subject:"\[Dev\] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT"

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

2015-08-27 Thread Isuru Perera

Why is it different? The https://wso2.org/jira/browse/IDENTITY-3340 fixes
the issues with Java Security Manager when accessing User Manager APIs from
the Carbon Context. You are also trying a similar scenario, right?

Can you merge the PR locally and test? Please discard your changes. (PR
uses Java Reflection. I was against that decision and asked to fix it
properly. However it should fix your issue as the PR has added a Privileged
Block API for listUsers method.)

On Fri, Aug 28, 2015 at 11:42 AM, Supun Malinga  wrote:

>
>
> On Fri, Aug 28, 2015 at 11:27 AM, Isuru Perera  wrote:
>
>> Hi Supun,
>>
>> The checkSecurity method just checks for a permission. I'm not sure how
>> your fix works. But it doesn't seem to be a proper solution. We might need
>> to debug more and see.
>>
>> Can you check whether you have fixes for
>> https://wso2.org/jira/browse/IDENTITY-3340?
>>
>
> No, I don't PR is not merged yet..
> I had a  chat with KasunB, its for a different error however.
>
>
>>
>> On Fri, Aug 28, 2015 at 9:55 AM, Aruna Karunarathna 
>> wrote:
>>
>>>
>>>
>>> On Thu, Aug 27, 2015 at 6:44 PM, Supun Malinga  wrote:
>>>
 Hi,

 Found that the issue happens at the following,

 at
 org.wso2.carbon.user.core.common.AbstractUserStoreManager.listUsers(AbstractUserStoreManager.java:2034)
 at
 org.apache.jsp.carbon.usermgt.index_jsp._jspService(index_jsp.java:167)

 I did the following fix in CarbonContext (where the user realm is
 retrieved initially), and the issue disappeared. Is this a good enough
 solution ? Or do we have to explicitly do permission checks in
 AbstractUserStoreManager ?. So far there is none in that.. Let me know.

 +++
 b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/context/CarbonContext.java
 @@ -233,6 +233,8 @@ public class CarbonContext {
   * @return the user realm instance.
   */
  public UserRealm getUserRealm() {
 +CarbonUtils.checkSecurity();
  return getCarbonContextDataHolder().getUserRealm();
  }

>>>
>>> Any idea why this is not needed for AS 5.2.1?..
>>>

 thanks,


 On Tue, Aug 25, 2015 at 12:17 PM, Supun Malinga 
 wrote:

> thanks Isuru. Let me see what I can find.
>
> thanks
>
> On Tue, Aug 25, 2015 at 12:12 PM, Isuru Perera 
> wrote:
>
>> Hi Supun,
>>
>> I'm sorry I missed this mail. We need to identify which method is
>> accessing the local database. We should never give explicit read
>> permissions for the H2 database.
>>
>> We need to use Java Privileged Block API in Carbon Context APIs. If
>> you cannot figure out the protection domain for the access failure, 
>> please
>> check Java Security Debug logs. See Troubleshooting section in my Java
>> Security Manager related blog post [1].
>>
>> With Privileged Block API, we can let Carbon Context APIs to use same
>> permissions we give to Carbon code.
>>
>> Thanks!
>>
>> Best Regards,
>>
>> [1]
>> http://isuru-perera.blogspot.com/2014/12/enabling-java-security-manager-for-wso2.html
>>
>>
>> On Thu, Aug 13, 2015 at 3:37 PM, Supun Malinga 
>> wrote:
>>
>>> Hi,
>>>
>>> For accessing usermgt via CarbonContext had to provide following
>>> permission for webapp.
>>>
>>> permission java.io.FilePermission
>>> "/home/supun/smoke/java_sec/530_custom/wso2as-5.3.0-SNAPSHOT/repository/database/WSO2CARBON_DB.data.db",
>>> "read";
>>>
>>> I tested with AS 5.2.1 and we don't need this in 5.2.1.
>>>
>>> Can anyone tell why this is needed and if its an issue ?.
>>>
>>> thanks,
>>> --
>>> Supun Malinga,
>>>
>>> Senior Software Engineer,
>>> WSO2 Inc.
>>> http://wso2.com
>>> email: sup...@wso2.com 
>>> mobile: +94 (0)71 56 91 321
>>>
>>
>>
>>
>> --
>> Isuru Perera
>> Associate Technical Lead | WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> about.me/chrishantha
>> Contact: +IsuruPereraWSO2
>> 
>>
>
>
>
> --
> Supun Malinga,
>
> Senior Software Engineer,
> WSO2 Inc.
> http://wso2.com
> email: sup...@wso2.com 
> mobile: +94 (0)71 56 91 321
>



