scriptServices" read)

Ramesh Vishwanatham Wed, 19 Nov 2008 06:54:57 -0800

Hi Amila
Thanks for your reply, we are not interested in deploying services from 
script files and I am going to remove "axis2-scripting-1.3.mar" until I 
found a solution to fix policy problems.


I suggest to document what are the permissions axis2.war would require 
running under security manager. Below are the Runtime permission I have to 
provide in order to deploy axis2.war successfully under WAS 6.0 with 
security enabled:

grant codeBase "file:${webComponent}" {
        permission java.lang.RuntimePermission "setContextClassLoader";
        permission java.lang.RuntimePermission "createClassLoader";
        permission java.lang.RuntimePermission "getProtectionDomain";
        permission java.lang.RuntimePermission "getClassLoader";
        permission java.lang.RuntimePermission "modifyThreadGroup";
        permission java.lang.RuntimePermission "modifyThread";
        permission java.lang.RuntimePermission "shutdownHooks";
        permission java.lang.RuntimePermission "accessDeclaredMembers";
        permission java.lang.RuntimePermission "loadLibrary.*";
};


I will provide list of file io permissions once I clenup my policy file.


Thanks & Regards

Ramesh




"Amila Suriarachchi" <[EMAIL PROTECTED]> 
11/18/2008 10:36 PM
Please respond to
[email protected]


To
[email protected]
cc

Subject
Re: java.security.AccessControlException: access denied 
(java.io.FilePermission "..../WEB-INF/scriptServices" read)








On Tue, Nov 18, 2008 at 10:51 PM, Ramesh Vishwanatham <
[EMAIL PROTECTED]> wrote:

Hi Amila 

Thanks a lot, by adding loadLibrary permission and others I am able to 
make AxisServlet initialization successful with my services loaded. 
I had one problem which I could not find a solution, below is the error 
trace: 

SECJ0314W: Current Java 2 Security policy reported a potential violation 
of Java 2 Security 
        Permission. Please refer to Problem Determination Guide for 
further information. 

Permission: 

      "..../xyz.ear/xyz.war/WEB-INF/scriptServices : access denied 
(java.io.FilePermission 
        "..../xyz.ear/xyz.war/WEB-INF/scriptServices" read)
 
This seems to be a conflict in your polices in policy file. A careful look 
may reveal the problem. 



Code: 

     org.apache.axis2.scripting.ScriptRepositoryListener  in  {file: 
 
"..../temp/HOSTNAME_Node01/APPNAME/xyz/xyz.war/axis251939axis2-scripting-1.3.mar"}
 




Stack Trace: 

java.security.AccessControlException: access denied 
(java.io.FilePermission 
        "..../xyz.ear/xyz.war/WEB-INF/scriptServices read) 


In order to over come this problem I have removed axis2-scripting-1.3.mar 
from modules folder. What does this module do and impact of it not being 
there. 

This seems to be something to deploy script files as services. Which IMHO 
should have written as a custom deployer. So there won't be any problem 
unless you want to deploy scripts.

Please start a new thread for this question :)

thanks,
Amila.


Regards, 
Ramesh 




"Amila Suriarachchi" <[EMAIL PROTECTED]> 
11/15/2008 09:22 AM


Please respond to
[email protected]


To
[email protected] 
cc

Subject
Re: java.security.AccessControlException: access denied 
(java.io.FilePermission "..../WEB-INF/scriptServices" read)








hi,

ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());

this line has something like above. you may need to give native method 
access permission.

thanks,
Amila.

On Fri, Nov 14, 2008 at 9:41 PM, Ramesh Vishwanatham <
[EMAIL PROTECTED]> wrote: 

Hi Amila 
After fixing all the policy related exceptions, now I am getting below 
exception any idea what could be the reason. 


ServletWrappe E   SRVE0100E: Did not realize  init() exception thrown by 
servlet AxisServlet: java.lang.ExceptionInInitializerError 
       at org.apache.axis2.util.XMLUtils.toOM(XMLUtils.java:564) 
       at 
org.apache.axis2.deployment.DescriptionBuilder.buildOM(DescriptionBuilder.java:96)
 

       at 
org.apache.axis2.deployment.AxisConfigBuilder.populateConfig(AxisConfigBuilder.java:79)
 

       at 
org.apache.axis2.deployment.DeploymentEngine.populateAxisConfiguration(DeploymentEngine.java:615)
 

       at 
org.apache.axis2.deployment.WarBasedAxisConfigurator.<init>(WarBasedAxisConfigurator.java:146)
 

       at 
org.apache.axis2.transport.http.AxisServlet.initConfigContext(AxisServlet.java:500)
 

       at 
org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:420) 

Thanks 
Ramesh 


"Amila Suriarachchi" <[EMAIL PROTECTED]> 
11/14/2008 12:48 AM 



Please respond to
[email protected]


To
[email protected] 
cc

Subject
Re: java.security.AccessControlException: access denied 
(java.io.FilePermission "..../WEB-INF/scriptServices" read)










Try to give filePermission to all the file and see first. Then try to
narrow down to the level you want.

thanks,
Amila.

