I'm using tomcat security manager for my application. In my application, i have placed my running tomcat in
path: usr/local/tomcat-7/webapps/myapplication
And when i run my application i will logged all the actions in logger. That logger file is placed in another path
path:usr/local/tomcat-6/logs/mylogs.log (*this is not running server, just a folder named tomcat-6*)
When i run my application with security manager, it will throw this exception:
java.security.AccessControlException:access denied("java.io.FilePermission" "usr/local/tomcat6/logs/mylogs.log" "write" ).
In My catalina.policy file i have gave this rule to grant permission to this file. But it doesn't works.
grant codeBase "file:${catalina.home}/../tomcat-6/logs/-" {
permission java.security.AllPermission;
};
How can i resolve this problem?
1: Login as root user
2: Go to logs directory
3: chmod 644 mylogs.log
Change your java permission. read thisenter link description here
Related
Situation: During the build process of an azure pipeline i use the JavaToolInstaller on a self hosted agent and it places "java/JAVA_HOME_8_x64_" in the directory
Background: I dont believe this to be a permission issue when i have applied full permissions to that directory and created it for the build process
Assessment: Has anyone see this issue before?
Steps to reproduce - host onsite agent
JavaToolInstaller
- task: JavaToolInstaller#0
inputs:
versionSpec: '8'
jdkArchitectureOption: 'x64'
jdkSourceOption: 'LocalDirectory'
jdkFile: '/opt/jdk-8u251-linux-x64.tar.gz'
jdkDestinationDirectory: '/opt/java'
cleanDestinationDirectory: true
condition: eq( variables['Agent.OS'], 'Linux' )
Error during build
Cleaning destination folder before extraction: /opt/java
Retrieving the JDK from local path.
##[warning]Can\'t find loc string for key: ExtractingArchiveToPath
ExtractingArchiveToPath /opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz
Creating destination folder: /opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz
##[error]Unable to create directory '/opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz'. EACCES: permission denied, mkdir '/opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz'
##[error]Unable to create directory '/opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz'. EACCES: permission denied, mkdir '/opt/java/JAVA_HOME_8_x64_jdk-8u251-linux-x64_tar.gz'
Finishing: JavaToolInstaller
According to the error message, it seems that you do not have permission to write this file. Please check it and ensure that you have w and r permission for this folder
Steps:
Locate the file jdk-8u251-linux-x64.tar.gz->right-click on the icon->select Properties->click the tab permission then check the account permission
Or use the cmd ls –l {file name} to check the folder permission, then run the cmd chmod [permission] [file_name] to update the permission
Please refer this link for more details: How to change directory permissions in Linux
I have a new windows 10 machine. Tomcat throwing the error -
FileNotFoundException - Access Denied
while writing application log. I am able to create folders or save file in the same path but when i try to do that programmatic, its throwing the error
Access Denied
When i checked 'canWrite()' on the path its returning true.
canWrite:true
java.io.FileNotFoundException: C:\Users\<User>\logs (Access is denied)
I tried giving 'full control' to the folder but didn't help.
Any pointers ?
Thanks!
Reboot and retry (I have seen exact the same in a Windows Domain environment. After reboot it works.);
Is the tomcat started as a service, or as standalone app? Check the user who own the tomcat process;
If both failed, try to delete the log folder, to see if any other process locks the log folder;
At last, you can use process monitor (https://learn.microsoft.com/en-us/sysinternals/downloads/procmon) to drill into the internal data from windows, to see what really happens.
Inside my Applet, it needs to download the csv file from other site to run.
When i run applet with appletviewer, it gave me this exception :
java.security.AccessControlException: access denied (java.net.SocketPermision www.xxxsitexxx.com:80 connect, resolve
....
My applet's signed :
jarsigner -verify myfile.jar >> the result : jar verified.
I tried to add :
grant {
permission java.security.AllPermission;
};
into Tomcat's folder :
..conf/catalina.policy
But it didn't work.
Google suggests me to add security permisson to :
... jre/lib/security/java.policy
But I couldn't change it :
Access to ... jre/lib/security/java.policy was denied.
My question is :
Does add permission to java.policy solve to problem?
If so, how could I change java.policy's content?
