Rahulaiit kumar

Hi,

We are implementing Java 2 Secuirty on our Web application using WAS 6.1.

The Was.policy file is :-


grant codeBase "file:${application}" {
permission java.io.FilePermission "/C:/WINDOWS/TEMP/-", "read, write, delete";
};



grant codeBase "file:spring-2.0.2.jar" {
permission java.lang.RuntimePermission "getClassLoader";
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "<>", "read";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses, AdminPermission";
};

grant codeBase "file:aspectjweaver-1.5.3.jar" {
permission java.lang.RuntimePermission "createClassLoader";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
};

grant codeBase "file:aspectjrt-1.5.3.jar" {
permission java.lang.RuntimePermission "*", "accessDeclaredMembers";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
};

grant codeBase "file:activation-impl.jar" {
permission java.io.FilePermission "${user.home}${/}.mime.types", "read";
permission java.io.FilePermission "${java.home}${/}lib${/}mime.types", "read";
};

grant codeBase "file:$syfact-administratro.war" {
permission java.io.FilePermission "/C:/WINDOWS/TEMP/-", "read, write, delete";
};


The error that we are getting is :-

8/7/08 17:54:14:433 IST] 00000026 SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to InfoCenter for further information.

Permission:

C:\WINDOWS\TEMP\expwf35925.xml : Access denied (java.io.FilePermission C:\WINDOWS\TEMP\expwf35925.xml write)


Code:

com.syfact.mo.administrator.mwfs.ExportAction in {file:/C:/Program Files/IBM/WebSphere/AppServer1/profiles/AppSrv01/installedApps/d-10607Node01Cell/syfact-administrator_war.ear/syfact-administrator.war/WEB-INF/classes/}



Stack Trace:

java.security.AccessControlException: Access denied (java.io.FilePermission C:\WINDOWS\TEMP\expwf35925.xml write)
at java.security.AccessController.checkPermission(AccessController.java:104)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:977)
at java.io.File.checkAndCreate(File.java:1372)
at java.io.File.createTempFile(File.java:1469)
at java.io.File.createTempFile(File.java:1506)
at com.syfact.mo.administrator.mwfs.ExportAction.doAction(ExportAction.java:110)
at com.syfact.web.servlet.Syfact.processStandardCommand(Syfact.java:362)
at com.syfact.web.servlet.Syfact.doPost(Syfact.java:287)
at com.syfact.web.servlet.Syfact.doGet(Syfact.java:158)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:966)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:907)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
at com.syfact.ConnectionFilter.doFilter(ConnectionFilter.java:40)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:696)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:641)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:475)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3107)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1425)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:92)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:274)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:193)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:725)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:847)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1498)


Code Base Location:


[8/7/08 17:54:14:448 IST] 00000026 SystemOut O 2008-08-07 17:54:14,433 ERROR -> Unable to create temporary file
java.lang.SecurityException: Unable to create temporary file
at java.io.File.checkAndCreate(File.java:1377)
at java.io.File.createTempFile(File.java:1469)
at java.io.File.createTempFile(File.java:1506)
at com.syfact.mo.administrator.mwfs.ExportAction.doAction(ExportAction.java:110)
at com.syfact.web.servlet.Syfact.processStandardCommand(Syfact.java:362)
at com.syfact.web.servlet.Syfact.doPost(Syfact.java:287)
at com.syfact.web.servlet.Syfact.doGet(Syfact.java:158)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:966)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:907)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
at com.syfact.ConnectionFilter.doFilter(ConnectionFilter.java:40)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:696)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:641)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:475)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3107)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1425)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:92)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:274)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:193)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:725)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:847)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1498)



We tried to specify the permission in server.policy file n java.policy file as well but problem did not got resolved.

Please suugest the solution.

Regards,
Rahul

Hi,

Thanks for the response. The prob got resolved by making an entry in server.policy file for the same.

