Tomcat 9.0 with security manager reports access denied












1















I started my Tomcat 9.0 on Windows 10 with:



-Djava.security.manager

-Djava.security.policy=C:Program FilesApache Software FoundationTomcat 9.0confcatalina.policy

-Djava.security.debug=access,failure


using a Connector of type org.apache.coyote.http11.Http11Nio2Protocol with enabled ssl.



Also I have only (my own) ROOT app running and nothing else.



Within catalina.policy I have defined (for a first test):



grant codeBase "file:${catalina.base}/webapps/ROOT/-" {

  permission java.security.AllPermission;

};


When I now check the tomcat9-stderr.log I found the following entries:



access: access denied ("java.util.PropertyPermission" "org.apache.juli.logging.UserDataHelper.CONFIG" "read")



java.lang.Exception: Stack trace

at java.lang.Thread.dumpStack(Unknown Source)

at java.security.AccessControlContext.checkPermission(Unknown Source)

at java.security.AccessController.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)

at java.lang.System.getProperty(Unknown Source)

at org.apache.tomcat.util.log.UserDataHelper.<init>(UserDataHelper.java:57)

at org.apache.coyote.AbstractProcessor.<init>(AbstractProcessor.java:90)

at org.apache.coyote.http2.StreamProcessor.<init>(StreamProcessor.java:56)

at org.apache.coyote.http2.Http2UpgradeHandler.processStreamOnContainerThread(Http2UpgradeHandler.java:261)

at org.apache.coyote.http2.Http2UpgradeHandler.headersEnd(Http2UpgradeHandler.java:1356)

at org.apache.coyote.http2.Http2AsyncUpgradeHandler.headersEnd(Http2AsyncUpgradeHandler.java:37)

at org.apache.coyote.http2.Http2Parser.onHeadersComplete(Http2Parser.java:583)

at org.apache.coyote.http2.Http2Parser.readHeadersFrame(Http2Parser.java:272)

at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.completed(Http2AsyncParser.java:167)

at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.completed(Http2AsyncParser.java:85)

at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.completed(Nio2Endpoint.java:1148)

at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.completed(Nio2Endpoint.java:1117)

at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:1047)

at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:992)

at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)

at sun.nio.ch.Invoker$2.run(Unknown Source)

at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Unknown Source)



access: domain that failed ProtectionDomain  null

 null

 <no principals>

 null


As well as two of these:



access: access denied ("java.lang.RuntimePermission" "accessClassInPackage.org.apache.tomcat.util.net")

java.lang.Exception: Stack trace

at java.lang.Thread.dumpStack(Unknown Source)

at java.security.AccessControlContext.checkPermission(Unknown Source)

at java.security.AccessController.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkPermission(Unknown Source)

at java.lang.SecurityManager.checkPackageAccess(Unknown Source)

at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at org.apache.tomcat.util.net.SecureNio2Channel.flush(SecureNio2Channel.java:196)

at org.apache.tomcat.util.net.SecureNio2Channel.close(SecureNio2Channel.java:585)

at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper.close(Nio2Endpoint.java:932)

at org.apache.coyote.http2.Http2UpgradeHandler.close(Http2UpgradeHandler.java:1010)

at org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:359)

at org.apache.coyote.http2.Http2AsyncUpgradeHandler.upgradeDispatch(Http2AsyncUpgradeHandler.java:37)

at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.failed(Http2AsyncParser.java:240)

at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.failed(Http2AsyncParser.java:85)

at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.failed(Nio2Endpoint.java:1184)

at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.failed(Nio2Endpoint.java:1117)

at org.apache.tomcat.util.net.SecureNio2Channel$2.failed(SecureNio2Channel.java:1055)

at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:1049)

at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:992)

at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)

at sun.nio.ch.Invoker$2.run(Unknown Source)

at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Unknown Source)



access: domain that failed ProtectionDomain  null

null

<no principals>

null


So I tried to add



permission java.util.PropertyPermission "org.apache.juli.logging.UserDataHelper.CONFIG", "read";

permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.net";


at different locations in the catalina.policy file (for webapps/ROOT/, CATALINA CODE PERMISSIONS, WEB APPLICATION PERMISSIONS).



