Menu
▾
▴
php-java-bridge-users — PHP/Java Bridge mailing list
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(6) |
Oct
(6) |
Nov
(8) |
Dec
(2) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
(19) |
Feb
(15) |
Mar
(10) |
Apr
(8) |
May
(7) |
Jun
(9) |
Jul
(13) |
Aug
(31) |
Sep
(111) |
Oct
(52) |
Nov
(72) |
Dec
(42) |
| 2006 |
Jan
(21) |
Feb
(32) |
Mar
(33) |
Apr
(24) |
May
(15) |
Jun
(40) |
Jul
(32) |
Aug
(19) |
Sep
(38) |
Oct
(37) |
Nov
(63) |
Dec
(37) |
| 2007 |
Jan
(18) |
Feb
(39) |
Mar
(69) |
Apr
(49) |
May
(71) |
Jun
(59) |
Jul
(71) |
Aug
(85) |
Sep
(46) |
Oct
(14) |
Nov
(25) |
Dec
(56) |
| 2008 |
Jan
(24) |
Feb
(77) |
Mar
(104) |
Apr
(44) |
May
(41) |
Jun
(11) |
Jul
(31) |
Aug
(59) |
Sep
(44) |
Oct
(86) |
Nov
(66) |
Dec
(93) |
| 2009 |
Jan
(88) |
Feb
(41) |
Mar
(49) |
Apr
(135) |
May
(22) |
Jun
(31) |
Jul
(60) |
Aug
(71) |
Sep
(76) |
Oct
(18) |
Nov
(52) |
Dec
(20) |
| 2010 |
Jan
(8) |
Feb
(50) |
Mar
(35) |
Apr
(48) |
May
(46) |
Jun
(84) |
Jul
(38) |
Aug
(61) |
Sep
(51) |
Oct
(31) |
Nov
(17) |
Dec
(18) |
| 2011 |
Jan
(51) |
Feb
(14) |
Mar
(17) |
Apr
(23) |
May
(15) |
Jun
(11) |
Jul
(5) |
Aug
(5) |
Sep
(15) |
Oct
(8) |
Nov
(5) |
Dec
(25) |
| 2012 |
Jan
(2) |
Feb
(4) |
Mar
(6) |
Apr
(9) |
May
(27) |
Jun
(32) |
Jul
(36) |
Aug
(10) |
Sep
(16) |
Oct
(3) |
Nov
(13) |
Dec
(7) |
| 2013 |
Jan
(1) |
Feb
(4) |
Mar
|
Apr
(1) |
May
|
Jun
(2) |
Jul
|
Aug
(1) |
Sep
(4) |
Oct
(2) |
Nov
(1) |
Dec
|
| 2014 |
Jan
|
Feb
|
Mar
(2) |
Apr
(1) |
May
(2) |
Jun
(9) |
Jul
(5) |
Aug
(2) |
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2015 |
Jan
(3) |
Feb
(2) |
Mar
(4) |
Apr
(3) |
May
(1) |
Jun
(2) |
Jul
|
Aug
(2) |
Sep
(5) |
Oct
(1) |
Nov
|
Dec
|
| 2016 |
Jan
|
Feb
(5) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(3) |
Oct
|
Nov
|
Dec
|
| 2017 |
Jan
(6) |
Feb
|
Mar
|
Apr
(10) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
|
| 2018 |
Jan
(2) |
Feb
(5) |
Mar
|
Apr
|
May
(1) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2020 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
(5) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
|
|
|
|
1
|
2
(4) |
3
(1) |
4
|
|
5
|
6
|
7
(9) |
8
(26) |
9
|
10
|
11
(3) |
|
12
|
13
|
14
(3) |
15
|
16
(1) |
17
(6) |
18
(2) |
|
19
(2) |
20
(8) |
21
(11) |
22
(3) |
23
(1) |
24
(8) |
25
(2) |
|
26
(1) |
27
(5) |
28
(6) |
29
(17) |
30
(16) |
|
|
|
From: <php...@li...> - 2009-04-30 17:53:05
|
Okay, thanks, I have the file now. Looks okay.
Unfortunately I dont have the time to follow your project at the moment, but
I can set up a debian server next week to help you to test your code.
Regards,
Jost Boekemeier
Apr 30, 2009 7:36 nachm. schrieb am <
php...@li...>:
<3af...@ma...>
<200...@te...> <
3af...@ma...>
Message-ID: <d9c817cbb46a25537554979e67e27623@localhost>
X-Sender: and...@te... Received: from 161.148.54.70
[161.148.54.70] with HTTP/1.1 (...
2009 06:37:39 -0300
User-Agent: RoundCube Webmail/0.1
Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit
Hello, Jost
Maybe the attachment was stripped by sf.net server.
The file is at cvs repository now, at HEAD, at /server directory (is it the
best location?).
I am not a security expert, so I left the file as it is now at cvs (enough
for
development) and will study SELinux apps debian packaging procedures next
week.
Good luck!
Andre Felipe
On Thu, 30 Apr 2009 19:16:18 +0200,
php...@li... wrote: > Hi Andre, >
> I am moving to Hamburg , so I probably won't have much time until next >
week. > > The attachm...
------------------------------------------------------------------------------
Register Now & Save f...
|
|
From: <php...@li...> - 2009-04-30 17:35:54
|
<3af...@ma...> <200...@te...> <3af...@ma...> Message-ID: <d9c817cbb46a25537554979e67e27623@localhost> X-Sender: and...@te... Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Thu, 30 Apr 2009 06:37:39 -0300 User-Agent: RoundCube Webmail/0.1 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Hello, Jost Maybe the attachment was stripped by sf.net server. The file is at cvs repository now, at HEAD, at /server directory (is it the best location?). I am not a security expert, so I left the file as it is now at cvs (enough for development) and will study SELinux apps debian packaging procedures next week. Good luck! Andre Felipe On Thu, 30 Apr 2009 19:16:18 +0200, php...@li... wrote: > Hi Andre, > > I am moving to Hamburg , so I probably won't have much time until next > week. > > The attachment didn't come through, btw. My telefone cannot decode base64 > attachments, yet. I assume that you have added some rules to allow php to > execute scripts. > > But I am not yet convinced that a strict java policy is worth the trouble. > The biggest security hole is php itself, not some missing java policy. > > Regards, > Jost Boekemeier |
|
From: <php...@li...> - 2009-04-30 17:30:02
|
Hello,
I tested in Debian Lenny with an apache2(with mod_jk)+tomcat5.5,
configuring
/etc/php5/apache2/php.ini for
allow_url_include = On
(dangerous, only for development environment)
and using a test.php code from the FAQ.html code at apache2 doc root:
<?php
require_once("http://localhost:8180/JavaBridge/java/Java.inc");
echo java("java.lang.System")->getProperties();
?>
Use your own tomcat configured port number.
