[
https://issues.apache.org/jira/browse/DIRMINA-783?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marian Kechlibar closed DIRMINA-783.
------------------------------------
Resolution: Fixed
The critical permission seems to be java.net.SocketPermission.
I found the root of the problem by changing the log level of Security to
FINEST. (This is done in the web-admin of Glassfish, section Application
Server, Logging, LogLevels). After restarting the server, the system log was
full of AccessControlExceptions from the Security Manager, complaining that
socket could not be accepted.
So I added the following line to the appropriate place in
domains/domain1/config/server.policy
file, and the problems went away:
permission java.net.SocketPermission "(your hostnames, or *):(your required
ports)", "connect,accept,resolve";
I believe that this should be incorporated into the documentation for MINA,
because otherwise people may run into quite some problem.
It took me about 8 hours to dig through the entire case, from noticing that
something was wrong, to locating the offending class and detecting the concrete
problem, to finding the solution. I would like to spare other people from doing
the same.
> SecurityManager blocks DatagramAcceptor
> ---------------------------------------
>
> Key: DIRMINA-783
> URL: https://issues.apache.org/jira/browse/DIRMINA-783
> Project: MINA
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.1.7
> Environment: Ubuntu Linux, Sun Communications Server 2.0 (Glassfish 2
> + Sailfin 1.1)
> Reporter: Marian Kechlibar
>
> Hello,
> a piece of code (RTPProxy-client) in my webapp uses DatagramAcceptor from
> MINA Core in order to communicate with another daemon on the same server, via
> loopback interface. The webapp runs in Glassfish 2 container.
> As long as the SecurityManager is disabled for the domain, the code runs
> smoothly. As soon as I enable it, receiving functionality stops. The code can
> still send datagrams and rtpproxy daemon receives them and answers correctly,
> but the message is never given to the DatagramAcceptor.
> The only MINA-related security issue I found was adding permission
> "modifyThread" to the server.policy. I tried that, but to no avail. Maybe
> another permission is needed for DatagramAcceptor to run?
> Best regards
> Marian Kechlibar
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