 --
 Supun Malinga,

 Senior Software Engineer,
 WSO2 Inc.
 http://wso2.com
 email: sup...@wso2.com 
 mobile: +94 (0)71 56 91 321

>>>
>>>
>>>
>>> --
>>>
>>> *Aruna Sujith Karunarathna *| Software Engineer
>>> WSO2, Inc | lean. enterprise. middleware.
>>> #20, Palm Grove, Colombo 03, Sri Lanka
>>> Mobile: +94 71 9040362 | Work: +94 112145345
>>> Email: ar...@wso2.com | Web: www.wso2.com
>>>
>>>
>>
>>
>>
>> --
>> Isuru Perera
>> Associate Technical Lead | WSO2, Inc. | http://wso2.com/
>> Lean . Enter

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

2015-08-27 Thread Supun Malinga

On Fri, Aug 28, 2015 at 11:27 AM, Isuru Perera  wrote:

> Hi Supun,
>
> The checkSecurity method just checks for a permission. I'm not sure how
> your fix works. But it doesn't seem to be a proper solution. We might need
> to debug more and see.
>
> Can you check whether you have fixes for
> https://wso2.org/jira/browse/IDENTITY-3340?
>

No, I don't PR is not merged yet..
I had a  chat with KasunB, its for a different error however.


>
> On Fri, Aug 28, 2015 at 9:55 AM, Aruna Karunarathna 
> wrote:
>
>>
>>
>> On Thu, Aug 27, 2015 at 6:44 PM, Supun Malinga  wrote:
>>
>>> Hi,
>>>
>>> Found that the issue happens at the following,
>>>
>>> at
>>> org.wso2.carbon.user.core.common.AbstractUserStoreManager.listUsers(AbstractUserStoreManager.java:2034)
>>> at
>>> org.apache.jsp.carbon.usermgt.index_jsp._jspService(index_jsp.java:167)
>>>
>>> I did the following fix in CarbonContext (where the user realm is
>>> retrieved initially), and the issue disappeared. Is this a good enough
>>> solution ? Or do we have to explicitly do permission checks in
>>> AbstractUserStoreManager ?. So far there is none in that.. Let me know.
>>>
>>> +++
>>> b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/context/CarbonContext.java
>>> @@ -233,6 +233,8 @@ public class CarbonContext {
>>>   * @return the user realm instance.
>>>   */
>>>  public UserRealm getUserRealm() {
>>> +CarbonUtils.checkSecurity();
>>>  return getCarbonContextDataHolder().getUserRealm();
>>>  }
>>>
>>
>> Any idea why this is not needed for AS 5.2.1?..
>>
>>>
>>> thanks,
>>>
>>>
>>> On Tue, Aug 25, 2015 at 12:17 PM, Supun Malinga  wrote:
>>>
 thanks Isuru. Let me see what I can find.

 thanks

 On Tue, Aug 25, 2015 at 12:12 PM, Isuru Perera  wrote:

> Hi Supun,
>
> I'm sorry I missed this mail. We need to identify which method is
> accessing the local database. We should never give explicit read
> permissions for the H2 database.
>
> We need to use Java Privileged Block API in Carbon Context APIs. If
> you cannot figure out the protection domain for the access failure, please
> check Java Security Debug logs. See Troubleshooting section in my Java
> Security Manager related blog post [1].
>
> With Privileged Block API, we can let Carbon Context APIs to use same
> permissions we give to Carbon code.
>
> Thanks!
>
> Best Regards,
>
> [1]
> http://isuru-perera.blogspot.com/2014/12/enabling-java-security-manager-for-wso2.html
>
>
> On Thu, Aug 13, 2015 at 3:37 PM, Supun Malinga 
> wrote:
>
>> Hi,
>>
>> For accessing usermgt via CarbonContext had to provide following
>> permission for webapp.
>>
>> permission java.io.FilePermission
>> "/home/supun/smoke/java_sec/530_custom/wso2as-5.3.0-SNAPSHOT/repository/database/WSO2CARBON_DB.data.db",
>> "read";
>>
>> I tested with AS 5.2.1 and we don't need this in 5.2.1.
>>
>> Can anyone tell why this is needed and if its an issue ?.
>>
>> thanks,
>> --
>> Supun Malinga,
>>
>> Senior Software Engineer,
>> WSO2 Inc.
>> http://wso2.com
>> email: sup...@wso2.com 
>> mobile: +94 (0)71 56 91 321
>>
>
>
>
> --
> Isuru Perera
> Associate Technical Lead | WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> about.me/chrishantha
> Contact: +IsuruPereraWSO2
> 
>