It worked as expected using the 5.4.4.2-1 j2ee deb package built from cvs,
placing the new file
60JavaBridge.policy
by hand where and as previously explained.
The 5.4.4.2-1 j2ee debian package is unfinished and only available at cvs
repository
and will not be released for binary download.
Build it from cvs following the README.Debian instructions.
The 60JavaBridge.policy file is available only at the repository HEAD by
now.
Please, test them and send suggestions and improvements to the list.
Regards.
Andre Felipe Machado
--
http://www.techforce.com.br
A Debian user never dies. Issues a last command:
#shutdown -h now
On Thu, 30 Apr 2009 05:00:26 -0300,
php...@li... wrote:
>
> On Thu, 30 Apr 2009 11:27:39 +0200,
>
> php...@li... wrote:
>
>> Hello,
>
>>
>
>> Building from repo solved the problem, calling from tomcat, and linking
>
>> JavaBridge to the webroot, it works.
>
>>
>
>> But the page is'nt found the java_set_library_path php function.
>
>> I have a webpage with an old apache-php-javabridge engine (with
>
>> php-java-bridge 4.0.8). When I started the apache, it starts a java
>
>> process
>
>> listenin on port 9267.
>
>> I want to migrate it to Debian lenny. With the new version of
>
>> php-java-brigde is it possible?
>
>>
>
>> (I think, the java.so starts this process, and it would be better, if I
>
>> can
>
>> leave the tomcat...)
>
>>
>
>> Thanks:
>
>>
>
>> --
>
>> dv,
>
>> Ricsi
|
|
From: <php...@li...> - 2009-04-30 17:16:27
|
Hi Andre,
I am moving to Hamburg , so I probably won't have much time until next week.
The attachment didn't come through, btw. My telefone cannot decode base64
attachments, yet. I assume that you have added some rules to allow php to
execute scripts.
But I am not yet convinced that a strict java policy is worth the trouble.
The biggest security hole is php itself, not some missing java policy.
Regards,
Jost Boekemeier
Apr 30, 2009 5:22 nachm. schrieb am <
php...@li...>:
<3af...@ma...>
<200...@te...> <
3af...@ma...>
Message-ID: <c9c697971c219098321333260d0499fd@localhost>
X-Sender: and...@te...
Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Thu, 30
Apr
2009 04:23:36 -0300
User-Agent: RoundCube Webmail/0.1
Content-Type: multipart/mixed;
boundary="=_dc5421aa863da9665eab1d712707c42b"
--=_dc5421aa863da9665eab1d712707c42b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Hello, Jost
I tested today against Tomcat 5.5 with the attached
/etc/tomcat5.5/policy.d/60JavaBridge.policy
with ideas taken from project's /server/javabridge.policy and
it worked with auto-deploy of JavaBridge.war, using
bridge deb package compiled from cvs.
The file is not at the repository, yet (will include the gpl
header at least).
Unfortunately I will likely not have time to test against
Debian Tomcat 6.x until next week.
The debian package at cvs is prepared to work with tomcat 5.5,
so I expect some effort ahead to debug this.
A regular debian package installing files at tomcat system lib dir
should be avoided whenever possible.
As it is working at the debian tomcat5.5 with auto-deploying, I will
try to test with debian tomcat 6 and get it working in similar way.
I am not a security expert, so if the tomcat security is not enough,
will have to package the javabridge selinux configurations.
I guess there is a debian way to package these configs too.
Regards.
Andre Felipe Machado
http://www.techforce.com.br
On Thu, 30 Apr 2009 08:28:12 +0200,
php...@li... wrote:
> Hi Andre,
>
> I have just tested it on a tomcat 6.0.18 running with -security switched
> on.
> It stops the PhpCGIServlet from executing /bin/sh.
>
> This can be solved by removing the JavaBridge.jar, php-servlet.jar and
> php-script.jar from the application "JavaBridge.war", and adding them to
> the
> shared library dir TOMCAT_HOME/lib/ instead. Neither additional security
> declarations nor manipulations of global, shared XML files are necessary
> to
> fix this problem.
>
> It is true that PHP scripts may do foolish things like killing all other
> running php scripts, <?php system("killall php")?>, or even its own java
> container, <?php system("killall java");?>, but Java security doesn't
> help.
> The best way to secure PHP scripts is to use "Security Enhanced Linux"
> rules. RedHat Fedora and Enterprise Linux already contains these rules.
> Rules for the PHP/Java Bridge are contained in the security folder of the
> redhat RPM, and applied when the RPM is installed.
