Win a copy of TensorFlow 2.0 in Action this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

Java 2 Security Problems

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an XSLT webpage that hits several different systems. I have a was.policy file that grants permissions for Java 2 Security.

I have a few problems:
1. In my was.policy file I have my first permissions granted to 'application.' Then the second grant block is another 'application' block that grants more runtime permissions. If I delete that second block and put stopThread and modifyThreadGroup to the first 'application' block, I get a security issue with one of my servlets, that I do NOT get when i have the two "application" blocks. Shouldn't moving that second block to the first one be the exact same thing?

2. I have granted rights to my saxon8.jar and I'm still getting saxon errors:
Permission:

getClassLoader : access denied (java.lang.RuntimePermission getClassLoader)


Code:

net.sf.saxon.Configuration in {file:/D:/WAS/6.0/common/lib/saxon8.jar}

3. I granted permission to the ibmjsseprovider2.jar, but still getting errors.

Permission:

wasatst3 : access denied (java.net.SocketPermission wasatst3 resolve)


Code:

com.ibm.net.ssl.www2.protocol.http.y in {file:/D:/WAS/6.0/AppServer/java/jre/lib/ext/ibmjsseprovider2.jar}



Here's my was.policy file

grant codeBase "file:${application}" {
permission java.io.FilePermission "${was.install.root}${/}..${/}PC${/}config${/}MCAnalyzerConfig.xml", "read";
permission java.io.FilePermission "${was.install.root}${/}..${/}PC${/}config${/}AutomatedUnderwriting${/}-", "read";
permission java.io.FilePermission "${was.install.root}${/}..${/}PC${/}log${/}AutomatedUnderwriting${/}-", "read, write";
permission java.util.PropertyPermission "javax.xml.transform.TransformerFactory", "read, write";
permission java.lang.RuntimePermission "modifyThread, getClassLoader";
permission java.net.SocketPermission "*", "connect, resolve";
};

grant codeBase "file:${application}" {
permission java.lang.RuntimePermission "stopThread";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
};

grant codeBase "file:ibmjsseprovider2.jar" {
permission java.net.SocketPermission "*", "connect, resolve";
};

grant codeBase "file:FBRACF-new.jar" {
permission java.lang.RuntimePermission "modifyThread";
};

grant codeBase "file:MCAnalyzerWeb.war" {
permission java.lang.RuntimePermission "modifyThread, getClassLoader";
};



grant codeBase "file:${application}" {
permission javax.security.auth.PrivateCredentialPermission "* * "*"", "read";
};

grant codeBase "file:/D:/WAS/6.0/common/lib/saxon8.jar" {
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "stopThread";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "shutdownHooks";

};

Thanks for any help you could give me.
 
This will take every ounce of my mental strength! All for a tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic