Re: Serious Java2 sercurity problem

Thu, 12 May 2005 14:02:08 -0700 

James Carman wrote:

What do you have in your filter.policy file?


filter.policy?

I'm only supposed to provide the was.policy file with any needed policies.
I would like to set the security to full open for all things contained in the app which

grant codeBase "java:${application}" { permission java.security.AllPermission;
};


is supposed to do

and:

grant {
   permission java.security.AllPermission;
};

should set it to "full-open" - but no... :-\


I found this in the javassist forum:

"
Probably, that is because the security manager
does not allow Javassist to access rt.jar including
java/lang/Object.class.

Did you install javassist.jar under ${java.home}/lib/ext/ ?
If not, please try.

Otherwise, you can give permissions to javassist.jar to
access rt.jar. For example, you can include the following
code in your policy file:


Code: 

grant codeBase "file:/home/you/lib/javassist.jar" {
   permission java.security.AllPermission;
};
"

which I will try tomorrow.



-----Original Message-----
From: David J. M. Karlsen [mailto:[EMAIL PROTECTED] Sent: Thursday, May 12, 2005 4:39 PM
To: [email protected]
Subject: Serious Java2 sercurity problem


Hi list!

I've been running my HM app inside a WebSphere 5.0.x container for a long time - and all well.

BUT, when we turn on security things start to fail. The application has a was.policy (WebSphere's naming of a java.security file) in the EAR, granting:

grant codeBase "java:${application}" { java.security.AllPermission
};

(taken from memory - but it's valid syntax)

I've tried to add:

grant {
   java.security.AllPermission;
}

which should grant all permissions regardless of signing of code or where the code came from.

But still, I end up with this:

[12.05.05 21:46:26:392 CEST]   6f98ac SecurityManag W SECJ0314W: Current
Java 2 Security policy reported a potential violation of Java 2 Security
Permission. Please refer to Problem Determination Guide for further
information.

Permission:

     accessClassInPackage.sun.beans.infos : access denied
(java.lang.RuntimePermission accessClassInPackage.sun.beans.infos)

Code:

    $InnerProxy_103d2718b8e_1  in  {null code URL}

Stack Trace:

java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessClassInPackage.sun.beans.infos)
       at
java.security.AccessControlContext.checkPermission(AccessControlContext.
java:267)
       at
java.security.AccessController.checkPermission(AccessController.java:394
)
       at
java.lang.SecurityManager.checkPermission(SecurityManager.java:540)
       at
com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager
.java:168)
       at
java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1496)
       at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:285)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:287)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
       at
com.ibm.ws.classloader.ProtectionClassLoader.loadClass(ProtectionClassLo
ader.java:43)
       at
com.ibm.ws.classloader.ProtectionClassLoader.loadClass(ProtectionClassLo
ader.java:39)
       at
com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader
.java:318)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
       at
com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader
.java:294)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
       at
com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader
.java:318)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
       at java.beans.Introspector.instantiate(Introspector.java:1294)
       at java.beans.Introspector.findInformant(Introspector.java:335)
       at java.beans.Introspector.<init>(Introspector.java:264)
       at java.beans.Introspector.getBeanInfo(Introspector.java:89)
       at
org.apache.hivemind.util.PropertyUtils.buildClassAdaptor(PropertyUtils.j
ava:148)
       at
org.apache.hivemind.util.PropertyUtils.getAdaptor(PropertyUtils.java:137
)
       at
org.apache.hivemind.util.PropertyUtils.getPropertyType(PropertyUtils.jav
a:91)
       at
org.apache.hivemind.schema.rules.ReadAttributeRule.begin(ReadAttributeRu
le.java:78)
       at
org.apache.hivemind.impl.SchemaElement.fireBegin(SchemaElement.java:209)
       at
org.apache.hivemind.impl.SchemaProcessorImpl.processElement(SchemaProces
sorImpl.java:213)
       at
org.apache.hivemind.impl.SchemaProcessorImpl.processRootElement(SchemaPr
ocessorImpl.java:188)
       at
org.apache.hivemind.impl.SchemaProcessorImpl.process(SchemaProcessorImpl
.java:176)
       at
org.apache.hivemind.impl.InvokeFactoryServiceConstructor.constructCoreSe
rviceImplementation(InvokeFactoryServiceConstructor.java:82)



known problem? Any workarounds? I'm going in for acceptance-test for my customer - so I'm kind of in a hurry. All help will be very much appreciated.

Regs,
David K.




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to