Re: Using a Policy File?

[Eric Richardson]

Hi,
Isn't there suppose to be a set policy file for J2EE?
server.policy from J2EE RI is attached. Don't know if it's applicable or not.
Eric :-)

Tom Wnuk wrote:

I'm trying to use a policy file when starting Orion and it always fails w/o
ay errors.

The reason I'm trying to use it is because of my problem using JMS where I'm
unable to write to a queue.

Initially, I've set all access to all files using:

grant codeBase "file:C:/orion/-" {
        permission java.security.AllPermission;
};

Orion starts to deploy the first bean and then terminated w/o any messages
or errors.

Thanks
Tom

Tom Wnuk
[EMAIL PROTECTED]
[EMAIL PROTECTED]

  ------------------------------------------------------------------------
                  Name: winmail.dat
   winmail.dat    Type: application/ms-tnef
              Encoding: base64

// Standard extensions get all permissions by default

grant codeBase "file:${java.home}/lib/ext/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/../lib/tools.jar" {
        permission java.security.AllPermission;
};

grant codeBase "file:${com.sun.enterprise.home}/lib/classes/" {
        permission java.security.AllPermission;
};

// Drivers and other system classes should be stored in this 
// code base.
grant codeBase "file:${com.sun.enterprise.home}/lib/system/-" {
        permission java.security.AllPermission;
};

grant codeBase "file:${com.sun.enterprise.home}/public_html/-" {
        permission java.lang.RuntimePermission "loadLibrary.*";
    permission java.lang.RuntimePermission "accessClassInPackage.*";
    permission java.lang.RuntimePermission "queuePrintJob";
    permission java.lang.RuntimePermission "modifyThreadGroup";
    permission java.io.FilePermission "<<ALL FILES>>", "read,write";
    permission java.net.SocketPermission "*", "connect";
        // "standard" properies that can be read by anyone
    permission java.util.PropertyPermission "*", "read";
    // set the JSSE provider for lazy authentication of app. clients.
    permission java.security.SecurityPermission "putProviderProperty.JSSE";
    permission java.security.SecurityPermission "insertProvider.JSSE";
};

grant codeBase "file:${com.sun.enterprise.home}/lib/j2ee.jar" {
        permission java.security.AllPermission;
};

// default permissions granted to all domains

grant { 
    permission java.lang.RuntimePermission "queuePrintJob";

        // Additional properties needed RI...
        permission java.io.FilePermission "*", "read";
        permission java.io.FilePermission 
"${com.sun.enterprise.home}${file.separator}-", "read";
        permission java.io.FilePermission 
"${com.sun.enterprise.home}${file.separator}repository${file.separator}-", 
"read,write,delete";
        permission java.io.FilePermission 
"${com.sun.enterprise.home}${file.separator}logs${file.separator}-", 
"read,write,delete";
        permission java.io.FilePermission "${java.io.tmpdir}${file.separator}-", 
"read,write,delete";
        permission java.io.FilePermission "${user.home}${file.separator}-", 
"read,write,delete";

        // allows anyone to listen on un-privileged ports
        permission java.net.SocketPermission "*:0-65535", "connect";

        // "standard" properies that can be read by anyone
        permission java.util.PropertyPermission "*", "read";

        // A version of Merant driver needs this permission. 
        // permission java.io.FilePermission "<<ALL FILES>>", "read";
        // permission java.lang.RuntimePermission "modifyThreadGroup";
};