vaadin and security hardened jetty


When I try to run my webapp under jetty configured with policy I get: access denied (java.util.PropertyPermission hu.prolan.slm.vaadin.Debug read)
No such file can be found under the unpacked webapp.

It might help to allow permission for it if I knew what this file is and where it comes from.


How about connecting a remote debugger to your Jetty and setting an exception breakpoint on AccessControlException?

Although I haven’t really worked with these in years, I would guess the offending call is System.getProperty(“hu.prolan.slm.vaadin.Debug”) in your code, and your configuration only allows getting the values of certain properties - see the javadoc for PropertyPermission.

Yes, you’re right, that’s a property. However it must be then a generated one, since in my code there is no such defined.

The problem, that I granted ALL permissions for the webapp. Since then I succeeded to reproduce it with tomcat too.

So the question now is: where this property comes from and why is not granted its access together with the webapp codebase.

Thanks for your attention!


Try to change your policy permissions.

For jetty, take a look to their Tutorial about
Web Application Policies
For Tomcat see
Configuring Tomcat With A SecurityManager

If you google
java policy permissions web application
you will find more information.



Yes, I started ther, already read and followed those guides.
I discovered a typo that prevented webapp libs becoming granted.