>
> Regards,
> Jost Boekemeier
--=_dc5421aa863da9665eab1d712707c42b
Content-Transfer-Encoding: base64
Content-Type: application/octet-stream; name="60JavaBridge.policy";
charset="UTF-8"
Content-Disposition: attachment; filename="60JavaBridge.policy"
IyBDb3B5cmlnaHQgKEMpIDIwMDkgIEFuZHJlIEZlbGlwZSBNYWNoYWRvIDxhbmRyZW1hY2hhZG9A
dGVjaGZvcmNlLmNvbS5icj4KIyBhbmQgcGhwLWphdmEtYnJpZGdlIHByb2plY3QgaHR0cDovL3Bo
cC1qYXZhLWJyaWRnZS5zb3VyY2Vmb3JnZS5uZXQKCiMgVGhpcyBwcm9ncmFtIGlzIGZyZWUgc29m
dHdhcmU6IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0IGFuZC9vciBtb2RpZnkKIyBpdCB1bmRlciB0
aGUgdGVybXMgb2YgdGhlIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGFzIHB1Ymxpc2hlZCBi
eQojIHRoZSBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIGVpdGhlciB2ZXJzaW9uIDMgb2YgdGhl
IExpY2Vuc2UsIG9yCiMgYW55IGxhdGVyIHZlcnNpb24uCiMKIyBUaGlzIHByb2dyYW0gaXMgZGlz
dHJpYnV0ZWQgaW4gdGhlIGhvcGUgdGhhdCBpdCB3aWxsIGJlIHVzZWZ1bCwKIyBidXQgV0lUSE9V
VCBBTlkgV0FSUkFOVFk7IHdpdGhvdXQgZXZlbiB0aGUgaW1wbGllZCB3YXJyYW50eSBvZgojIE1F
UkNIQU5UQUJJTElUWSBvciBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRS4gIFNlZSB0
aGUKIyBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSBmb3IgbW9yZSBkZXRhaWxzLgojCiMgWW91
IHNob3VsZCBoYXZlIHJlY2VpdmVkIGEgY29weSBvZiB0aGUgR05VIEdlbmVyYWwgUHVibGljIExp
Y2Vuc2UKIyBhbG9uZyB3aXRoIHRoaXMgcHJvZ3JhbS4gIElmIG5vdCwgc2VlIDxodHRwOi8vd3d3
LmdudS5vcmcvbGljZW5zZXMvPi4KCgovLyBUaGlzIHBocC1qYXZhLWJyaWRnZSBzZWN1cml0eSBp
cyB0b28gcGVybWlzc2l2ZSBhbmQgc3VpdGFibGUgZm9yIGRldmVsb3BtZW50IHRlc3RzIG9ubHku
Ci8vIEZvciBwcm9kdWN0aW9uIGVudmlyb25tZW50IGEgbW9yZSBzdHJpY3Qgc2VjdXJpdHkgaXMg
bmVlZGVkLgovLyBUaGlzIGZpbGUgd2FzIHRlc3RlZCBhdCBwbGFjZW1lbnQ6Ci8vIC9ldGMvdG9t
Y2F0NS41L3BvbGljeS5kLzYwSmF2YUJyaWRnZS5wb2xpY3kKLy8gUGxlYXNlLCBjb250cmlidXRl
IHlvdXIgc2VjdXJpdHkgY29uZmlndXJhdGlvbiB0byB0aGUgcGhwLWphdmEtYnJpZGdlIHByb2pl
Y3QuCi8vIEFzIG9mIHBocC1qYXZhLWJyaWRnZSA1LjQuNC4yLCB0aGUgSmF2YSBlbmdpbmUgc2Vj
dXJpdHkgaXMgbm90IGFjdHVhbGx5IGVub3VnaCBmb3IKLy8gYmxvY2tpbmcgbWFsaWNpb3VzIGNv
ZGUgZnJvbSBwaHAuIFRoZSByZWFsIHNvbHV0aW9uIHNob3VsZCBiZSB1c2luZyAKLy8gU2VjdXJp
dHkgRW5oYW5jZWQgTGludXggcG9saWNpZXMuCgpncmFudCBjb2RlQmFzZSAiZmlsZToke2NhdGFs
aW5hLmJhc2V9L3dlYmFwcHMvSmF2YUJyaWRnZS8tIiB7IHBlcm1pc3Npb24gamF2YS5zZWN1cml0
eS5BbGxQZXJtaXNzaW9uOyB9OwoKLy8gRm9yIGRldmVsb3BtZW50IG9ubHksIHlvdSBtYXkgZXZl
biBjb21tZW50IG91dCB0aGUgZm9sbG93aW5nIGNvbmZpZ3VyYXRpb246CgpncmFudCB7CiAgcGVy
bWlzc2lvbiBqYXZhLmlvLkZpbGVQZXJtaXNzaW9uICIke3VzZXIuaG9tZX0key99LSIsICJyZWFk
LHdyaXRlLGRlbGV0ZSI7CiAgcGVybWlzc2lvbiBqYXZhLmlvLkZpbGVQZXJtaXNzaW9uICIke2ph
dmEuaW8udG1wZGlyfSR7L30tIiwgInJlYWQsd3JpdGUsZGVsZXRlIjsKICBwZXJtaXNzaW9uIGph
dmEuaW8uRmlsZVBlcm1pc3Npb24gIiR7amF2YS5ob21lfSR7L30tIiwgInJlYWQiOwogIHBlcm1p
c3Npb24gamF2YS51dGlsLlByb3BlcnR5UGVybWlzc2lvbiAiKiIsICJyZWFkIjsKICBwZXJtaXNz
aW9uIGphdmEubGFuZy5SdW50aW1lUGVybWlzc2lvbiAiZ2V0Q2xhc3NMb2FkZXIiOwogIHBlcm1p
c3Npb24gamF2YS5sYW5nLlJ1bnRpbWVQZXJtaXNzaW9uICJhY2Nlc3NDbGFzc0luUGFja2FnZS5z
dW4udG9vbHMuKiI7Cn07Cgo=
--=_dc5421aa863da9665eab1d712707c42b--
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
php-java-bridge-users mailing list
php...@li...