But all these will not make the two access denied's go away.



So my question is how to clean up these two access denieds?






java tomcat java-security securitymanager tomcat9







share|improve this question



























    1















    I started my Tomcat 9.0 on Windows 10 with:



    -Djava.security.manager
    
-Djava.security.policy=C:Program FilesApache Software FoundationTomcat 9.0confcatalina.policy
    
-Djava.security.debug=access,failure


    using a Connector of type org.apache.coyote.http11.Http11Nio2Protocol with enabled ssl.



    Also I have only (my own) ROOT app running and nothing else.



    Within catalina.policy I have defined (for a first test):



    grant codeBase "file:${catalina.base}/webapps/ROOT/-" {
    
  permission java.security.AllPermission;
    
};


    When I now check the tomcat9-stderr.log I found the following entries:



    access: access denied ("java.util.PropertyPermission" "org.apache.juli.logging.UserDataHelper.CONFIG" "read")
    

    
java.lang.Exception: Stack trace
    
at java.lang.Thread.dumpStack(Unknown Source)
    
at java.security.AccessControlContext.checkPermission(Unknown Source)
    
at java.security.AccessController.checkPermission(Unknown Source)
    
at java.lang.SecurityManager.checkPermission(Unknown Source)
    
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
    
at java.lang.System.getProperty(Unknown Source)
    
at org.apache.tomcat.util.log.UserDataHelper.<init>(UserDataHelper.java:57)
    
at org.apache.coyote.AbstractProcessor.<init>(AbstractProcessor.java:90)
    
at org.apache.coyote.http2.StreamProcessor.<init>(StreamProcessor.java:56)
    
at org.apache.coyote.http2.Http2UpgradeHandler.processStreamOnContainerThread(Http2UpgradeHandler.java:261)
    
at org.apache.coyote.http2.Http2UpgradeHandler.headersEnd(Http2UpgradeHandler.java:1356)
    
at org.apache.coyote.http2.Http2AsyncUpgradeHandler.headersEnd(Http2AsyncUpgradeHandler.java:37)
    
at org.apache.coyote.http2.Http2Parser.onHeadersComplete(Http2Parser.java:583)
    
at org.apache.coyote.http2.Http2Parser.readHeadersFrame(Http2Parser.java:272)
    
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.completed(Http2AsyncParser.java:167)
    
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.completed(Http2AsyncParser.java:85)
    
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.completed(Nio2Endpoint.java:1148)
    
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.completed(Nio2Endpoint.java:1117)
    
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:1047)
    
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:992)
    
at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
    
at sun.nio.ch.Invoker$2.run(Unknown Source)
    
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
    
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    
at java.lang.Thread.run(Unknown Source)
    

    
access: domain that failed ProtectionDomain  null
    
 null
    
 <no principals>
    
 null


    As well as two of these:



    access: access denied ("java.lang.RuntimePermission" "accessClassInPackage.org.apache.tomcat.util.net")
    
java.lang.Exception: Stack trace
    
at java.lang.Thread.dumpStack(Unknown Source)
    
at java.security.AccessControlContext.checkPermission(Unknown Source)
    
at java.security.AccessController.checkPermission(Unknown Source)
    
at java.lang.SecurityManager.checkPermission(Unknown Source)
    
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
    
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
    
at java.lang.ClassLoader.loadClass(Unknown Source)
    
at java.lang.ClassLoader.loadClass(Unknown Source)
    
at org.apache.tomcat.util.net.SecureNio2Channel.flush(SecureNio2Channel.java:196)
    
at org.apache.tomcat.util.net.SecureNio2Channel.close(SecureNio2Channel.java:585)
    
