[
http://issues.apache.org/jira/browse/JAMES-636?page=comments#action_12437124 ]
Guillermo Grandes commented on JAMES-636:
-----------------------------------------
Well, my phoenix.sh is a little diferent... i don't have any goto ;-) but yes,
i'm using security manager, my running command line is:
/usr/java/java15/bin/java
-Dprogram.name=JAMES1 -Xms128m -Xmx256m
-Djava.ext.dirs=/opt/james/lib:/opt/james/tools/lib
! -Djava.security.manager
!
-Djava.security.policy=jar:file:/opt/james/bin/phoenix-loader.jar!/META-INF/java.policy
-Dphoenix.home=/opt/james
-Djava.io.tmpdir=/opt/james/temp
-jar /opt/james/bin/phoenix-loader.jar
The modified cvs-migration-snapshot code of Phoenix (I'm watching it the night
of yesterday), seems to quite different from kickjava.com, this is the last
version 4.2?, until now I am guiding by pages like this (and docjar.com,
MacGyver style) (which to me becomes difficult to work) :-(
Many thanks for the info! :-)
Stefano Says:
Hi Guillermo,
I don't know/don't have time currently to look at what happened, but we
could try fix things in Phoenix.
As you can read in the JAMES_PHOENIX.txt file in the root of our source
tree we're currently using a modified build of
https://svn.apache.org/repos/asf/avalon/cvs-migration-snapshot/avalon-phoenix/
Have you set $PHOENIX_SECURE to true before starting phoenix? I see the
following things in the run scripts:
---
if [ "$PHOENIX_SECURE" != "false" ] ; then
# Make phoenix run with security manager enabled
JVM_OPTS="$JVM_OPTS -Djava.security.manager"
fi
---
if "%PHOENIX_SECURE%" == "false" goto postSecure
rem Make Phoenix run with security Manager enabled
set PHOENIX_SM="-Djava.security.manager"
:postSecure
---
Maybe this has nothing to do with your problem, but is the only information
I can give to you.
I think that Loom is not an option to James because it is simply a branch
of Phoenix and it also is no more developed.
In the future (far future) we could switch to plexus (the maven container,
that is getting more interest and is supporting also avalon components) or to
felix, but I think we should try to fix the security in phoenix if we find
"where" to put our hands.
Stefano
> Policy in environment.xml is... ignored?!?
> ------------------------------------------
>
> Key: JAMES-636
> URL: http://issues.apache.org/jira/browse/JAMES-636
> Project: James
> Issue Type: Bug
> Affects Versions: Trunk, 2.3.0rc3
> Environment: James 2.3.0rc3 / 3.0
> Reporter: Guillermo Grandes
> Attachments: james.policy
>
>
> I have been testing to securize James, have seen that there was the option to
> add to policies in the file environment.xml, but in version 2.3 and 3.0 it
> does not work, I suppose that it will have to do with the migration that
> became to Phoenix 4.2 from 4.0.1, seems simply that, ignores them quiet and
> it treats it like a AllPermission, stranger.
> In James 2.2 if no policy is configured, phoenix.log says:
> [Phoenix.] (): No policy specified in server.xml, giving full permissions to
> ServerApplication.
> In 2.3 / 3.0 no message show...
> I haves used a policy Like this, and... never throws security exceptions...
> <policy>
> <grant code-base="file:${app.home}${/}lib${/}*">
> <permission class="java.io.FilePermission"
> target="${app.home}${/}*"
> action="read,write" />
> </grant>
> </policy>
> I have even proven to make a FileInputStream of /etc/passwd and... has eaten
> it, not security exception :(
> In Loom 1.0-rc3 is the same, policy is ignored...
> At the moment the workarround is modifying directly the policy of
> phoenix-loader.jar and restrict it at global level of the JVM.
> I have opened a ticket in Codehaus for Loom 1.0rc3, in the case of Phoenix...
> "two stones" :-)
> See also: http://jira.codehaus.org/browse/LOOM-81
> I inform, in case somebody can make some thing.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