https://lists.sourceforge.net/lists/listinfo/php-java-bridge-users
|
|
From: <php...@li...> - 2009-04-30 15:58:43
|
<609cdaeaac8c01f45596942c256c10fc@localhost> <E83...@of...> Message-ID: <ba4d7118fbb69120b69201f4c9ef3087@localhost> X-Sender: and...@te... Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Thu, 30 Apr 2009 05:00:26 -0300 User-Agent: RoundCube Webmail/0.1 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Hello, I will test with an apache2+tomcat with mod_jk installation next week. Just commited an initial 60JavaBridge.policy to repository, but it is not packaged yet. It is working with a tomcat5.5 with auto-deply enabled. Should work with a manually deployed war file through the tomcat manager interface too. The php-java-bridge C implementation is deprecated, afaik. See the FAQ.html. Thanks. Andre Felipe -- http://www.techforce.com.br A Debian user never dies. Issues a last command: #shutdown -h now On Thu, 30 Apr 2009 11:27:39 +0200, php...@li... wrote: > Hello, > > Building from repo solved the problem, calling from tomcat, and linking > JavaBridge to the webroot, it works. > > But the page is'nt found the java_set_library_path php function. > I have a webpage with an old apache-php-javabridge engine (with > php-java-bridge 4.0.8). When I started the apache, it starts a java > process > listenin on port 9267. > I want to migrate it to Debian lenny. With the new version of > php-java-brigde is it possible? > > (I think, the java.so starts this process, and it would be better, if I > can > leave the tomcat...) > > Thanks: > > -- > Ãdv, > Ricsi |
|
From: <php...@li...> - 2009-04-30 15:21:53
|
<3af...@ma...> <200...@te...> <3af...@ma...> Message-ID: <c9c697971c219098321333260d0499fd@localhost> X-Sender: and...@te... Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Thu, 30 Apr 2009 04:23:36 -0300 User-Agent: RoundCube Webmail/0.1 Content-Type: multipart/mixed; boundary="=_dc5421aa863da9665eab1d712707c42b" --=_dc5421aa863da9665eab1d712707c42b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Hello, Jost I tested today against Tomcat 5.5 with the attached /etc/tomcat5.5/policy.d/60JavaBridge.policy with ideas taken from project's /server/javabridge.policy and it worked with auto-deploy of JavaBridge.war, using bridge deb package compiled from cvs. The file is not at the repository, yet (will include the gpl header at least). Unfortunately I will likely not have time to test against Debian Tomcat 6.x until next week. The debian package at cvs is prepared to work with tomcat 5.5, so I expect some effort ahead to debug this. A regular debian package installing files at tomcat system lib dir should be avoided whenever possible. As it is working at the debian tomcat5.5 with auto-deploying, I will try to test with debian tomcat 6 and get it working in similar way. I am not a security expert, so if the tomcat security is not enough, will have to package the javabridge selinux configurations. I guess there is a debian way to package these configs too. Regards. Andre Felipe Machado http://www.techforce.com.br On Thu, 30 Apr 2009 08:28:12 +0200, php...@li... wrote: > Hi Andre, > > I have just tested it on a tomcat 6.0.18 running with -security switched > on. > It stops the PhpCGIServlet from executing /bin/sh. > > This can be solved by removing the JavaBridge.jar, php-servlet.jar and > php-script.jar from the application "JavaBridge.war", and adding them to > the > shared library dir TOMCAT_HOME/lib/ instead. Neither additional security > declarations nor manipulations of global, shared XML files are necessary > to > fix this problem. > > It is true that PHP scripts may do foolish things like killing all other > running php scripts, <?php system("killall php")?>, or even its own java > container, <?php system("killall java");?>, but Java security doesn't > help. > The best way to secure PHP scripts is to use "Security Enhanced Linux" > rules. RedHat Fedora and Enterprise Linux already contains these rules. > Rules for the PHP/Java Bridge are contained in the security folder of the > redhat RPM, and applied when the RPM is installed. > > Regards, > Jost Boekemeier --=_dc5421aa863da9665eab1d712707c42b Content-Transfer-Encoding: base64 Content-Type: application/octet-stream; name="60JavaBridge.policy"; charset="UTF-8" Content-Disposition: attachment; filename="60JavaBridge.policy" IyBDb3B5cmlnaHQgKEMpIDIwMDkgIEFuZHJlIEZlbGlwZSBNYWNoYWRvIDxhbmRyZW1hY2hhZG9A dGVjaGZvcmNlLmNvbS5icj4KIyBhbmQgcGhwLWphdmEtYnJpZGdlIHByb2plY3QgaHR0cDovL3Bo cC1qYXZhLWJyaWRnZS5zb3VyY2Vmb3JnZS5uZXQKCiMgVGhpcyBwcm9ncmFtIGlzIGZyZWUgc29m dHdhcmU6IHlvdSBjYW4gcmVkaXN0cmlidXRlIGl0IGFuZC9vciBtb2RpZnkKIyBpdCB1bmRlciB0 aGUgdGVybXMgb2YgdGhlIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGFzIHB1Ymxpc2hlZCBi eQojIHRoZSBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIGVpdGhlciB2ZXJzaW9uIDMgb2YgdGhl IExpY2Vuc2UsIG9yCiMgYW55IGxhdGVyIHZlcnNpb24uCiMKIyBUaGlzIHByb2dyYW0gaXMgZGlz dHJpYnV0ZWQgaW4gdGhlIGhvcGUgdGhhdCBpdCB3aWxsIGJlIHVzZWZ1bCwKIyBidXQgV0lUSE9V VCBBTlkgV0FSUkFOVFk7IHdpdGhvdXQgZXZlbiB0aGUgaW1wbGllZCB3YXJyYW50eSBvZgojIE1F UkNIQU5UQUJJTElUWSBvciBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRS4gIFNlZSB0 aGUKIyBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSBmb3IgbW9yZSBkZXRhaWxzLgojCiMgWW91 IHNob3VsZCBoYXZlIHJlY2VpdmVkIGEgY29weSBvZiB0aGUgR05VIEdlbmVyYWwgUHVibGljIExp Y2Vuc2UKIyBhbG9uZyB3aXRoIHRoaXMgcHJvZ3JhbS4gIElmIG5vdCwgc2VlIDxodHRwOi8vd3d3 LmdudS5vcmcvbGljZW5zZXMvPi4KCgovLyBUaGlzIHBocC1qYXZhLWJyaWRnZSBzZWN1cml0eSBp cyB0b28gcGVybWlzc2l2ZSBhbmQgc3VpdGFibGUgZm9yIGRldmVsb3BtZW50IHRlc3RzIG9ubHku Ci8vIEZvciBwcm9kdWN0aW9uIGVudmlyb25tZW50IGEgbW9yZSBzdHJpY3Qgc2VjdXJpdHkgaXMg bmVlZGVkLgovLyBUaGlzIGZpbGUgd2FzIHRlc3RlZCBhdCBwbGFjZW1lbnQ6Ci8vIC9ldGMvdG9t Y2F0NS41L3BvbGljeS5kLzYwSmF2YUJyaWRnZS5wb2xpY3kKLy8gUGxlYXNlLCBjb250cmlidXRl IHlvdXIgc2VjdXJpdHkgY29uZmlndXJhdGlvbiB0byB0aGUgcGhwLWphdmEtYnJpZGdlIHByb2pl Y3QuCi8vIEFzIG9mIHBocC1qYXZhLWJyaWRnZSA1LjQuNC4yLCB0aGUgSmF2YSBlbmdpbmUgc2Vj dXJpdHkgaXMgbm90IGFjdHVhbGx5IGVub3VnaCBmb3IKLy8gYmxvY2tpbmcgbWFsaWNpb3VzIGNv ZGUgZnJvbSBwaHAuIFRoZSByZWFsIHNvbHV0aW9uIHNob3VsZCBiZSB1c2luZyAKLy8gU2VjdXJp dHkgRW5oYW5jZWQgTGludXggcG9saWNpZXMuCgpncmFudCBjb2RlQmFzZSAiZmlsZToke2NhdGFs aW5hLmJhc2V9L3dlYmFwcHMvSmF2YUJyaWRnZS8tIiB7IHBlcm1pc3Npb24gamF2YS5zZWN1cml0 eS5BbGxQZXJtaXNzaW9uOyB9OwoKLy8gRm9yIGRldmVsb3BtZW50IG9ubHksIHlvdSBtYXkgZXZl biBjb21tZW50IG91dCB0aGUgZm9sbG93aW5nIGNvbmZpZ3VyYXRpb246CgpncmFudCB7CiAgcGVy bWlzc2lvbiBqYXZhLmlvLkZpbGVQZXJtaXNzaW9uICIke3VzZXIuaG9tZX0key99LSIsICJyZWFk LHdyaXRlLGRlbGV0ZSI7CiAgcGVybWlzc2lvbiBqYXZhLmlvLkZpbGVQZXJtaXNzaW9uICIke2ph dmEuaW8udG1wZGlyfSR7L30tIiwgInJlYWQsd3JpdGUsZGVsZXRlIjsKICBwZXJtaXNzaW9uIGph dmEuaW8uRmlsZVBlcm1pc3Npb24gIiR7amF2YS5ob21lfSR7L30tIiwgInJlYWQiOwogIHBlcm1p c3Npb24gamF2YS51dGlsLlByb3BlcnR5UGVybWlzc2lvbiAiKiIsICJyZWFkIjsKICBwZXJtaXNz aW9uIGphdmEubGFuZy5SdW50aW1lUGVybWlzc2lvbiAiZ2V0Q2xhc3NMb2FkZXIiOwogIHBlcm1p c3Npb24gamF2YS5sYW5nLlJ1bnRpbWVQZXJtaXNzaW9uICJhY2Nlc3NDbGFzc0luUGFja2FnZS5z dW4udG9vbHMuKiI7Cn07Cgo= --=_dc5421aa863da9665eab1d712707c42b-- |
|
From: <php...@li...> - 2009-04-30 14:14:13
|
Well,
...............................................(code)
.................................................
