I have an XSLT webpage that hits several different systems. I have a was.policy file that grants permissions for
Java 2 Security.
I have a few problems:
1. In my was.policy file I have my first permissions granted to 'application.' Then the second grant block is another 'application' block that grants more runtime permissions. If I delete that second block and put stopThread and modifyThreadGroup to the first 'application' block, I get a security issue with one of my
servlets, that I do NOT get when i have the two "application" blocks. Shouldn't moving that second block to the first one be the exact same thing?
2. I have granted rights to my saxon8.jar and I'm still getting saxon errors:
Permission:
getClassLoader : access denied (java.lang.RuntimePermission getClassLoader)
Code:
net.sf.saxon.Configuration in {file:/D:/WAS/6.0/common/lib/saxon8.jar}
3. I granted permission to the ibmjsseprovider2.jar, but still getting errors.
Permission:
wasatst3 : access denied (java.net.SocketPermission wasatst3 resolve)
Code:
com.ibm.net.ssl.www2.protocol.http.y in {file:/D:/WAS/6.0/AppServer/java/jre/lib/ext/ibmjsseprovider2.jar}
Here's my was.policy file
grant codeBase "file:${application}" {
permission java.io.FilePermission "${was.install.root}${/}..${/}PC${/}config${/}MCAnalyzerConfig.xml", "read";
permission java.io.FilePermission "${was.install.root}${/}..${/}PC${/}config${/}AutomatedUnderwriting${/}-", "read";
permission java.io.FilePermission "${was.install.root}${/}..${/}PC${/}log${/}AutomatedUnderwriting${/}-", "read, write";
permission java.util.PropertyPermission "javax.xml.transform.TransformerFactory", "read, write";
permission java.lang.RuntimePermission "modifyThread, getClassLoader";
permission java.net.SocketPermission "*", "connect, resolve";
};
grant codeBase "file:${application}" {
permission java.lang.RuntimePermission "stopThread";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
};
grant codeBase "file:ibmjsseprovider2.jar" {
permission java.net.SocketPermission "*", "connect, resolve";
};
grant codeBase "file:FBRACF-new.jar" {
permission java.lang.RuntimePermission "modifyThread";
};
grant codeBase "file:MCAnalyzerWeb.war" {
permission java.lang.RuntimePermission "modifyThread, getClassLoader";
};
grant codeBase "file:${application}" {
permission javax.security.auth.PrivateCredentialPermission "* * "*"", "read";
};
grant codeBase "file:/D:/WAS/6.0/common/lib/saxon8.jar" {
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "stopThread";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "shutdownHooks";
};
Thanks for any help you could give me.