RE: Serious Java2 sercurity problem

[James Carman]

Title: Message

I read somewhere here that there's a file called filter.policy that can override the settings in the was.policy file.

-----Original Message-----
From: David J. M. Karlsen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 12, 2005 5:10 PM
To: hivemind-dev@jakarta.apache.org
Subject: Re: Serious Java2 sercurity problem


James Carman wrote:

>What do you have in your filter.policy file?
> 
>
Hmm, took a look at: http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_filterpolicy.html

(it's for WAS6, but I guess a lot or all of the setting apply for 5.0.x
as well).
I'll have a try expreimenting with the file:${jars},
what file:${application} means isn't stated - may'be it doesn't cover
all parts of the EAR?

>-----Original Message-----
>From: David J. M. Karlsen [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, May 12, 2005 4:39 PM
>To: hivemind-dev@jakarta.apache.org
>Subject: Serious Java2 sercurity problem
>
>
>Hi list!
>
>I've been running my HM app inside a WebSphere 5.0.x container for a
>long time - and all well.
>
>BUT, when we turn on security things start to fail. The application has
>a was.policy (WebSphere's naming of a java.security file) in the EAR,
>granting:
>
>grant codeBase "java:${application}" {
>    java.security.AllPermission
>};
>
>(taken from memory - but it's valid syntax)
>
>I've tried to add:
>
> grant {
>    java.security.AllPermission;
>}
>
>which should grant all permissions regardless of signing of code or
>where the code came from.
>
>But still, I end up with this:
>
>[12.05.05 21:46:26:392 CEST]   6f98ac SecurityManag W SECJ0314W: Current
>Java 2 Security policy reported a potential violation of Java 2
>Security Permission. Please refer to Problem Determination Guide for
>further information.
>
>Permission:
>
>      accessClassInPackage.sun.beans.infos : access denied
>(java.lang.RuntimePermission accessClassInPackage.sun.beans.infos)
>
>Code:
>
>     $InnerProxy_103d2718b8e_1  in  {null code URL}
>
>Stack Trace:
>
>java.security.AccessControlException: access denied
>(java.lang.RuntimePermission accessClassInPackage.sun.beans.infos)
>        at
>java.security.AccessControlContext.checkPermission(AccessControlContext
>.
>java:267)
>        at
>java.security.AccessController.checkPermission(AccessController.java:394
>)
>        at
>java.lang.SecurityManager.checkPermission(SecurityManager.java:540)
>        at
>com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager
>.java:168)
>        at
>java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1496)
>        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:285)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:287)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
>        at
>com.ibm.ws.classloader.ProtectionClassLoader.loadClass(ProtectionClassLo
>ader.java:43)
>        at
>com.ibm.ws.classloader.ProtectionClassLoader.loadClass(ProtectionClassLo
>ader.java:39)
>        at
>com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader
>.java:318)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
>        at
>com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader
>.java:294)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
>        at
>com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader
>.java:318)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:250)
>        at java.beans.Introspector.instantiate(Introspector.java:1294)
>        at java.beans.Introspector.findInformant(Introspector.java:335)
>        at java.beans.Introspector.<init>(Introspector.java:264)
>        at java.beans.Introspector.getBeanInfo(Introspector.java:89)
>        at
>org.apache.hivemind.util.PropertyUtils.buildClassAdaptor(PropertyUtils.j
>ava:148)
>        at
>org.apache.hivemind.util.PropertyUtils.getAdaptor(PropertyUtils.java:137
>)
>        at
>org.apache.hivemind.util.PropertyUtils.getPropertyType(PropertyUtils.jav
>a:91)
>        at
>org.apache.hivemind.schema.rules.ReadAttributeRule.begin(ReadAttributeRu
>le.java:78)
>        at
>org.apache.hivemind.impl.SchemaElement.fireBegin(SchemaElement.java:209)
>        at
>org.apache.hivemind.impl.SchemaProcessorImpl.processElement(SchemaProces
>sorImpl.java:213)
>        at
>org.apache.hivemind.impl.SchemaProcessorImpl.processRootElement(SchemaPr
>ocessorImpl.java:188)
>        at
>org.apache.hivemind.impl.SchemaProcessorImpl.process(SchemaProcessorImpl
>.java:176)
>        at
>org.apache.hivemind.impl.InvokeFactoryServiceConstructor.constructCoreSe
>rviceImplementation(InvokeFactoryServiceConstructor.java:82)
>
>
>
>known problem? Any workarounds? I'm going in for acceptance-test for my
>customer - so I'm kind of in a hurry. All help will be very much
>appreciated.
>
>Regs,
>David K.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
> 
>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]