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper.close(Nio2Endpoint.java:932)
    
at org.apache.coyote.http2.Http2UpgradeHandler.close(Http2UpgradeHandler.java:1010)
    
at org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:359)
    
at org.apache.coyote.http2.Http2AsyncUpgradeHandler.upgradeDispatch(Http2AsyncUpgradeHandler.java:37)
    
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.failed(Http2AsyncParser.java:240)
    
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.failed(Http2AsyncParser.java:85)
    
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.failed(Nio2Endpoint.java:1184)
    
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.failed(Nio2Endpoint.java:1117)
    
at org.apache.tomcat.util.net.SecureNio2Channel$2.failed(SecureNio2Channel.java:1055)
    
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:1049)
    
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:992)
    
at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
    
at sun.nio.ch.Invoker$2.run(Unknown Source)
    
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
    
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    
at java.lang.Thread.run(Unknown Source)
    

    
access: domain that failed ProtectionDomain  null
    
null
    
<no principals>
    
null


    So I tried to add



    permission java.util.PropertyPermission "org.apache.juli.logging.UserDataHelper.CONFIG", "read";
    
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.net";


    at different locations in the catalina.policy file (for webapps/ROOT/, CATALINA CODE PERMISSIONS, WEB APPLICATION PERMISSIONS).



    But all these will not make the two access denied's go away.



    So my question is how to clean up these two access denieds?






    java tomcat java-security securitymanager tomcat9







    share|improve this question

























      1












      1








      1








      I started my Tomcat 9.0 on Windows 10 with:



      -Djava.security.manager
      
-Djava.security.policy=C:Program FilesApache Software FoundationTomcat 9.0confcatalina.policy
      
-Djava.security.debug=access,failure


      using a Connector of type org.apache.coyote.http11.Http11Nio2Protocol with enabled ssl.



      Also I have only (my own) ROOT app running and nothing else.



      Within catalina.policy I have defined (for a first test):



      grant codeBase "file:${catalina.base}/webapps/ROOT/-" {
      
  permission java.security.AllPermission;
      
};


      When I now check the tomcat9-stderr.log I found the following entries:



      access: access denied ("java.util.PropertyPermission" "org.apache.juli.logging.UserDataHelper.CONFIG" "read")
      

      
java.lang.Exception: Stack trace
      
at java.lang.Thread.dumpStack(Unknown Source)
      
at java.security.AccessControlContext.checkPermission(Unknown Source)
      
at java.security.AccessController.checkPermission(Unknown Source)
      
at java.lang.SecurityManager.checkPermission(Unknown Source)
      
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
      
at java.lang.System.getProperty(Unknown Source)
      
at org.apache.tomcat.util.log.UserDataHelper.<init>(UserDataHelper.java:57)
      
at org.apache.coyote.AbstractProcessor.<init>(AbstractProcessor.java:90)
      
at org.apache.coyote.http2.StreamProcessor.<init>(StreamProcessor.java:56)
      
at org.apache.coyote.http2.Http2UpgradeHandler.processStreamOnContainerThread(Http2UpgradeHandler.java:261)
      
at org.apache.coyote.http2.Http2UpgradeHandler.headersEnd(Http2UpgradeHandler.java:1356)
      
at org.apache.coyote.http2.Http2AsyncUpgradeHandler.headersEnd(Http2AsyncUpgradeHandler.java:37)
      
at org.apache.coyote.http2.Http2Parser.onHeadersComplete(Http2Parser.java:583)
      
at org.apache.coyote.http2.Http2Parser.readHeadersFrame(Http2Parser.java:272)
      
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.completed(Http2AsyncParser.java:167)
      
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.completed(Http2AsyncParser.java:85)
      
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.completed(Nio2Endpoint.java:1148)
      
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.completed(Nio2Endpoint.java:1117)
      
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:1047)
      