On 11/13/08, Ramesh Vishwanatham <[EMAIL PROTECTED]> wrote:
> Hi Amila
> Thanks for replying my question, I have added following in policy file:
>
> grant codeBase "file:..../xyz/xyz.war/-" {
>         permission java.io.FilePermission
> "..../xyz.ear/xyz.war/WEB-INF/scriptServices", "read";
> };
>
>
> and still getting below error:
>
>
> SecurityManag W   SECJ0314W: Current Java 2 Security policy reported a
> potential violation
>         of Java 2 Security Permission. Please refer to Problem
> Determination Guide for further
>         information.
>
> Permission:
>         "...../xyz.ear/xyz.war/WEB-INF/scriptServices : access denied
>                 (java.io.FilePermission
> ...../xyz.ear/xyz.war/WEB-INF/scriptServices read)
>
>
> Code:
>         org.apache.axis2.scripting.ScriptRepositoryListener  in
> {file:..../xyz/xyz.war/axis247136axis2-scripting-1.3.mar}
>
>
>
>
> Stack Trace:
>
>         java.security.AccessControlException: access denied
>                 (java.io.FilePermission
> ...../xyz.ear/xyz.war/WEB-INF/scriptServices read)
>         at
> 
java.security.AccessControlContext.checkPermission(AccessControlContext.java(Compiled
> Code))
>
>
> please let me know what coule be the problem.
>
> Regards,
> Ramesh
>
>
>
>
>
> "Amila Suriarachchi" <[EMAIL PROTECTED]>
> 11/13/2008 05:28 AM
> Please respond to
> [email protected]
>
>
> To
> [email protected]
> cc
>
> Subject
> Re: java.security.AccessControlException: access denied
> (java.io.FilePermission "..../WEB-INF/scriptServices" read)
>
>
>
>
>
>
>
>
> On Wed, Nov 12, 2008 at 3:24 AM, Ramesh Vishwanatham <
> [EMAIL PROTECTED]> wrote:
>
> All
> I have a built simple web service and trying to deploy axis2 1.3 version
> in WAS6.0 environment running Java 1.4.2 under security manager and
> getting following exception:
>
> Stack Trace:
>
> java.security.AccessControlException: access denied
> (java.io.FilePermission "..../WEB-INF/scriptServices" read)
>
>
> Looks like this problem was reported earlier and may be got fixed in 
later
> releases.
>
> Resolved: (AXIS2-3816) AccessControlException when running with
> Java2Security
>
> And also I find out following comments regarding this problem:
> "this problem gets solved when i give the Web Application AllPermissions
> from the policy file but i cant get why this loose permission is 
required
> "
>
> by sandeep khurana on May 20th 2008.
>
> We can not use later version "1.4" or "1.4.1" if this is fixed in one of
> these versions because of jvm version we are using. Please help me by
> pointing what needs to be specified in the policy file to be able to 
solve
> with axis2 1.3 version.
>
> At the deployment time Axis2 reads the Axis2.xml and services from the
> filesystem. So it needs to have File System read permission. Try 
granting
> the file read permission in the policy file.
>
>
> thanks,
> Amila.
>
>
>
> Thanks in Advance
>
> Ramesh Vishwanatham
> ________________________________________________________
> DTCC DISCLAIMER: This email and any files transmitted with it are
> confidential and intended solely for the use of the individual or entity
> to whom they are addressed. If you have received this email in error,
> please notify us immediately and delete the email and any attachments 
from
> your system. The recipient should check this email and any attachments 
for
> the presence of viruses. The company accepts no liability for any damage
> caused by any virus transmitted by this email.
>
>
>
> --
> Amila Suriarachchi
> WSO2 Inc.
> blog: http://amilachinthaka.blogspot.com/
>
>
> -----------------------------------------
> ________________________________________________________
> DTCC DISCLAIMER: This email and any files transmitted with it are
> confidential and intended solely for the use of the individual or
> entity to whom they are addressed. If you have received this email
> in error, please notify us immediately and delete the email and any
> attachments from your system. The recipient should check this email
> and any attachments for the presence of viruses.  The company
> accepts no liability for any damage caused by any virus transmitted
> by this email.


-- 
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-- 
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/ 



-- 
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/

Re: java.security.AccessControlException: access denied (java.io.FilePermission "..../WEB-INF/scriptServices" read)

Reply via email to