Bug 1363653
| Summary: | Tomcat security manager Error [EWS-2.1.1] | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Web Server 2 | Reporter: | Bogdan Sikora <bsikora> | ||||
| Component: | tomcat7 | Assignee: | Coty Sutherland <csutherl> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Bogdan Sikora <bsikora> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 2.1.1 | CC: | bprioux, dmichael, fgoldefu, jdoyle, pslavice, rsvoboda | ||||
| Target Milestone: | --- | ||||||
| Target Release: | 2.1.1 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-05-09 18:32:21 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
I'm unable to reproduce this on Fedora with Java6. I tested in EWS 2.1.0 and the 2.1.1 CR1 candidate. Did you make a request that yielded this stack? If so, what was it? Does it only affect Windows? The build that was tested for EWS_2.1.1 is the same source code (the build number was bumped because I had to build for win/sol) that was tested for the one-off to fix CVE-2015-5174 (which also included CVEs CVE-2014-7810 and CVE-2014-0230); the bug for that is https://bugzilla.redhat.com/show_bug.cgi?id=1273410. The only explanation that I have for this issue is that it was missed when build 21 was tested for the one-off. Can you try the one-off build and see if you can reproduce it there? Also, according to the upstream ASFBZ that was attached here, this is purely a cosmetic issue; the fix was to change the INFO log message to DEBUG. I don't think we should rebuild to resolve this, but we can if anyone deems it necessary. One need to reproduce it send a request to welcome page Was able to reproduce it with patched [1] EWS-2.1.0. It was missed. Rebuilding is not really necessary in my opinion, but it should be present in release notes as one can get scared. [1] https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=39183&product=webserver&version=2.1.0&downloadType=securityPatches From Betty Prioux, Content Strategist for EAP: *Please consider requires_doc_text set to + for this BZ.* I do not yet have ecs permissions to change this BZ value. The change is critical to let Coty work on the doc text ASAP. Fixed in JWS 3.1.0. Since it's just a cosmetic problem, I'm closing this wontfix. |
Created attachment 1186994 [details] catalina log Description of problem: Tomcat catalina log is filled with an exception java.security.AccessControlException: access denied after start. Tomcat7 with JDK1.6 How reproducible: Always Steps to Reproduce: 1. Start tomcat with security manager (Tomcat7 with JDK1.6) Actual results: Exception in catalina log Expected results: No exception in catalina log Additional info: EWS 2.1.0 works fine (Regression)