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:992)
      
at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
      
at sun.nio.ch.Invoker$2.run(Unknown Source)
      
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
      
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      
at java.lang.Thread.run(Unknown Source)
      

      
access: domain that failed ProtectionDomain  null
      
 null
      
 <no principals>
      
 null


      As well as two of these:



      access: access denied ("java.lang.RuntimePermission" "accessClassInPackage.org.apache.tomcat.util.net")
      
java.lang.Exception: Stack trace
      
at java.lang.Thread.dumpStack(Unknown Source)
      
at java.security.AccessControlContext.checkPermission(Unknown Source)
      
at java.security.AccessController.checkPermission(Unknown Source)
      
at java.lang.SecurityManager.checkPermission(Unknown Source)
      
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
      
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
      
at java.lang.ClassLoader.loadClass(Unknown Source)
      
at java.lang.ClassLoader.loadClass(Unknown Source)
      
at org.apache.tomcat.util.net.SecureNio2Channel.flush(SecureNio2Channel.java:196)
      
at org.apache.tomcat.util.net.SecureNio2Channel.close(SecureNio2Channel.java:585)
      
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper.close(Nio2Endpoint.java:932)
      
at org.apache.coyote.http2.Http2UpgradeHandler.close(Http2UpgradeHandler.java:1010)
      
at org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:359)
      
at org.apache.coyote.http2.Http2AsyncUpgradeHandler.upgradeDispatch(Http2AsyncUpgradeHandler.java:37)
      
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.failed(Http2AsyncParser.java:240)
      
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.failed(Http2AsyncParser.java:85)
      
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.failed(Nio2Endpoint.java:1184)
      
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.failed(Nio2Endpoint.java:1117)
      
at org.apache.tomcat.util.net.SecureNio2Channel$2.failed(SecureNio2Channel.java:1055)
      
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:1049)
      
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:992)
      
at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
      
at sun.nio.ch.Invoker$2.run(Unknown Source)
      
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
      
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      
at java.lang.Thread.run(Unknown Source)
      

      
access: domain that failed ProtectionDomain  null
      
null
      
<no principals>
      
null


      So I tried to add



      permission java.util.PropertyPermission "org.apache.juli.logging.UserDataHelper.CONFIG", "read";
      
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.net";


      at different locations in the catalina.policy file (for webapps/ROOT/, CATALINA CODE PERMISSIONS, WEB APPLICATION PERMISSIONS).



      But all these will not make the two access denied's go away.



      So my question is how to clean up these two access denieds?






      java tomcat java-security securitymanager tomcat9







      share|improve this question














      I started my Tomcat 9.0 on Windows 10 with:



      -Djava.security.manager
      
-Djava.security.policy=C:Program FilesApache Software FoundationTomcat 9.0confcatalina.policy
      
-Djava.security.debug=access,failure


      using a Connector of type org.apache.coyote.http11.Http11Nio2Protocol with enabled ssl.



      Also I have only (my own) ROOT app running and nothing else.



      Within catalina.policy I have defined (for a first test):



      grant codeBase "file:${catalina.base}/webapps/ROOT/-" {
      
  permission java.security.AllPermission;
      
};


      When I now check the tomcat9-stderr.log I found the following entries:



      access: access denied ("java.util.PropertyPermission" "org.apache.juli.logging.UserDataHelper.CONFIG" "read")
      

      
java.lang.Exception: Stack trace
      
at java.lang.Thread.dumpStack(Unknown Source)
      
at java.security.AccessControlContext.checkPermission(Unknown Source)
      
at java.security.AccessController.checkPermission(Unknown Source)
      
at java.lang.SecurityManager.checkPermission(Unknown Source)
      
