Hey,
Ok so when you say
grant <codebase>{
...permissions...
}
what you are saying is that this block of permissions is given to classes
that come from location <codebase>. Cool..
Since JVM running JBoss needs to read your application deployed in (/tmp/)
it makes read write requests on your file system in /tmp.
There is no physical client involved here. Only jboss and application
classes.
Ok , now try using this:
grant{
permission java.io.FilePermission "${jboss.home}${/}temp${/}-",
"read,write"
}
meaning all code being loaded from anywhere (including jBoss classes)can
read write in /tmp and its subdirectories. You don't want to be specific
about exact file here. I forgot if jboss.home was declared anywhere but
you can pass it as an argument to jvm I guess.
HTH,
Vlada
So now try using
On Mon, 30 Apr 2001, Guy Rouillier wrote:
> The following is a repost of a message I sent out about a week ago that
> received no responses. We are getting close to release, so this issue is
> important to us. Is everyone just taking the easy way out and using grant {
> permission java.security.AllPermission;};? Has no one actually figured out
> the permissions that are required?
>
>
> I'm developing on Windows 2000 with JBoss 2.2.1.
>
> As we are getting closer to shipping, I turned on security (more accurately,
> I turned off my easy way out of simply granting all permissions to the
> world.) Using just a command-line client (i.e., no Tomcat), I first
> received a java.net.SocketPermission which I resolved with the following:
>
> permission java.net.SocketPermission "192.168.1.100:*",
> "connect,resolve";
>
> Is there a better way of allocating this permission rather than opening up
> all ports? I started with just 1099, but then immediately hit the
> restriction on the port created for communication.
>
> But my current sticking point is the next error I hit:
>
> Exception caught: java.security.AccessControlException: access denied
> (java.io.FilePermission \H:\JBoss-2.2.1\tmp\deploy\Default\DbTester.jar\-
> read)
>
> I tried to resolve this with the following:
>
> permission java.io.FilePermission
> "\H:\JBoss-2.2.1\tmp\deploy\Default\DbTester.jar\-", "read";
>
> but got the same error again. Two questions:
>
> (1) Why doesn't the above permission address the error?
> (2) I don't understand the required permission. Why is it asking for read
> permission on a JBoss temp directory for the client? Notice that it has a
> drive letter. This will be completely irrelevant when the client is run from
> another computer (which I tried - it does indeed still ask for \H:\.) I
> haven't implemented any method security in the bean or any logon
> requirements.
>
> Everything works if I have the blanket all permissions.
>
>
>
>
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