 --
 Supun Malinga,

 Senior Software Engineer,
 WSO2 Inc.
 http://wso2.com
 email: sup...@wso2.com 
 mobile: +94 (0)71 56 91 321

>>>
>>>
>>>
>>> --
>>> Supun Malinga,
>>>
>>> Senior Software Engineer,
>>> WSO2 Inc.
>>> http://wso2.com
>>> email: sup...@wso2.com 
>>> mobile: +94 (0)71 56 91 321
>>>
>>
>>
>>
>> --
>>
>> *Aruna Sujith Karunarathna *| Software Engineer
>> WSO2, Inc | lean. enterprise. middleware.
>> #20, Palm Grove, Colombo 03, Sri Lanka
>> Mobile: +94 71 9040362 | Work: +94 112145345
>> Email: ar...@wso2.com | Web: www.wso2.com
>>
>>
>
>
>
> --
> Isuru Perera
> Associate Technical Lead | WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> about.me/chrishantha
> Contact: +IsuruPereraWSO2 
>



-- 
Supun Malinga,

Senior Software Engineer,
WSO2 Inc.
http://wso2.com
email: sup...@wso2.com 
mobile: +94 (0)71 56 91 321
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

2015-08-27 Thread Isuru Perera

Hi Supun,

The checkSecurity method just checks for a permission. I'm not sure how
your fix works. But it doesn't seem to be a proper solution. We might need
to debug more and see.

Can you check whether you have fixes for
https://wso2.org/jira/browse/IDENTITY-3340?


On Fri, Aug 28, 2015 at 9:55 AM, Aruna Karunarathna  wrote:

>
>
> On Thu, Aug 27, 2015 at 6:44 PM, Supun Malinga  wrote:
>
>> Hi,
>>
>> Found that the issue happens at the following,
>>
>> at
>> org.wso2.carbon.user.core.common.AbstractUserStoreManager.listUsers(AbstractUserStoreManager.java:2034)
>> at
>> org.apache.jsp.carbon.usermgt.index_jsp._jspService(index_jsp.java:167)
>>
>> I did the following fix in CarbonContext (where the user realm is
>> retrieved initially), and the issue disappeared. Is this a good enough
>> solution ? Or do we have to explicitly do permission checks in
>> AbstractUserStoreManager ?. So far there is none in that.. Let me know.
>>
>> +++
>> b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/context/CarbonContext.java
>> @@ -233,6 +233,8 @@ public class CarbonContext {
>>   * @return the user realm instance.
>>   */
>>  public UserRealm getUserRealm() {
>> +CarbonUtils.checkSecurity();
>>  return getCarbonContextDataHolder().getUserRealm();
>>  }
>>
>
> Any idea why this is not needed for AS 5.2.1?..
>
>>
>> thanks,
>>
>>
>> On Tue, Aug 25, 2015 at 12:17 PM, Supun Malinga  wrote:
>>
>>> thanks Isuru. Let me see what I can find.
>>>
>>> thanks
>>>
>>> On Tue, Aug 25, 2015 at 12:12 PM, Isuru Perera  wrote:
>>>
 Hi Supun,

 I'm sorry I missed this mail. We need to identify which method is
 accessing the local database. We should never give explicit read
 permissions for the H2 database.

 We need to use Java Privileged Block API in Carbon Context APIs. If you
 cannot figure out the protection domain for the access failure, please
 check Java Security Debug logs. See Troubleshooting section in my Java
 Security Manager related blog post [1].

 With Privileged Block API, we can let Carbon Context APIs to use same
 permissions we give to Carbon code.

 Thanks!