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
      
at java.lang.System.getProperty(Unknown Source)
      
at org.apache.tomcat.util.log.UserDataHelper.<init>(UserDataHelper.java:57)
      
at org.apache.coyote.AbstractProcessor.<init>(AbstractProcessor.java:90)
      
at org.apache.coyote.http2.StreamProcessor.<init>(StreamProcessor.java:56)
      
at org.apache.coyote.http2.Http2UpgradeHandler.processStreamOnContainerThread(Http2UpgradeHandler.java:261)
      
at org.apache.coyote.http2.Http2UpgradeHandler.headersEnd(Http2UpgradeHandler.java:1356)
      
at org.apache.coyote.http2.Http2AsyncUpgradeHandler.headersEnd(Http2AsyncUpgradeHandler.java:37)
      
at org.apache.coyote.http2.Http2Parser.onHeadersComplete(Http2Parser.java:583)
      
at org.apache.coyote.http2.Http2Parser.readHeadersFrame(Http2Parser.java:272)
      
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.completed(Http2AsyncParser.java:167)
      
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.completed(Http2AsyncParser.java:85)
      
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.completed(Nio2Endpoint.java:1148)
      
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.completed(Nio2Endpoint.java:1117)
      
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:1047)
      
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:992)
      
at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
      
at sun.nio.ch.Invoker$2.run(Unknown Source)
      
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
      
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      
at java.lang.Thread.run(Unknown Source)
      

      
access: domain that failed ProtectionDomain  null
      
 null
      
 <no principals>
      
 null


      As well as two of these:



      access: access denied ("java.lang.RuntimePermission" "accessClassInPackage.org.apache.tomcat.util.net")
      
java.lang.Exception: Stack trace
      
at java.lang.Thread.dumpStack(Unknown Source)
      
at java.security.AccessControlContext.checkPermission(Unknown Source)
      
at java.security.AccessController.checkPermission(Unknown Source)
      
at java.lang.SecurityManager.checkPermission(Unknown Source)
      
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
      
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
      
at java.lang.ClassLoader.loadClass(Unknown Source)
      
at java.lang.ClassLoader.loadClass(Unknown Source)
      
at org.apache.tomcat.util.net.SecureNio2Channel.flush(SecureNio2Channel.java:196)
      
at org.apache.tomcat.util.net.SecureNio2Channel.close(SecureNio2Channel.java:585)
      
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper.close(Nio2Endpoint.java:932)
      
at org.apache.coyote.http2.Http2UpgradeHandler.close(Http2UpgradeHandler.java:1010)
      
at org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:359)
      
at org.apache.coyote.http2.Http2AsyncUpgradeHandler.upgradeDispatch(Http2AsyncUpgradeHandler.java:37)
      
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.failed(Http2AsyncParser.java:240)
      
at org.apache.coyote.http2.Http2AsyncParser$FrameCompletionHandler.failed(Http2AsyncParser.java:85)
      
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.failed(Nio2Endpoint.java:1184)
      
at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler.failed(Nio2Endpoint.java:1117)
      
at org.apache.tomcat.util.net.SecureNio2Channel$2.failed(SecureNio2Channel.java:1055)
      
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:1049)
      
at org.apache.tomcat.util.net.SecureNio2Channel$2.completed(SecureNio2Channel.java:992)
      
at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
      
at sun.nio.ch.Invoker$2.run(Unknown Source)
      
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
      
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      
at java.lang.Thread.run(Unknown Source)
      

      
access: domain that failed ProtectionDomain  null
      
null
      
<no principals>
      
null


      So I tried to add



      permission java.util.PropertyPermission "org.apache.juli.logging.UserDataHelper.CONFIG", "read";
      
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.net";


      at different locations in the catalina.policy file (for webapps/ROOT/, CATALINA CODE PERMISSIONS, WEB APPLICATION PERMISSIONS).



      But all these will not make the two access denied's go away.



