Steen Lehmann wrote:
> Thanks Ashish, disabling the security manager does indeed fix the issue.
>
> On our test OC4J system the security manager's policy file grants an
> AllPermission to everybody:
> grant {
> permission java.security.AllPermission;
> };
>
> and I would expect that this is pretty much the same as using no
> security manager - but either that's not the case or the policy file
> is not being picked up correctly, or is overridden somewhere.
>
> I guess I need to research what the default settings for security are
> on OC4J and add specific grants to that. Sigh, I thought Rails
> development was all about having fun ;-)
I'm very interested in hearing what the actual security violation was. I
know we push the boundaries a bit with some features, but up to now the
only security issue we'd had was under JRuby 0.9.8 when registering a
security provider (which we no longer do). So if there's something else
we could disable or provide a reasonable "safe" behavior, we'd like to
do it.
- Charlie
_______________________________________________
Jruby-extras-devel mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/jruby-extras-devel
