0

I'm trying to use Tomcat's Security Manager with my web application but I keep getting the following error message:

java.security.policy: error adding Entry:
    java.net.MalformedURLException: unknown protocol: war

To investigate, I created a clean installation of the latest version of Tomcat. Then I packed up the "examples" app into a war file. Tomcat's catalina.policy file comes with a commented-out example configuration for examples.war, so I un-commented it out, and gave it permission java.security.AllPermission.

When I run "bin\startup.bat -security", there's no error message, but when I tested it by adding a jsp to the "examples" app and .war that opens a file it fails with an AccessControlException, so I don't think the protection domain setting took effect.

When I run as a service, the stderr file shows the MalformedURLException shown above, and the test JSP still results in the AccessControlException.

So it looks to me like for some reason, the parser for the catalina.policy file doesn't know how to deal with protection domains for war files, even though the Security Manager HOW-TO clearly states that it should and the catalina.policy file shows examples of what it should look like.

The relevant portion of my catalina.policy file looks like this:

// To grant permissions for web applications using packed WAR files, use the
// Tomcat specific WAR url scheme.
//
// The permissions granted to the entire web application
grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" {
        permission java.security.AllPermission;
};

The following snippet from the stderr log shows the error message and relevant Tomcat configuration:

2019-04-15 14:35:59 Commons Daemon procrun stderr initialized
java.security.policy: error adding Entry:
    java.net.MalformedURLException: unknown protocol: war
15-Apr-2019 14:36:00.500 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/8.5.40
15-Apr-2019 14:36:00.505 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Apr 10 2019 14:31:19 UTC
15-Apr-2019 14:36:00.505 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:         8.5.40.0
15-Apr-2019 14:36:00.505 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Windows 7
15-Apr-2019 14:36:00.505 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            6.1
15-Apr-2019 14:36:00.505 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
15-Apr-2019 14:36:00.505 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             C:\Program Files\Java\jdk1.8.0_202\jre
15-Apr-2019 14:36:00.506 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_202-b08
15-Apr-2019 14:36:00.506 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
15-Apr-2019 14:36:00.506 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         C:\apache-tomcat-8.5.40
15-Apr-2019 14:36:00.506 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         C:\apache-tomcat-8.5.40
15-Apr-2019 14:36:00.506 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=C:\apache-tomcat-8.5.40
15-Apr-2019 14:36:00.506 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=C:\apache-tomcat-8.5.40
15-Apr-2019 14:36:00.506 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=C:\apache-tomcat-8.5.40\endorsed
15-Apr-2019 14:36:00.506 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=C:\apache-tomcat-8.5.40\temp
15-Apr-2019 14:36:00.506 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
15-Apr-2019 14:36:00.507 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=C:\apache-tomcat-8.5.40\conf\logging.properties
15-Apr-2019 14:36:00.507 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.security.manager
15-Apr-2019 14:36:00.507 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.security.policy=C:\apache-tomcat-8.5.40\conf\catalina.policy
15-Apr-2019 14:36:00.507 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: exit
15-Apr-2019 14:36:00.507 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: abort
15-Apr-2019 14:36:00.507 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms512m
15-Apr-2019 14:36:00.508 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx1024m

Thanks in advance for any insight you can provide.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Browse other questions tagged or ask your own question.