 Best Regards,

 [1]
 http://isuru-perera.blogspot.com/2014/12/enabling-java-security-manager-for-wso2.html


 On Thu, Aug 13, 2015 at 3:37 PM, Supun Malinga  wrote:

> Hi,
>
> For accessing usermgt via CarbonContext had to provide following
> permission for webapp.
>
> permission java.io.FilePermission
> "/home/supun/smoke/java_sec/530_custom/wso2as-5.3.0-SNAPSHOT/repository/database/WSO2CARBON_DB.data.db",
> "read";
>
> I tested with AS 5.2.1 and we don't need this in 5.2.1.
>
> Can anyone tell why this is needed and if its an issue ?.
>
> thanks,
> --
> Supun Malinga,
>
> Senior Software Engineer,
> WSO2 Inc.
> http://wso2.com
> email: sup...@wso2.com 
> mobile: +94 (0)71 56 91 321
>



 --
 Isuru Perera
 Associate Technical Lead | WSO2, Inc. | http://wso2.com/
 Lean . Enterprise . Middleware

 about.me/chrishantha
 Contact: +IsuruPereraWSO2
 

>>>
>>>
>>>
>>> --
>>> Supun Malinga,
>>>
>>> Senior Software Engineer,
>>> WSO2 Inc.
>>> http://wso2.com
>>> email: sup...@wso2.com 
>>> mobile: +94 (0)71 56 91 321
>>>
>>
>>
>>
>> --
>> Supun Malinga,
>>
>> Senior Software Engineer,
>> WSO2 Inc.
>> http://wso2.com
>> email: sup...@wso2.com 
>> mobile: +94 (0)71 56 91 321
>>
>
>
>
> --
>
> *Aruna Sujith Karunarathna *| Software Engineer
> WSO2, Inc | lean. enterprise. middleware.
> #20, Palm Grove, Colombo 03, Sri Lanka
> Mobile: +94 71 9040362 | Work: +94 112145345
> Email: ar...@wso2.com | Web: www.wso2.com
>
>



-- 
Isuru Perera
Associate Technical Lead | WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

about.me/chrishantha
Contact: +IsuruPereraWSO2 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

2015-08-27 Thread Aruna Karunarathna

On Thu, Aug 27, 2015 at 6:44 PM, Supun Malinga  wrote:

> Hi,
>
> Found that the issue happens at the following,
>
> at
> org.wso2.carbon.user.core.common.AbstractUserStoreManager.listUsers(AbstractUserStoreManager.java:2034)
> at
> org.apache.jsp.carbon.usermgt.index_jsp._jspService(index_jsp.java:167)
>
> I did the following fix in CarbonContext (where the user realm is
> retrieved initially), and the issue disappeared. Is this a good enough
> solution ? Or do we have to explicitly do permission checks in
> AbstractUserStoreManager ?. So far there is none in that.. Let me know.
>
> +++
> b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/context/CarbonContext.java
> @@ -233,6 +233,8 @@ public class CarbonContext {
>   * @return the user realm instance.
>   */
>  public UserRealm getUserRealm() {
> +CarbonUtils.checkSecurity();
>  return getCarbonContextDataHolder().getUserRealm();
>  }
>

Any idea why this is not needed for AS 5.2.1?..

>
> thanks,
>
>
> On Tue, Aug 25, 2015 at 12:17 PM, Supun Malinga  wrote:
>
>> thanks Isuru. Let me see what I can find.
>>
>> thanks
>>
>> On Tue, Aug 25, 2015 at 12:12 PM, Isuru Perera  wrote:
>>
>>> Hi Supun,
>>>
>>> I'm sorry I missed this mail. We need to identify which method is
>>> accessing the local database. We should never give explicit read
>>> permissions for the H2 database.
>>>
>>> We need to use Java Privileged Block API in Carbon Context APIs. If you
>>> cannot figure out the protection domain for the access failure, please
>>> check Java Security Debug logs. See Troubleshooting section in my Java
>>> Security Manager related blog post [1].
>>>
>>> With Privileged Block API, we can let Carbon Context APIs to use same
>>> permissions we give to Carbon code.
>>>
>>> Thanks!
>>>
>>> Best Regards,
>>>
>>> [1]
>>> http://isuru-perera.blogspot.com/2014/12/enabling-java-security-manager-for-wso2.html
>>>
>>>
>>> On Thu, Aug 13, 2015 at 3:37 PM, Supun Malinga  wrote:
>>>
 Hi,

 For accessing usermgt via CarbonContext had to provide following
 permission for webapp.

 permission java.io.FilePermission
 "/home/supun/smoke/java_sec/530_custom/wso2as-5.3.0-SNAPSHOT/repository/database/WSO2CARBON_DB.data.db",
 "read";

 I tested with AS 5.2.1 and we don't need this in 5.2.1.