public Collection<String> getDocuments(){ // one part of the code
return documents;
}
/**
* Returns the categories if builded.
* @return
*/
public ArrayList<ArrayList<String>> getKategorien(){
return categories;
}
public String getNewNumber(){
return "drei";
}
}
2. php:
<?php
require_once("http://localhost:8080/Bridge/java/Java.inc");
$System = java("java.lang.System");
$Ob = new java("com.SommerHaus");
echo $Ob->getNewNumber();
?>
|
|
From: <php...@li...> - 2009-04-30 13:54:33
|
you could start by showing os the php code you used and the method signature of the method you would like to invoke. ( e.g. public Integer getNewNumber() or maybe public int getNewNumber(String something), etc. ) 2009/4/30 <php...@li...> > > > > Hi, > the class"SommerHaus" contains many methods, I would like to call > getNewNumber: > java.lang.RuntimeException: PHP Fatal error: > Uncaught [[o:Exception]:"java.lang.Exception: > Invoke failed: [[o:SommerHaus]]->getNewNumber. > Cause: java.lang.NoSuchMethodException:getNewNumber > (). > Candidates: [] VM: 1.6.0_10@http://java.sun.com/" at: > > What can be done to find a solution for this problem? > > > > > > > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O'Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > php-java-bridge-users mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/php-java-bridge-users > |
|
From: <php...@li...> - 2009-04-30 13:14:50
|
Hi, the class"SommerHaus" contains many methods, I would like to call getNewNumber: java.lang.RuntimeException: PHP Fatal error: Uncaught [[o:Exception]:"java.lang.Exception: Invoke failed: [[o:SommerHaus]]->getNewNumber. Cause: java.lang.NoSuchMethodException:getNewNumber (). Candidates: [] VM: 1.6.0_10@http://java.sun.com/" at: What can be done to find a solution for this problem? |
|
From: <php...@li...> - 2009-04-30 09:27:45
|
Hello,
Building from repo solved the problem, calling from tomcat, and linking
JavaBridge to the webroot, it works.
But the page is'nt found the java_set_library_path php function.
I have a webpage with an old apache-php-javabridge engine (with
php-java-bridge 4.0.8). When I started the apache, it starts a java process
listenin on port 9267.
I want to migrate it to Debian lenny. With the new version of
php-java-brigde is it possible?
(I think, the java.so starts this process, and it would be better, if I can
leave the tomcat...)
Thanks:
--
Üdv,
Ricsi
> -----Original Message-----
> From: php...@li... [mailto:php-java-bridge-
> us...@li...]
> Sent: Wednesday, April 29, 2009 2:02 PM
> To: php...@li...
> Subject: Re: [Php-java-bridge-users] Debian's security manager
>
>
> Hello
> Searching around, I found that tomcat5.5 directories were reorganized
> in Debian Lenny, for FHS compliance.
> Also, debian sun-jdk and tomcat 5.5 packages turn on security by default,
> allowing
> multiapps deployment.
> Different from upstream tomcat.
> Then, old or weak policies may break.
> The debian right way should be to configure
> /etc/tomcat5.5/policy.d/50user.policy
> following [1] doc.
> and [0] hints regarding paths, if needed.
> I will try something like
>
> grant codeBase
> "file:${catalina.base}/webapps/JavaBridge/-"
> {
> permission java.security.AllPermission;
> };
>
> Maybe could work.
> More suggestions?
> Regards.
> Andre Felipe
>
> [0]
> http://aleph-null.tv/article/20080327-0202-760.xml/Tomcat-5.5-On-Debian:-
> Security-policies-and-%7Bcatalina.home%7D
> [1] http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
>
>
>
> On Wed, 29 Apr 2009 08:41:43 -0300,
> php...@li... wrote:
>
> >
> > I guess the right way is a correct edition of
> >
> > /etc/tomcat5.5/policy.d/04webapps.policy
> >
> > using the debconf tools.
> >
>
>
>
> --------------------------------------------------------------------------
> ----
> Register Now & Save for Velocity, the Web Performance & Operations
> Conference from O'Reilly Media. Velocity features a full day of
> expert-led, hands-on workshops and two days of sessions from industry
> leaders in dedicated Performance & Operations tracks. Use code vel09scf
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> _______________________________________________
> php-java-bridge-users mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/php-java-bridge-users
|
|
From: <php...@li...> - 2009-04-30 09:06:26
|
Please see our FAQ about NoClassDefFound errors. Since Java has no module
system, you must load all dependencies from exactly one loader.
Furthermore this is a java link-time issue, not a PHP issue, your php code
java("de.iph.foo.MeinFoo")->getNumber() has not been reached, as you should
see from the line number in your stack strace, if you print it.