Regards,
Rahul

Hi,

I am implementing Java 2 security on my WAR file but i am getting the error while opeing the logine page of the application.
The was.policy file is
grant codeBase "file:${application}" {
permission java.util.PropertyPermission "$(APP_INSTALL_ROOT)/d-10607Node01Cell/-", "read, write";
};


grant codeBase "file:spring-2.0.2.jar" {
permission java.lang.RuntimePermission "getClassLoader";
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "<>", "read";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
};


grant codeBase "file:${syfact-investigator.war}" {
permission java.util.PropertyPermission "$(APP_INSTALL_ROOT)/d-10607Node01Cell/-", "read, write";
};

The stack trace is :-

Permission:

app_path : Access denied (java.util.PropertyPermission app_path write)


Code:

com.syfact.servlet.Syfact in {file:/C:/Program Files/IBM/WebSphere/AppServer1/profiles/AppSrv01/installedApps/d-10607Node01Cell/syfact-investigator_war.ear/syfact-investigator.war/WEB-INF/classes/}



Stack Trace:

java.security.AccessControlException: Access denied (java.util.PropertyPermission app_path write)
at java.security.AccessController.checkPermission(AccessController.java:104)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
at java.lang.System.setProperty(System.java:383)
at com.syfact.servlet.Syfact.init(Syfact.java:67)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:185)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.init(ServletWrapper.java:316)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:341)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3107)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1425)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:92)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:193)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:725)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:847)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1498)


Please suggest .

Regards,
Rahul

Hi,

I am using WebSphere 5 .1.0, Oracle 9i database and ojdbc14-10.2.0.2.0.jar as driver. The connection is established using JNDI datasource.

I am getting the connection as
Connection conn = DataSourceUtils.getConnection(dataSource);

Note:- DataSourceUtils is an abstract class of Springframework

And then calling
ArrayDescriptor stringArrDescr = (ArrayDescriptor)ArrayDescriptor.createDescriptor("DBO.STR_ARRAY", conn);

Note:- ArrayDescriptor is a class of Oracle.Sql

It is throwing a class cast exception error.

I have verified that there should be only one JAR file for the driver i.e. it should be there on the server and not in the lib of the WAR file.

The connection object is of type WSJdbcConnection. When I searched the net I found that I have to cast the connection type to some native type so I changed my code to


if (conn instanceof WSJdbcConnection) {

Connection pc = (Connection)WSJdbcUtil.getNativeConnection((WSJdbcConnection)conn);
}

Now, after adding this code I am not getting the class cast exception and the functionality is working fine but in the logs of the server I am seeing the exception message as

165cea93 MCWrapper E J2CA0081E: Method cleanup failed while trying to execute method cleanup on ManagedConnection com.ibm.ws.rsadapter.spi.WSRdbManagedConnectionImpl@15c66ac9 from resource jdbc/syfact. Caught exception: com.ibm.ws.exception.WsException: DSRA0080E: An exception was received by the Data Store Adapter. See original exception message: Closed Connection.

After seeing this exception message the I commented the line in which I am closing the connection .i.e. //DBConduit.closeConnection(conn);

But I am still getting the same error.

One more thing, this application runs across different servers i.e. WebLogic, Jboss, Tomcat etc. Is there any generic solution of ClassCastException problem that is valid across all the Application Server?

Please help me to resolve this issue.

The full stack trace of error that I am getting after casting the Connection Object is :