 Can anyone tell why this is needed and if its an issue ?.

 thanks,
 --
 Supun Malinga,

 Senior Software Engineer,
 WSO2 Inc.
 http://wso2.com
 email: sup...@wso2.com 
 mobile: +94 (0)71 56 91 321

>>>
>>>
>>>
>>> --
>>> Isuru Perera
>>> Associate Technical Lead | WSO2, Inc. | http://wso2.com/
>>> Lean . Enterprise . Middleware
>>>
>>> about.me/chrishantha
>>> Contact: +IsuruPereraWSO2
>>> 
>>>
>>
>>
>>
>> --
>> Supun Malinga,
>>
>> Senior Software Engineer,
>> WSO2 Inc.
>> http://wso2.com
>> email: sup...@wso2.com 
>> mobile: +94 (0)71 56 91 321
>>
>
>
>
> --
> Supun Malinga,
>
> Senior Software Engineer,
> WSO2 Inc.
> http://wso2.com
> email: sup...@wso2.com 
> mobile: +94 (0)71 56 91 321
>



-- 

*Aruna Sujith Karunarathna *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 71 9040362 | Work: +94 112145345
Email: ar...@wso2.com | Web: www.wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

2015-08-27 Thread Supun Malinga

Hi,

Found that the issue happens at the following,

at
org.wso2.carbon.user.core.common.AbstractUserStoreManager.listUsers(AbstractUserStoreManager.java:2034)
at
org.apache.jsp.carbon.usermgt.index_jsp._jspService(index_jsp.java:167)

I did the following fix in CarbonContext (where the user realm is retrieved
initially), and the issue disappeared. Is this a good enough solution ? Or
do we have to explicitly do permission checks in AbstractUserStoreManager
?. So far there is none in that.. Let me know.

+++
b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/context/CarbonContext.java
@@ -233,6 +233,8 @@ public class CarbonContext {
  * @return the user realm instance.
  */
 public UserRealm getUserRealm() {
+CarbonUtils.checkSecurity();
 return getCarbonContextDataHolder().getUserRealm();
 }

thanks,


On Tue, Aug 25, 2015 at 12:17 PM, Supun Malinga  wrote:

> thanks Isuru. Let me see what I can find.
>
> thanks
>
> On Tue, Aug 25, 2015 at 12:12 PM, Isuru Perera  wrote:
>
>> Hi Supun,
>>
>> I'm sorry I missed this mail. We need to identify which method is
>> accessing the local database. We should never give explicit read
>> permissions for the H2 database.
>>
>> We need to use Java Privileged Block API in Carbon Context APIs. If you
>> cannot figure out the protection domain for the access failure, please
>> check Java Security Debug logs. See Troubleshooting section in my Java
>> Security Manager related blog post [1].
>>
>> With Privileged Block API, we can let Carbon Context APIs to use same
>> permissions we give to Carbon code.
>>
>> Thanks!
>>
>> Best Regards,
>>
>> [1]
>> http://isuru-perera.blogspot.com/2014/12/enabling-java-security-manager-for-wso2.html
>>
>>
>> On Thu, Aug 13, 2015 at 3:37 PM, Supun Malinga  wrote:
>>
>>> Hi,
>>>
>>> For accessing usermgt via CarbonContext had to provide following
>>> permission for webapp.
>>>
>>> permission java.io.FilePermission
>>> "/home/supun/smoke/java_sec/530_custom/wso2as-5.3.0-SNAPSHOT/repository/database/WSO2CARBON_DB.data.db",
>>> "read";
>>>
>>> I tested with AS 5.2.1 and we don't need this in 5.2.1.
>>>
>>> Can anyone tell why this is needed and if its an issue ?.
>>>
>>> thanks,
>>> --
>>> Supun Malinga,
>>>
>>> Senior Software Engineer,
>>> WSO2 Inc.
>>> http://wso2.com
>>> email: sup...@wso2.com 
>>> mobile: +94 (0)71 56 91 321
>>>
>>
>>
>>
>> --
>> Isuru Perera
>> Associate Technical Lead | WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> about.me/chrishantha
>> Contact: +IsuruPereraWSO2 
>>
>
>
>
> --
> Supun Malinga,
>
> Senior Software Engineer,
> WSO2 Inc.
> http://wso2.com
> email: sup...@wso2.com 
> mobile: +94 (0)71 56 91 321
>



-- 
Supun Malinga,

Senior Software Engineer,
WSO2 Inc.
http://wso2.com
email: sup...@wso2.com 
mobile: +94 (0)71 56 91 321
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