      So my question is how to clean up these two access denieds?






      java tomcat java-security securitymanager tomcat9




      java tomcat java-security securitymanager tomcat9






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 18 at 12:25









      PowerStatPowerStat

      611622




      611622
























          0






          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54254003%2ftomcat-9-0-with-security-manager-reports-access-denied%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54254003%2ftomcat-9-0-with-security-manager-reports-access-denied%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Callistus III

          Image
          Callistus III Res apud Vicidata repertae: Nativitas : 8 Ianuarii 1379 ; Canals Obitus : 15 Augusti 1458 ; Roma Patria : Corona Aragoniae Nomen nativum : Alonso de Borja i Llançol Pontificatus 1455 - 1458 Praecessor : Nicolaus V Successor : Pius II Insignia heraldica Callistus III (natus Alphonsus de Borgia Hispanice Alonso de Borja y Borja , Italiane Alfonso Borgia , die 31 Decembris 1378 Saetabis Augustae in Hispania apud Valentiam - obiit die 6 Augusti 1458), papa catholicus episcopus Romanus a die 8 Aprilis 1455 erat. Vita | Alphonsus de Borgia studuit iuri canonico Ilerdae. Postea iuris consultus antipapae Benedicti XIII et regis Alphonsi V Aragoniae fit. Anno 1444 episcopus Valentiae factus est. Anno 1444 a papa Eugenio IV Cardinalis Sanctae Romanae Ecclesiae creatus est. Bibliographia | Friedrich Wilhelm Bautz, "CALIXT III., Papst" in Biographisch-Bibliographisches Kirchenlexikon  vol. 1 (Hammonae, 1975; reimpr. 1990. ISBN 3-88...
          Read more

          Plistias Cous

          Plistias Cous (Graece Πλειστίας ), qui saeculo IV a.C.n. exeunte floruit, insulae Coi incola, fuit anno 306 a.C.n. pro Demetrio Poliorceta dux classium. Ille enim navigator principalis fuit classis omnis; ille una cum Hegesippo Halicarnassensi in proelio iuxta Salaminem Cypri commisso praefuit alae dextrae. Fontes | Diodorus Siculus, Bibliotheca historica 20.50.4 Bibliographia | "Prosopography of Antigonos's Friends and Subordinates" in Richard A. Billows, Antigonos the One-Eyed and the Creation of the Hellenistic State (Berkeley: University of California Press, 1990) no. 98, p. 425 H. Hauben, Het vlootbevelhebberschap in de vroege Diadochen tijd (Bruxellis, 1975) pp. 78, 117-119 T. Lenschau, "Pleistias" in Paulys Real-Enzyklopädie der classischen Altertumswissenschaft edd. G. Wissowa et alii (Stuttgart, 1893-1972 ~ ~) This page is only for reference, If you need detailed information, please check here
          Read more

          Index Sanctorum

          Index Sanctorum Sanctus, -i n. Religio Christiana . Sancti | Index A B C D E F G H I L M N O P Q R S T U V X Z Vide etiam — Nexus externi Index hic non iuxta normas Ecclesiae Catholicae Romanae est factus, cum plurimos tenet qui a ecclesia non agnoscuntur. A | Abundius episcopus Adalbertus (episcopus Pragensis) Aegidius abbas Agapetus I Agapitus Praenestinus Agatha Catanensis Agatho Agnes de Bohemia Agnes Romana Albertus Hurtado Albertus Magnus Alexander I Aloisius Gonzaga Aloisius Orione Alphonsus a Ligorio Ambrosius Anastasius I (papa) Andreas (apostolus) Anicetus (papa) Anscharius (archiepiscopus Hamburgensis-Bremensis) Anterus Antonius Patavinus Antonius abbas Antoninus Natolii de Pactis Athanasius Alexandrinus Augustinus Augustinus Cantuariensis Avitus B | Bartholomaeus (apostolus) Basilius (beatus) Basilius Magnus Basilius Ostrogiensis Beda Benedictus de Nursia Benedictus II Bernadetta Lapurdensis Bernardus ...
          Read more