[5/20/08 10:24:11:869 IST] 165cea93 MCWrapper E J2CA0081E: Method cleanup failed while trying to execute method cleanup on ManagedConnection com.ibm.ws.rsadapter.spi.WSRdbManagedConnectionImpl@15c66ac9 from resource jdbc/syfact. Caught exception: com.ibm.ws.exception.WsException: DSRA0080E: An exception was received by the Data Store Adapter. See original exception message: Closed Connection.
at com.ibm.ws.rsadapter.exceptions.DataStoreAdapterException.<init>(DataStoreAdapterException.java:244)
at com.ibm.ws.rsadapter.exceptions.DataStoreAdapterException.<init>(DataStoreAdapterException.java:171)
at com.ibm.ws.rsadapter.exceptions.DataStoreAdapterException.<init>(DataStoreAdapterException.java:124)
at com.ibm.ws.rsadapter.spi.WSRdbManagedConnectionImpl.cleanupStates(WSRdbManagedConnectionImpl.java(Compiled Code))
at com.ibm.ws.rsadapter.spi.WSRdbManagedConnectionImpl.cleanup(WSRdbManagedConnectionImpl.java(Compiled Code))
at com.ibm.ejs.j2c.MCWrapper.cleanup(MCWrapper.java(Compiled Code))
at com.ibm.ejs.j2c.poolmanager.FreePool.returnToFreePool(FreePool.java(Compiled Code))
at com.ibm.ejs.j2c.poolmanager.PoolManager.release(PoolManager.java(Compiled Code))
at com.ibm.ejs.j2c.MCWrapper.releaseToPoolManager(MCWrapper.java(Compiled Code))
at com.ibm.ejs.j2c.LocalTransactionWrapper.afterCompletionCode(LocalTransactionWrapper.java:1077)
at com.ibm.ejs.j2c.LocalTransactionWrapper.afterCompletion(LocalTransactionWrapper.java:1014)
at com.ibm.ws.LocalTransaction.LocalTranCoordImpl.informSynchronizations(LocalTranCoordImpl.java(Compiled Code))
at com.ibm.ws.LocalTransaction.LocalTranCoordImpl.cleanup(LocalTranCoordImpl.java(Compiled Code))
at com.ibm.ws.webcontainer.webapp.WebAppTransactionCollaborator.postInvoke(WebAppTransactionCollaborator.java(Compiled Code))
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java(Compiled Code))
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java(Compiled Code))
at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java(Compiled Code))
at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java(Compiled Code))
at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java(Compiled Code))
at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java(Compiled Code))
at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java(Compiled Code))
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java(Compiled Code))
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java(Compiled Code))
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:439)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: java.sql.SQLException: Closed Connection
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java(Inlined Compiled Code))
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java(Inlined Compiled Code))
at oracle.jdbc.driver.PhysicalConnection.setAutoCommit(PhysicalConnection.java(Compiled Code))
at oracle.jdbc.OracleConnectionWrapper.setAutoCommit(OracleConnectionWrapper.java(Compiled Code))
at com.ibm.websphere.rsadapter.OracleDataStoreHelper.doConnectionCleanup(OracleDataStoreHelper.java(Compiled Code))
... 22 more
---- Begin backtrace for nested exception
java.sql.SQLException: Closed Connection
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java(Inlined Compiled Code))
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java(Inlined Compiled Code))
at oracle.jdbc.driver.PhysicalConnection.setAutoCommit(PhysicalConnection.java(Compiled Code))
at oracle.jdbc.OracleConnectionWrapper.setAutoCommit(OracleConnectionWrapper.java(Compiled Code))
at com.ibm.websphere.rsadapter.OracleDataStoreHelper.doConnectionCleanup(OracleDataStoreHelper.java(Compiled Code))
at com.ibm.ws.rsadapter.spi.WSRdbManagedConnectionImpl.cleanupStates(WSRdbManagedConnectionImpl.java(Compiled Code))
at com.ibm.ws.rsadapter.spi.WSRdbManagedConnectionImpl.cleanup(WSRdbManagedConnectionImpl.java(Compiled Code))
at com.ibm.ejs.j2c.MCWrapper.cleanup(MCWrapper.java(Compiled Code))
at com.ibm.ejs.j2c.poolmanager.FreePool.returnToFreePool(FreePool.java(Compiled Code))
at com.ibm.ejs.j2c.poolmanager.PoolManager.release(PoolManager.java(Compiled Code))
at com.ibm.ejs.j2c.MCWrapper.releaseToPoolManager(MCWrapper.java(Compiled Code))
at com.ibm.ejs.j2c.LocalTransactionWrapper.afterCompletionCode(LocalTransactionWrapper.java:1077)
at com.ibm.ejs.j2c.LocalTransactionWrapper.afterCompletion(LocalTransactionWrapper.java:1014)
at com.ibm.ws.LocalTransaction.LocalTranCoordImpl.informSynchronizations(LocalTranCoordImpl.java(Compiled Code))
at com.ibm.ws.LocalTransaction.LocalTranCoordImpl.cleanup(LocalTranCoordImpl.java(Compiled Code))
at com.ibm.ws.webcontainer.webapp.WebAppTransactionCollaborator.postInvoke(WebAppTransactionCollaborator.java(Compiled Code))
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java(Compiled Code))
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java(Compiled Code))
at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java(Compiled Code))
at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java(Compiled Code))
at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java(Compiled Code))
at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java(Compiled Code))
at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java(Compiled Code))
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java(Compiled Code))
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java(Compiled Code))
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:439)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))