Regards,
Jost Boekemeier
Apr 30, 2009 10:53 vorm. schrieb am <
php...@li...>:
Anyway I still get the same message:
root cause java.lang.RuntimeException: PHP Fatal error:
Uncaught [[o:Exception]:"java.lang.Exception:
CreateInstance failed: new com.fara.Web. Cause:
java.lang.ClassNotFoundException: Unresolved external reference:
java.lang.NoClassDefFoundError: de/iph/foo/MeinFoo.
-- Unable to call constructor
------------------------------------------------------------------------------
Register No...
|
|
From: <php...@li...> - 2009-04-30 08:52:53
|
Anyway I still get the same message:
root cause java.lang.RuntimeException: PHP Fatal error:
Uncaught [[o:Exception]:"java.lang.Exception:
CreateInstance failed: new com.fara.Web. Cause:
java.lang.ClassNotFoundException: Unresolved external reference:
java.lang.NoClassDefFoundError: de/iph/foo/MeinFoo.
-- Unable to call constructor
|
|
From: <php...@li...> - 2009-04-30 08:15:44
|
You mean how to invoke the procedure with the name
de.iph.foo.MeinFoo#getNumber?
With java("de.iph.foo")->getNumber(), as usual, see how you have accessed
the System struct.
Apr 30, 2009 9:54 vorm. schrieb am <
php...@li...>:
Good morning,
I have 2 Classes for example:
1.
package de.iph.foo;
public class MeinFoo {
public static int getNumber(){
return 42;
}
}
2.
package com.fara;
import de.iph.foo.MeinFoo;
public class Web {
public String HalloWelt(){
return "Hallo Welt";
}
MeinFoo mf = new MeinFoo();
int n = mf.getNumber();
}
How can I solve the Problem with the constructor in php-java-bridge? (can
not be called)
<?php
require_once("http://localhost:808o/World/java/Java.inc");
$System = java("java.lang.System");
$myObj = new java("com.fara.Web");
echo $myObj->HalloWelt();
//echo $myObj->getNumber(); ???
?>
Thanks i n advance!!!
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
php-java-bridge-users mailing list
php...@li...
https://lists.sourceforge.net/lists/listinfo/php-java-bridge-users
|
|
From: <php...@li...> - 2009-04-30 07:53:34
|
Good morning,
I have 2 Classes for example:
1.
package de.iph.foo;
public class MeinFoo {
public static int getNumber(){
return 42;
}
}
2.
package com.fara;
import de.iph.foo.MeinFoo;
public class Web {
public String HalloWelt(){
return "Hallo Welt";
}
MeinFoo mf = new MeinFoo();
int n = mf.getNumber();
}
How can I solve the Problem with the constructor in php-java-bridge? (can not be called)
<?php
require_once("http://localhost:808o/World/java/Java.inc");
$System = java("java.lang.System");
$myObj = new java("com.fara.Web");
echo $myObj->HalloWelt();
//echo $myObj->getNumber(); ???
?>
Thanks i n advance!!!
|
|
From: <php...@li...> - 2009-04-30 07:36:05
|
I think this feature isn't useful for applications. The tomcat container
uses it to open the .war files:
<?php require_once("
http://localhost:8081/JavaBridgeTemplate5442/java/Java.inc");
echo
java("java.lang.Thread")->currentThread()->getContextClassLoader()->getResource("php/java/bridge/global.properties");
echo "\n";
?>
=>
jar:file:/home/opt/apache-tomcat-6.0.18/webapps/JavaBridgeTemplate5442/WEB-INF/lib/JavaBridge.jar!/php/java/bridge/global.properties
If you write your own class loader derived from url class loader, you may do
the same from PHP -- java_require uses an url loader, but it also needs a
timestamp.
There are several papers from rice.edu on this topic (java "link-time
components"), for example this one: http%3A%2F%2Fwww.cs.rice.edu
%2F~javaplt%2Fpapers%2Fsac2007.pdf
Regards,
Jost Boekemeier
Apr 29, 2009 9:48 vorm. schrieb am <
php...@li...>:
Hello,
do you mean that fat jar is not the best solution? How to use jar://URI?
(maybe a simple example or a link where I can find some examples) Where
exactly do I find the proposal?
Hi, Although it is possible to fetch libraries from other jar files using a
jar:// URI, at least ...
|
|
From: <php...@li...> - 2009-04-30 06:28:17
|
Hi Andre,
I have just tested it on a tomcat 6.0.18 running with -security switched on.
It stops the PhpCGIServlet from executing /bin/sh.
This can be solved by removing the JavaBridge.jar, php-servlet.jar and
php-script.jar from the application "JavaBridge.war", and adding them to the
shared library dir TOMCAT_HOME/lib/ instead. Neither additional security
declarations nor manipulations of global, shared XML files are necessary to
fix this problem.
It is true that PHP scripts may do foolish things like killing all other
running php scripts, <?php system("killall php")?>, or even its own java
container, <?php system("killall java");?>, but Java security doesn't help.
The best way to secure PHP scripts is to use "Security Enhanced Linux"
rules. RedHat Fedora and Enterprise Linux already contains these rules.
Rules for the PHP/Java Bridge are contained in the security folder of the
redhat RPM, and applied when the RPM is installed.
Regards,
Jost Boekemeier
Apr 29, 2009 10:33 nachm. schrieb am <
php...@li...>:
<3af...@ma...>
<200...@te...>
<3af...@ma...>
<3af...@ma...> <
3af...@ma...>
Message-ID: <ef694f0b3cfec3015febb4fe6e11ef83@localhost>
X-Sender: and...@te...
Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Wed, 29
Apr
2009 09:34:29 -0300
User-Agent: RoundCube Webmail/0.1 Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Hello,
I will verify what are the JSP permissions.
Debian Policy does not allow a package manipulate configuration files
from other packages.
Because of this, the right way is to create a new own file at policy.d
directory
I tested
/etc/tomcat5.5/policy.d/60JavaBridge.policy
containing:
grant codeBase "file:${catalina.base}/webapps/JavaBridge/-" {
permission java.security.AllPermission;
};
And it worked well after restarting tomcat.
I simply placed the war file at the autodeploy dir and automagically all
worked.
I will try to create a new package using the debconf tools for manipulating
the new
file and test it.
Regards.
Andre Felipe
On Wed, 29 Apr 2009 22:22:26 +0200,
php...@li... wrote: > I think PHP should have
the same permissions ...
--
http://www.techforce.com.br
A Debian user never dies. Issues a last command:
#shutdown -h now
------------------------------------------------------------------------------
Register Now & Save...
php...@li...
https://lists.sourceforge.net/lists/listinfo/php-java-br...
|
|
From: <php...@li...> - 2009-04-29 21:13:50
|
Which security hole? In the standard setup the bridge only accepts requests from an apache or iis front end from localhost. If security is your concern, you should disable the PhpCGIServlet and use the Apache or IIS front end anyway. Regards, Jost Boekemeier Apr 29, 2009 11:04 nachm. schrieb am < php...@li...>: I'm sorry to interrupt, but I would be happy if you check now what files really are necessary to be enabled instead of opening a security hole for everyone. thanks. 2009/4/29 <php...@li...> > I think java.lang.AllPermissions is a good start then. > TOMCAT_HOME/lib has AllPermissions, too.... > ------------------------------------------------------------------------------ > Register Now & Sa... > php...@li... > https://lists.sourceforge.net/lists/listinfo/php-java-bridge-users > ------------------------------------------------------------------------------ Register Now & Save... php...@li... https://lists.sourceforge.net/lists/listinfo/php-java-bridge-users |
|
From: <php...@li...> - 2009-04-29 21:03:01
|
I'm sorry to interrupt, but I would be happy if you check now what files
really
are necessary to be enabled instead of opening a security hole for everyone.
thanks.
2009/4/29 <php...@li...>
> I think java.lang.AllPermissions is a good start then.
> TOMCAT_HOME/lib has AllPermissions, too.
>
> Regards,
> Jost Boekemeier
>
> Apr 29, 2009 10:33 nachm. schrieb am <
> php...@li...>:
>
> <3af...@ma...>
> <200...@te...>
> <3af...@ma...>
> <3af...@ma...> <
> 3af...@ma...>
> Message-ID: <ef694f0b3cfec3015febb4fe6e11ef83@localhost>
>
> X-Sender: and...@te...
>
> Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Wed, 29
> Apr
> 2009 09:34:29 -0300
>
> User-Agent: RoundCube Webmail/0.1 Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: 8bit
>
>
> Hello,
>
> I will verify what are the JSP permissions.
>
> Debian Policy does not allow a package manipulate configuration files
>
> from other packages.
>
> Because of this, the right way is to create a new own file at policy.d
>
> directory
>
> I tested
>
> /etc/tomcat5.5/policy.d/60JavaBridge.policy
>
>
>
> containing:
>
> grant codeBase "file:${catalina.base}/webapps/JavaBridge/-" {
> permission java.security.AllPermission;
>
> };
>
>
>
> And it worked well after restarting tomcat.
>
> I simply placed the war file at the autodeploy dir and automagically all
>
> worked.
>
>
>
> I will try to create a new package using the debconf tools for manipulating
>
> the new
>
> file and test it.
>
> Regards.
>
> Andre Felipe
>
>
>
>
>
>
>
>
>
>
>
> On Wed, 29 Apr 2009 22:22:26 +0200,
>
> php...@li... wrote: > I think PHP should
> have
> the same permissions ...
> --
>
> http://www.techforce.com.br
> A Debian user never dies. Issues a last command:
>
> #shutdown -h now
>
>
> ------------------------------------------------------------------------------
> Register Now & Save...
>
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/php-java-br...
>
> ------------------------------------------------------------------------------
> Register Now & Save for Velocity, the Web Performance & Operations
> Conference from O'Reilly Media. Velocity features a full day of
> expert-led, hands-on workshops and two days of sessions from industry
> leaders in dedicated Performance & Operations tracks. Use code vel09scf
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> _______________________________________________
> php-java-bridge-users mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/php-java-bridge-users
>
|
|
From: <php...@li...> - 2009-04-29 21:02:19
|
May be. But we may need a few releases to determine the correct permissions
by try and error.
Furthermore the JavaBridge contains the OSGI framework used by the BIRT
report engine. I don't know exactly which permissions it needs.
Regards,
Jost Boekemeier
Apr 29, 2009 10:54 nachm. schrieb am <
php...@li...>:
<3af...@ma...>
<20090429121437.28AD04786D@techforce.c...
<3af...@ma...> <
3af...@ma...>
Message-ID: <0b1dafcbe998bf9cd98cee78499048d3@localhost>
X-Sender: and...@te...
Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Wed, 29
Apr
2009 09:55:00 -0300
User-Agent: RoundCube Webmail/0.1 Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Hello,
I found [3] and [4].
Instead of AllPermissions, a good security should list the exact files
and respective permissions.
Well, what are the essential ones (files X permissions)?
Regards.
Andre Felipe
[3] http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
[4] http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html
--
http://www.techforce.com.br
A Debian user never dies. Issues a last command: #shutdown -h now
-------------------------------...
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. ...
php...@li...
https://lists.sourceforge.net/lists/listinfo/php-java-br...
|
|
From: <php...@li...> - 2009-04-29 20:53:15
|
<3af...@ma...> <200...@te...> <3af...@ma...> <3af...@ma...> <3af...@ma...> Message-ID: <0b1dafcbe998bf9cd98cee78499048d3@localhost> X-Sender: and...@te... Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Wed, 29 Apr 2009 09:55:00 -0300 User-Agent: RoundCube Webmail/0.1 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Hello, I found [3] and [4]. Instead of AllPermissions, a good security should list the exact files and respective permissions. Well, what are the essential ones (files X permissions)? Regards. Andre Felipe [3] http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html [4] http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html -- http://www.techforce.com.br A Debian user never dies. Issues a last command: #shutdown -h now |
|
From: <php...@li...> - 2009-04-29 20:52:45
|
I think java.lang.AllPermissions is a good start then.
TOMCAT_HOME/lib has AllPermissions, too.
Regards,
Jost Boekemeier
Apr 29, 2009 10:33 nachm. schrieb am <
php...@li...>:
<3af...@ma...>
<200...@te...>
<3af...@ma...>
<3af...@ma...> <
3af...@ma...>
Message-ID: <ef694f0b3cfec3015febb4fe6e11ef83@localhost>
X-Sender: and...@te...
Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Wed, 29
Apr
2009 09:34:29 -0300
User-Agent: RoundCube Webmail/0.1 Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Hello,
I will verify what are the JSP permissions.
Debian Policy does not allow a package manipulate configuration files
from other packages.