PS : I read many questions here relate to my problem in Stackoverflow, but I couldn't find the right way to solve it.
EDIT : i got the Applet work by signing all jar files that needed to run with the Applet.
I want to execute a jar file with using policy file from my project. my policy file is:
*grant codeBase "file:///D:/xx/yy/zz/-"{
permission java.io.FilePermission
"D:/aa/bb/test.jar", "read, write, delete, execute";
};*
my project is under D:/xx/yy/zz/ folder and i want to execute test.jar in this project but i had an error:
access denied (java.io.FilePermission <> execute)
if i change policy file like this, that is ok:
*grant codeBase "file:///D:/xx/yy/zz/-"{
permission java.io.FilePermission
"<<ALL FILES>>", "read, write, delete, execute";
};*
But i do not want to give all permission to my project.
And also in project i set policy file like this:
String path="D:\aa\bb\test.jar";
System.setProperty("java.security.policy","C:\\policy\\"+"test.policy");
System.setSecurityManager(new SecurityManager());
Is there any body to say something about this situation ?
Thanks...
I think this "D:/aa/bb/test.jar" should be "D:\\aa\\bb\\test.jar"
Check here for more info http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html
It'looks a way more like a file system security problem than a java security exception, are you using windows or linux?
What kind of file system are you using ? ext2/3/4 or NFTS or fat32 ?
And most important, are you running your program with admin right, which might be necessary to grant execute permission on some files.
i'm having the the post's title error when trying to write a file on a window folder , mounted on unix system. I've developed a web service which runs inside a Tomcat 6 on a linux os and need to write on a windows network folder. System administrators have mounted it on the Linux sever and have no problem to create and modify a file on it.
When i try to execute the posted code i get the following exception :
Permission denied
java.io.IOException: Permission denied
at java.io.UnixFileSystem.createFileExclusively(Native Method)
at java.io.File.createNewFile(File.java:850)
The weird thing is that it seems to be related to the File.createNewFile method on a network folder , in fact the service can write on local file system without problems, both on debug (the pc i use to develop the service) and a tomcat folder system administrators have provided me on the linux server. The file gets created but is empty and the log entry following the create method doesn't get printed. Moreover if i use a plain outputstream to create and write the file i've no problems.
I cannot find any explanation about the exception on the web. Since i'm not very experienced with java , i'd like to understand why i'm getting this error. Am i using it in the wrong way ? Is it a bug of the library ? Do i miss to pass some parameter ?
As stated , i've solved the problem using a plain outputstream, this is a question to improve my understanding of java.
FileOutputStream fos = null;
try{
log.info(String.format("file length: %s",streamAttach.length));
log.info(String.format("check File : %s",filename));
File f = new File(filename);
if(f.exists())
...
boolean done= f.createNewFile();//here comes the exception
//nothing of the following happens
if(!done)
throw new NWSException("error creating file");
log.info(String.format("file %s creato", nomeFile));
thank you in advance for any answer
I ran into this problem recently and found that java.io.File.createNewFile() actually requires the "Change Permissions" permission (you can find this entry under Security->Advanced when checking folder permissions). Without this it will create the file and then subsequently throw an IOException.
It's deceptive because you will still be able to create files on the folder when manually testing, however createNewFile() will still fail if it doesn't have this particular permission (presumably such that it can change the permissions on the file its creating).
If you are using Netapp that shares an NTFS (CIFS) style filesystem to Unix you could be experience "NFS is not allowed to change permissions on a file in an NTFS-style security volume." (TR-3490 page 16)
Options here are to change to a unix filesystem or set the cifs.ntfs_ignore_unix_security_ops flag to on for the file system which quiches the NFS permission error.
java.io.UnixFileSystem.createFileExclusively(Native Method) opens the file with the O_EXCL and 0666 umask so I would get a EACCES, which really was a NFS3RR_ACCES
open("/net/storage01-a/filer/myfile", O_RDWR|O_CREAT|O_EXCL, 0666) Err#13 EACCES
Also you can use OutputStream to create the file, that does not use O_EXCL it seemes
It definitely not Java specific problem. If this Unix folder is mapped to your windows try to open file explorer and create file in this directory. I believe that you will get permission denied too. In this case fix this problem or ask your system administrator to help you.
Good luck!