If the getPermissions(ProtectionDomain) method of the policy object set long before any mina code gets called would be invoked when the permission is checked this would return a PermissionCollection with a single AllPermissions() instance. The problem is that this method never gets invoked. Things are working with versions <= 0.8.0 even though the sshd obviously needs to access the same key file.
Cheers, Reto On Mon, May 19, 2014 at 3:07 PM, Guillaume Nodet <[email protected]> wrote: > I'm not really sure what you're talking about, but if you run under a > security manager, you need to ensure that the sshd code is granted correct > permissions. > In particular, the use of the key pair provider configure to load host keys > from a file requires a file read permission on the given file. > > > 2014-05-19 14:59 GMT+02:00 Reto Gmür <[email protected]>: > > > Hello > > > > Attempting to updated sshd I've noticed that for version > 0.8.0 I'm > > getting an AccessControlException (see below) in the Nio2Acceptor. It > seems > > that completed the security Policy set with Policy.setPolicy is no longer > > in use. I've no idea what causes this change of security policy and how > to > > get around this. > > > > Cheers, > > Reto > > > > > > 19.05.2014 14:36:11.268 *WARN* [pool-2-thread-1] > > org.apache.sshd.common.io.nio2.Nio2Acceptor Caught exception while > > accepting incoming connection java.security.AccessControlException: > access > > denied ("java.io.FilePermission" "/home/reto/.clerezza/ssh/hostkey.ser" > > "read") > > at > > > > > java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) > > at > > java.security.AccessController.checkPermission(AccessController.java:559) > > at > java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > > at java.io.File.exists(File.java:808) > > at > > > > > org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider.loadKeys(AbstractGeneratorHostKeyProvider.java:107) > > at > > > > > org.apache.sshd.common.keyprovider.AbstractKeyPairProvider.getKeyTypes(AbstractKeyPairProvider.java:53) > > at > > > > > org.apache.sshd.server.session.ServerSession.sendKexInit(ServerSession.java:127) > > at > > > org.apache.sshd.server.session.ServerSession.<init>(ServerSession.java:60) > > at > > > > > org.apache.sshd.server.session.SessionFactory.doCreateSession(SessionFactory.java:43) > > at > > > > > org.apache.sshd.common.session.AbstractSessionFactory.createSession(AbstractSessionFactory.java:38) > > at > > > > > org.apache.sshd.common.AbstractSessionIoHandler.sessionCreated(AbstractSessionIoHandler.java:36) > > at > > > > > org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.completed(Nio2Acceptor.java:128) > > at > > > > > org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.completed(Nio2Acceptor.java:109) > > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) > > at sun.nio.ch.Invoker$2.run(Invoker.java:218) > > at > > > > > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > > at > > > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > > at > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > > at java.lang.Thread.run(Thread.java:744) > > >