2015-08-25 Thread Supun Malinga

thanks Isuru. Let me see what I can find.

thanks

On Tue, Aug 25, 2015 at 12:12 PM, Isuru Perera  wrote:

> Hi Supun,
>
> I'm sorry I missed this mail. We need to identify which method is
> accessing the local database. We should never give explicit read
> permissions for the H2 database.
>
> We need to use Java Privileged Block API in Carbon Context APIs. If you
> cannot figure out the protection domain for the access failure, please
> check Java Security Debug logs. See Troubleshooting section in my Java
> Security Manager related blog post [1].
>
> With Privileged Block API, we can let Carbon Context APIs to use same
> permissions we give to Carbon code.
>
> Thanks!
>
> Best Regards,
>
> [1]
> http://isuru-perera.blogspot.com/2014/12/enabling-java-security-manager-for-wso2.html
>
>
> On Thu, Aug 13, 2015 at 3:37 PM, Supun Malinga  wrote:
>
>> Hi,
>>
>> For accessing usermgt via CarbonContext had to provide following
>> permission for webapp.
>>
>> permission java.io.FilePermission
>> "/home/supun/smoke/java_sec/530_custom/wso2as-5.3.0-SNAPSHOT/repository/database/WSO2CARBON_DB.data.db",
>> "read";
>>
>> I tested with AS 5.2.1 and we don't need this in 5.2.1.
>>
>> Can anyone tell why this is needed and if its an issue ?.
>>
>> thanks,
>> --
>> Supun Malinga,
>>
>> Senior Software Engineer,
>> WSO2 Inc.
>> http://wso2.com
>> email: sup...@wso2.com 
>> mobile: +94 (0)71 56 91 321
>>
>
>
>
> --
> Isuru Perera
> Associate Technical Lead | WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> about.me/chrishantha
> Contact: +IsuruPereraWSO2 
>



-- 
Supun Malinga,

Senior Software Engineer,
WSO2 Inc.
http://wso2.com
email: sup...@wso2.com 
mobile: +94 (0)71 56 91 321
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

2015-08-25 Thread Isuru Perera

Hi Supun,

I'm sorry I missed this mail. We need to identify which method is accessing
the local database. We should never give explicit read permissions for the
H2 database.

We need to use Java Privileged Block API in Carbon Context APIs. If you
cannot figure out the protection domain for the access failure, please
check Java Security Debug logs. See Troubleshooting section in my Java
Security Manager related blog post [1].

With Privileged Block API, we can let Carbon Context APIs to use same
permissions we give to Carbon code.

Thanks!

Best Regards,

[1]
http://isuru-perera.blogspot.com/2014/12/enabling-java-security-manager-for-wso2.html

On Thu, Aug 13, 2015 at 3:37 PM, Supun Malinga  wrote:

> Hi,
>
> For accessing usermgt via CarbonContext had to provide following
> permission for webapp.
>
> permission java.io.FilePermission
> "/home/supun/smoke/java_sec/530_custom/wso2as-5.3.0-SNAPSHOT/repository/database/WSO2CARBON_DB.data.db",
> "read";
>
> I tested with AS 5.2.1 and we don't need this in 5.2.1.
>
> Can anyone tell why this is needed and if its an issue ?.
>
> thanks,
> --
> Supun Malinga,
>
> Senior Software Engineer,
> WSO2 Inc.
> http://wso2.com
> email: sup...@wso2.com 
> mobile: +94 (0)71 56 91 321
>

-- 
Isuru Perera
Associate Technical Lead | WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

about.me/chrishantha
Contact: +IsuruPereraWSO2 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

2015-08-13 Thread Supun Malinga

Hi,

For accessing usermgt via CarbonContext had to provide following permission
for webapp.

permission java.io.FilePermission
"/home/supun/smoke/java_sec/530_custom/wso2as-5.3.0-SNAPSHOT/repository/database/WSO2CARBON_DB.data.db",
"read";

I tested with AS 5.2.1 and we don't need this in 5.2.1.

Can anyone tell why this is needed and if its an issue ?.

thanks,
-- 
Supun Malinga,

Senior Software Engineer,
WSO2 Inc.
http://wso2.com
email: sup...@wso2.com 
mobile: +94 (0)71 56 91 321
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

Re: [Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

[Dev] Java Security Manager needs read permission to h2 db in AS 5.3.0 SNAPSHOT

8 matches

Site Navigation

Mail list logo

Footer information