one that has this requirement. Is there or can I get a reference as to what permissions need to be set for ColdFusion to run in a tomcat environment with security manager turned on?
Comment by john t.
27502 | April 20, 2018 07:49:07 PM GMT
So the real question is what are the appropriate settings/permissions for Apache/Tomcats' Catalina.policy file to allow Cold Fusion 2016 to run and are there any other adjustments that should be done, With security manager turned off the application runs, but when it is on there are permission issues that require configuration of various access Cold Fusion needs to run.
Comment by john t.
27503 | April 23, 2018 12:14:11 PM GMT
at this point up to this in catalina.policy file to get services up: -------------------------------------- // ColdFusion --------------------- grant codeBase "file:${catalina.home}/webapps/ROOT/-" { permission java.util.PropertyPermission "*", "read, write"; permission java.util.PropertyPermission "java.util.logging.config.class", "read"; // permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.webresources.synthetic"; permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.synthetic"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "defineClassInPackage.java.io"; permission java.lang.RuntimePermission "defineClassInPackage.java.beans"; permission java.lang.RuntimePermission "defineClassInPackage.java.io"; permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; permission java.lang.RuntimePermission "defineClassInPackage.java.lang.ref"; permission java.lang.RuntimePermission "defineClassInPackage.java.lang.reflect"; permission java.lang.RuntimePermission "defineClassInPackage.java.net"; permission java.lang.RuntimePermission "defineClassInPackage.java.rmi"; permission java.lang.RuntimePermission "defineClassInPackage.java.security"; permission java.lang.RuntimePermission "defineClassInPackage.java.text"; permission java.lang.RuntimePermission "defineClassInPackage.java.util"; permission java.lang.RuntimePermission "defineClassInPackage.java.util.logging"; permission java.lang.RuntimePermission "defineClassInPackage.java.util.concurrent"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; // permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission com.sun.net.ssl.SSLPermission "setHostnameVerifier"; // permission java.io.FilePermission "${catalina.home}/webapps/ROOT", "read"; permission java.io.FilePermission "${catalina.home}/webapps/ROOT/-", "read"; permission java.io.FilePermission "${catalina.home}/webapps/ROOT/WEB-INF/-", "read"; permission java.io.FilePermission "${catalina.home}/webapps/ROOT/WEB-INF/cfusion/lib/logging.properties", "read"; permission java.io.FilePermission "${catalina.home}/webapps/ROOT/WEB-INF/server-config.wsdd", "write"; permission java.io.FilePermission "${catalina.home}/work/Catalina/localhost/ROOT/_axis2", "write"; permission java.io.FilePermission "${catalina.home}/work/Catalina/localhost/ROOT/-", "read"; permission java.io.FilePermission "/opt/TomCat/jdk1.8.0_162/jre/lib/xalan.properties", "read"; permission java.io.FilePermission "/opt/TomCat/jdk1.8.0_162/jre/lib/rt.jar", "read"; permission java.io.FilePermission "/opt/TomCat/jdk1.8.0_162/jre/lib/xerces.properties", "read"; permission java.io.FilePermission "/opt/sun/private/share/lib/relaxngDatatype.jar", "read"; permission java.io.FilePermission "/opt/sun/private/share/lib/xsdlib.jar", "read"; permission java.io.FilePermission "/opt/sun/share/lib/jax-qname.jar", "read"; permission java.io.FilePermission "/opt/sun/share/lib/namespace.jar", "read"; permission java.io.FilePermission "/opt/sun/share/lib/xercesImpl.jar", "read"; permission java.io.FilePermission "/opt/sun/share/lib/xalan.jar", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for Array", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for Boolean", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for Color", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for Function", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for MovieClip", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for Number", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for Object", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for String", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for System", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for TextField", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for XML", "read"; permission java.io.FilePermission "synthetic: Object.registerClass() for XMLNode", "read"; permission java.io.FilePermission "/usr/share/lib/jax-qname.jar", "read"; permission java.io.FilePermission "/usr/share/lib/namespace.jar", "read"; permission java.io.FilePermission "/usr/share/lib/relaxngDatatype.jar", "read"; permission java.io.FilePermission "/usr/share/lib/xalan.jar", "read"; permission java.io.FilePermission "/usr/share/lib/xsdlib.jar", "read"; permission java.io.FilePermission "/usr/share/lib/xercesImpl.jar", "read"; permission java.io.FilePermission "../logs", "read"; permission java.io.FilePermission "../logs/*", "read, write"; permission java.io.FilePermission "/WEB-INF/cfform", "read"; permission java.io.FilePermission "/WEB-INF/cfform/-", "read"; permission java.io.FilePermission "/WEB-INF/cfform/logs/*", "read, write"; permission java.io.FilePermission "/WEB-INF/cfusion/logs/*", "read, write"; permission java.io.FilePermission "/opt/TomCat/tomcat/webapps/ROOT/WEB-INF/cfform/logs/*", "read, write"; permission java.io.FilePermission "/opt/TomCat/tomcat/webapps/ROOT/WEB-INF/cfusion/logs/*", "read, write"; }; now stuck on : java.security.AccessControlException: access denied ("com.sun.net.ssl.SSLPermission" "setHostnameVerifier") Error: Unable to create ActionScript Component for Object: access denied ("java.io.FilePermission" "Object.registerClass() for Object" "read") Error: Unable to create ActionScript Component for String: access denied ("java.io.FilePermission" "Object.registerClass() for String" "read") Error: Unable to create ActionScript Component for Number: access denied ("java.io.FilePermission" "Object.registerClass() for Number" "read") Error: Unable to create ActionScript Component for Boolean: access denied ("java.io.FilePermission" "Object.registerClass() for Boolean" "read") Error: Unable to create ActionScript Component for Function: access denied ("java.io.FilePermission" "Object.registerClass() for Function" "read") Error: Unable to create ActionScript Component for Array: access denied ("java.io.FilePermission" "Object.registerClass() for Array" "read") Error: Unable to create ActionScript Component for Color: access denied ("java.io.FilePermission" "Object.registerClass() for Color" "read") Error: Unable to create ActionScript Component for XMLNode: access denied ("java.io.FilePermission" "Object.registerClass() for XMLNode" "read") Error: Unable to create ActionScript Component for XML: access denied ("java.io.FilePermission" "Object.registerClass() for XML" "read") Error: Unable to create ActionScript Component for MovieClip: access denied ("java.io.FilePermission" "Object.registerClass() for MovieClip" "read") Error: Unable to create ActionScript Component for System: access denied ("java.io.FilePermission" "Object.registerClass() for System" "read") Error: Unable to create ActionScript Component for TextField: access denied ("java.io.FilePermission" "Object.registerClass() for TextField" "read")
Comment by john t.
27504 | April 25, 2018 06:22:19 PM GMT