Because of this, the right way is to create a new own file at policy.d
directory
I tested
/etc/tomcat5.5/policy.d/60JavaBridge.policy
containing:
grant codeBase "file:${catalina.base}/webapps/JavaBridge/-" {
permission java.security.AllPermission;
};
And it worked well after restarting tomcat.
I simply placed the war file at the autodeploy dir and automagically all
worked.
I will try to create a new package using the debconf tools for manipulating
the new
file and test it.
Regards.
Andre Felipe
On Wed, 29 Apr 2009 22:22:26 +0200,
php...@li... wrote: > I think PHP should have
the same permissions ...
--
http://www.techforce.com.br
A Debian user never dies. Issues a last command:
#shutdown -h now
------------------------------------------------------------------------------
Register Now & Save...
php...@li...
https://lists.sourceforge.net/lists/listinfo/php-java-br...
|
|
From: <php...@li...> - 2009-04-29 20:32:44
|
<3af...@ma...>
<200...@te...>
<3af...@ma...>
<3af...@ma...> <3af...@ma...>
Message-ID: <ef694f0b3cfec3015febb4fe6e11ef83@localhost>
X-Sender: and...@te...
Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Wed, 29 Apr
2009 09:34:29 -0300
User-Agent: RoundCube Webmail/0.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Hello,
I will verify what are the JSP permissions.
Debian Policy does not allow a package manipulate configuration files
from other packages.
Because of this, the right way is to create a new own file at policy.d
directory
I tested
/etc/tomcat5.5/policy.d/60JavaBridge.policy
containing:
grant codeBase "file:${catalina.base}/webapps/JavaBridge/-"
{
permission java.security.AllPermission;
};
And it worked well after restarting tomcat.
I simply placed the war file at the autodeploy dir and automagically all
worked.
I will try to create a new package using the debconf tools for manipulating
the new
file and test it.
Regards.
Andre Felipe
On Wed, 29 Apr 2009 22:22:26 +0200,
php...@li... wrote:
> I think PHP should have the same permissions tha JSP has.
>
> If I understand Java's security correctly, we only need to place the
> JavaBridge.jar into the same directory from which the JSP library is
> loaded.
>
> Unfortunately I can't verify this at the moment.
>
> Regards,
> Jost Boekemeier
--
http://www.techforce.com.br
A Debian user never dies. Issues a last command:
#shutdown -h now
|
|
From: <php...@li...> - 2009-04-29 20:22:30
|
I think PHP should have the same permissions tha JSP has.
If I understand Java's security correctly, we only need to place the
JavaBridge.jar into the same directory from which the JSP library is loaded.
Unfortunately I can't verify this at the moment.
Regards,
Jost Boekemeier
Apr 29, 2009 10:13 nachm. schrieb am <
php...@li...>:
<3af...@ma...>
<200...@te...> <
3af...@ma...>
Message-ID: <1dec4d2e0bebecc88f51d99ff996ca2d@localhost>
X-Sender: and...@te... Received: from 161.148.54.70
[161.148.54.70] with HTTP/1.1 (...
2009 09:14:37 -0300
User-Agent: RoundCube Webmail/0.1 Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encodin...
The following worked enough at
compiling 5.4.4.2-1 debian package from cvs and after restarting
the tomcat5.5 server with
invoke-rc.d tomcat5.5 restart
Added at:
/etc/tomcat5.5/policy.d/50user.policy
The lines:
grant codeBase "file:${catalina.base}/webapps/JavaBridge/-" { permission
java.security.AllPer...
But i guess it is too permissive for production environment.
Is there a stricter security configuration that allow
JavaBridge work, or it should stay "AllPermissions" for all directory?
Regards.
Andre Felipe Machado
http://www.techforce.com.br
------------------------------------------------------------------------------
Register Now & Save...
php...@li...
https://lists.sourceforge.net/lists/listinfo/php-java-bridge-users
|
|
From: <php...@li...> - 2009-04-29 20:12:52
|
<3af...@ma...>
<200...@te...> <3af...@ma...>
Message-ID: <1dec4d2e0bebecc88f51d99ff996ca2d@localhost>
X-Sender: and...@te...
Received: from 161.148.54.70 [161.148.54.70] with HTTP/1.1 (POST); Wed, 29 Apr
2009 09:14:37 -0300
User-Agent: RoundCube Webmail/0.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Hello,
The following worked enough at
compiling 5.4.4.2-1 debian package from cvs and after restarting
the tomcat5.5 server with
invoke-rc.d tomcat5.5 restart
Added at:
/etc/tomcat5.5/policy.d/50user.policy
The lines:
grant codeBase "file:${catalina.base}/webapps/JavaBridge/-"
{
permission java.security.AllPermission;
};
But i guess it is too permissive for production environment.
Is there a stricter security configuration that allow
JavaBridge work, or it should stay "AllPermissions" for all directory?
Regards.
Andre Felipe Machado
http://www.techforce.com.br
|
|
From: <php...@li...> - 2009-04-29 20:12:14
|
I haven't tested it, but it may be suficient to move the JavaBridge.jar,
php-script.jar and php-servlet.jar to tomcats lib dir. Libraries loaded from
this directory should have AllPermission.
I will test this. This package change will be useful for the rpm package,
too.
Regards,
Jost Boekemeier
Apr 29, 2009 10:01 nachm. schrieb am <
php...@li...>:
Hello
Searching around, I found that tomcat5.5 directories were reorganized
in Debian Lenny, for FHS compliance.
Also, debian sun-jdk and tomcat 5.5 packages turn on security by default,
allowing
multiapps deployment.
Different from upstream tomcat.
Then, old or weak policies may break.
The debian right way should be to configure
/etc/tomcat5.5/policy.d/50user.policy
following [1] doc.
and [0] hints regarding paths, if needed.
I will try something like
grant codeBase
"file:${catalina.base}/webapps/JavaBridge/-"
{
permission java.security.AllPermission;
};
Maybe could work.
More suggestions?
Regards.
Andre Felipe
[0]
http://aleph-null.tv/article/20080327-0202-760.xml/Tomcat-5.5-On-Debian:-Security-policies-and-%7Bcatalina.home%7D
[1] http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
On Wed, 29 Apr 2009 08:41:43 -0300,
php...@li... wrote: >
> I guess the right way is a correct edition of > >
/etc/tomcat5.5/policy.d/04webapps.policy > > u...
------------------------------------------------------------------------------
Register Now & Save f...
|
1 message has been excluded from this view by a project administrator.
