我已经在启用 SSL 的 tomcat 6 上部署了一个 Web 应用程序(example.war)。
当我在没有安全管理器的情况下启动 tomcat 并尝试使用 url: 连接到服务器时,"https://localhost:8443/example"
它成功连接并显示 index.jsp 文件(欢迎文件)的内容。
但是当我用安全管理器启动tomcat时,它在浏览器(firefox)上显示相同url的以下错误。
Secure Connection Failed
An error occurred during a connection to localhost:8443.
Peer reports it experienced an internal error.
(Error code: ssl_error_internal_error_alert)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
这是 catalina.policy 中提供的权限
grant {
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "java.naming.*", "read";
permission java.util.PropertyPermission "javax.sql.*", "read";
// OS Specific properties to allow read access
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
// JVM properties to allow read access
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
// Required for OpenJMX
permission java.lang.RuntimePermission "getAttribute";
// Allow read of JAXP compliant XML parser debug
permission java.util.PropertyPermission "jaxp.debug", "read";
// Precompiled JSPs need access to these packages.
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.util";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
// Precompiled JSPs need access to these system properties.
permission java.util.PropertyPermission
"org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
permission java.util.PropertyPermission "org.apache.el.parser.COERCE_TO_ZERO", "read";
};
grant codeBase "file:${catalina.base}/webapps/example/-" {
permission java.security.AllPermission;
};
当我提供如下所有权限时,它工作正常:
grant {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/webapps/example/-" {
permission java.security.AllPermission;
};
我想知道我应该添加哪些特定权限以便在不提供 AllPermission 的情况下使其工作?