Home arrow static arrow Java Programming [Archive] - Security AccessControl Exception
Warning: Creating default object from empty value in /www/htdocs/w008deb8/wiki/components/com_staticxt/staticxt.php on line 51
Java Programming [Archive] - Security AccessControl Exception
This topic has 20 replies on 2 pages.    1 | 2 | Next »

Posts:474
Registered: 3/12/04
Security AccessControl Exception  
Jul 19, 2004 11:38 PM



 
Hi,
I am getting an exception Javax.Security.Accesscontrol exception when i write this statement:-

Properties props=System.getProperties()
using JDk1.3 and J2EE 1.3.Error lies in JSP page

 

Posts:408
Registered: 1/22/99
Re: Security AccessControl Exception  
Jul 20, 2004 1:38 AM (reply 1 of 20)



 
Access to system properties is protected when SecurityManager is installed

	if (security != null) {	    security.checkPropertiesAccess();	}


So you have two options add permission to your policy file (read Sun's doc on it) or remove switch installing SecurityManager (-Djava.security.manager=) from command line.
Of cours SecurityManager can be installed with code, in this case you must ues option 1.
 

Posts:474
Registered: 3/12/04
Re: Security AccessControl Exception  
Jul 20, 2004 2:06 AM (reply 2 of 20)



 
Some way to not get this error ?
 

Posts:474
Registered: 3/12/04
Re: Security AccessControl Exception  
Jul 20, 2004 2:10 AM (reply 3 of 20)



 
I already have .java.policy file in /Documentsand Settings/UserName directory with AllPermissions added.
Should i copy it to some other folder other than default ?.Policyttool doesnot prompt me for any
filenotfound etc.
 

Posts:408
Registered: 1/22/99
Re: Security AccessControl Exception  
Jul 20, 2004 2:24 AM (reply 4 of 20)



 
Location of security policy file is specified in java.security file.
This file is by default located in

JAVA_HOME/jre/lib/security

you must find entries like this:

# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy

check if this properties points to your file. Notice, that one in user home starts with .(dot).
for testing purposes try change default one. (url.1)
 

Posts:474
Registered: 3/12/04
Re: Security AccessControl Exception  
Jul 20, 2004 3:16 AM (reply 5 of 20)



 
# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy

# whether or not we expand properties in the policy file
# if this is set to false, properties (${...}) will not be expanded in policy
# files.
policy.expandProperties=true

# whether or not we allow an extra policy to be passed on the command line
# with -Djava.security.policy=somefile. Comment out this line to disable
# this feature.
policy.allowSystemProperty=true

# whether or not we look into the IdentityScope for trusted Identities
# when encountering a 1.1 signed JAR file. If the identity is found


This is a small cutting from the same file.Whtaever is there is by default i didn;t make any change .
Actually this problem doesnot come when i run the code in DOS.But as son as i converted code to jsp
,the problem has begun.

 

Posts:474
Registered: 3/12/04
Re: Security AccessControl Exception  
Jul 20, 2004 3:18 AM (reply 6 of 20)



 
I am trying to send email from jsp
 

Posts:5,904
Registered: 04/03/99
Re: Security AccessControl Exception  
Jul 20, 2004 3:19 AM (reply 7 of 20)



 

Your application server will have its own policy file. Which app server are you running ?

Dave.
 

Posts:474
Registered: 3/12/04
Re: Security AccessControl Exception  
Jul 20, 2004 3:19 AM (reply 8 of 20)



 
J2ee
 

Posts:408
Registered: 1/22/99
Re: Security AccessControl Exception  
Jul 20, 2004 3:23 AM (reply 9 of 20)



 
Exactly, you must check documentation of your servlet container to determine where it stores its security policy.

In case of most popular Tomcat it is TOMCAT_HOME/conf/catalina.policy
 

Posts:474
Registered: 3/12/04
Re: Security AccessControl Exception  
Jul 20, 2004 3:30 AM (reply 10 of 20)



 
I have come to know the location.These are the contents

// Standard extensions get all permissions by default

grant codeBase "file:${java.home}/lib/ext/-" {
permission java.security.AllPermission;
};

grant codeBase "file:${java.home}/../lib/tools.jar" {
permission java.security.AllPermission;
};

grant codeBase "file:${com.sun.enterprise.home}/lib/-" {
permission java.security.AllPermission;
};

grant codeBase "file:${jms.home}/classes/" {
permission java.security.AllPermission;
};

// Drivers and other system classes should be stored in this
// code base.
grant codeBase "file:${com.sun.enterprise.home}/lib/system/-" {
permission java.security.AllPermission;
};

// additional permissions for EJBs
grant codeBase "file:${com.sun.enterprise.home}/ejb_impls/-" {
permission java.lang.RuntimePermission "queuePrintJob";
permission java.io.FilePermission "${com.sun.enterprise.home}${/}repository${/}-", "read";
};

// additional permissions for servlets
grant codeBase "file:${com.sun.enterprise.home}/public_html/-" {
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.io.FilePermission "<<ALL FILES>>", "read,write";
};

// additional permissions for standalone resource adapters
grant codeBase "file:${com.sun.enterprise.home}/connector/adapters/-" {
permission javax.security.auth.PrivateCredentialPermission "* * \"*\"", "read";
permission java.io.FilePermission "${com.sun.enterprise.home}${/}logs${/}-", "read,write";
};

// permissions for other classes
grant codeBase "file:${com.sun.enterprise.home}/repository/-" {
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.io.FilePermission "<<ALL FILES>>", "read,write";
permission javax.security.auth.PrivateCredentialPermission "* * \"*\"", "read";
};

// permissions for default domain
grant {
permission java.net.SocketPermission "*", "connect";
permission java.util.PropertyPermission "*", "read";

// workaround missing doPrivileged blocks in javamail
permission java.io.FilePermission "${com.sun.enterprise.home}${/}lib${/}j2ee.jar", "read";

permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential * \"*\"", "read";
permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.GenericCredential * \"*\"", "read";

};

 

Posts:474
Registered: 3/12/04
Re: Security AccessControl Exception  
Jul 20, 2004 3:30 AM (reply 11 of 20)



 
Also a similar one is there for client
 

Posts:5,904
Registered: 04/03/99
Re: Security AccessControl Exception  
Jul 20, 2004 3:54 AM (reply 12 of 20)



 

What client ? I thought this was a JSP page... ?

Also... "J2EE" isn't an application server; it's a standard. Although I'll admit that Sun don't go out of their way to make that clear. Are you referring to the one you can download from the "J2EE" dowloads link on the right of the java.sun.com home page ? In which case that's officially "Sun Java System Application Server Platform Edition" and in practice it's mostly Tomcat.

When debugging platform-related issues it's worth mentioning that you're running Tomcat.

Dave.
 

Posts:474
Registered: 3/12/04
Re: Security AccessControl Exception  
Jul 20, 2004 4:05 AM (reply 13 of 20)



 
ok.Tell me some way out now.
 

Posts:474
Registered: 3/12/04
Re: Security AccessControl Exception  
Jul 20, 2004 4:05 AM (reply 14 of 20)



 
ok.Tell me some way out now.
 
This topic has 20 replies on 2 pages.    1 | 2 | Next »