You
can specify permissions only for specific codebases (jars). I suspect that
would solve your problems if no one has a better solution.
See:
specifically, the "How Do You Make Principal-Based Policy File
Statements?" section for more details...
Les
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, September 05, 2003 10:55 AM
To: [EMAIL PROTECTED]
Subject: [Hibernate] java.security.AccessControlException thrown when Java 2 security enabled
The JVM throws a java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) when generated meta classes try to use reflection and Java 2 security is enabled.
This occurs even after adding the following line to the policy file for the application:
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
But this only applies to classes that are loaded from the file system. It does not affect meta classes generated by hibernate. To fix the problem, we had to add the following to the $JAVA_HOME/jre/lib/security/java.policy file:
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "defineCGLIBClassInJavaPackage";
But now these permissions are applied to every class that is loaded by the JVM, which is something we would like to avoid.
Is there a way to get hibernate to load the generated meta classes from the file system so we could apply a policy to that location on the file system? Or is there a better way to set the policy for the meta classes?
Thanks,
Travis Rein
