Tomcat - privileged 속성

 

Tomcat의 privileged 속성은 시스템 자원에 대한 접근 권한을 설정하는 데 사용됩니다.

privileged 속성을 true로 설정하면 Tomcat은 시스템 자원에 대한 권한을 얻을 수 있습니다. 예를 들어, Tomcat이 로그 파일을 쓰기 위해 시스템 권한이 필요한 경우, privileged 속성을 true로 설정하여 Tomcat이 해당 권한을 얻을 수 있도록 합니다.

반대로 privileged 속성을 false로 설정하면 Tomcat은 시스템 자원에 대한 권한을 얻을 수 없습니다. 이 경우, Tomcat은 자체적으로 시스템 자원을 사용하여 기능을 수행하게 됩니다. 이 경우 일부 기능은 작동하지 않을 수 있지만, 시스템 보안을 강화하는 데 도움이 됩니다.

Tomcat의 privileged 속성은 기본적으로 true로 설정됩니다. 그러나 보안상의 이유로 이 속성을 false로 설정하는 것이 권장됩니다. 이를 통해 Tomcat은 필요한 권한을 최소한으로 요구하고, 시스템 보안을 높일 수 있습니다.

일반적으로 실행되었던 소스가 Docker 기반에서 돌아가지 않을 때 의심해 볼 여지가 있습니다.

 

org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading Illegal access: this web application instance has been stopped already. Could not load [org.apache.http.HttpException]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.
java.lang.IllegalStateException: Illegal access: this web application instance has been stopped already. Could not load [org.apache.http.HttpException]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.
        
The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.
java.lang.IllegalStateException: Illegal access: this web application instance has been stopped already. Could not load [javax.net.ssl.SSLSocketFactory]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.

 

# Docker - privileged 설정

# pod.yaml

my_service:
  privileged: true

# docker run

docker run -dit \
--name my_service \
--privileged \
tomcat

# Server.xml

<Context path="" docBase="${catalina.home}/webapps/ROOT"
         debug="0" privileged="true" reloadable="true">
  ...
</Context>