Hello,
thanks for the tip, to tell the Classes to use the right policy reader
is usefull. However, I now get a ugly NullPointerException in policy
reading, it seems that the given reader has problem reading the name
of the ProtectionDomain:
java.lang.ExceptionInInitializerError
at
gnu.java.security.x509.X509Certificate.toString(X509Certificate.java:455)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at java.security.CodeSource.toString(CodeSource.java:269)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at java.security.ProtectionDomain.toString(ProtectionDomain.java:212)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:157)
at java.security.AccessController.checkPermission(AccessController.java:76)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:356)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:820)
at java.lang.System.getProperty(System.java:397)
at org.apache.felix.main.Main.<clinit>(Main.java:66)
Caused by: java.lang.NullPointerException
at java.io.PrintWriter.println(PrintWriter.java:395)
at java.io.PrintWriter.println(PrintWriter.java:523)
at
gnu.java.security.x509.X509Certificate.toString(X509Certificate.java:456)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at java.security.CodeSource.toString(CodeSource.java:269)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at java.security.ProtectionDomain.toString(ProtectionDomain.java:212)
at java.lang.StringBuffer.append(StringBuffer.java:348)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:157)
at java.security.AccessController.checkPermission(AccessController.java:76)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:356)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:820)
at java.lang.System.getProperty(System.java:418)
at java.io.PrintWriter.<clinit>(PrintWriter.java:381)
at
gnu.java.security.x509.X509Certificate.toString(X509Certificate.java:455)
Quoting Casey Marshall <[EMAIL PROTECTED]>:
On May 24, 2007, at 1:58 PM, Pierre Parrend wrote:
Hello,
for instance, I have the following command:
jamvm -Djava.security.manager -Djava.security.policy=conf/java.policy -cp
bin/felix.jar: org.apache.felix.main.Main
(jamvm uses the Gnu classpath, with default configuration)
with following conf/java.policy file:
grant codeBase "/code/osgi-projects/sfelix/sfelix0.2.2/main/-" {
permission java.io.FilePermission
"/home/pierre/.felix/testSF", "read";
permission java.lang.RuntimePermission "exitVM";
};
which gives me following error:
Error creating bundle cache:
permission (java.io.FilePermission /home/pierre/.felix/testSF read)
not granted:
no protection domains
Could not create framework: java.security.AccessControlException: permission
(java.lang.RuntimePermission exitVM ) not granted: no protection domains
java.security.AccessControlException: permission
(java.lang.RuntimePermission
exitVM ) not granted: no protection domains
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:149)
at
java.security.AccessController.checkPermission(AccessController.java:76)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:356)
at java.lang.SecurityManager.checkExit(SecurityManager.java:475)
at java.lang.Runtime.exit(Runtime.java:171)
at java.lang.System.exit(System.java:506)
at
org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:843)
at java.security.AccessController.doPrivileged(AccessController.java:195)
at
org.apache.felix.framework.util.SecureAction.exit(SecureAction.java:624)
at org.apache.felix.framework.Felix.start(Felix.java:276)
at org.apache.felix.main.Main.main(Main.java:208)
(executed platform is the Felix OSGi implementation, which work
well without the
security set)
One problem here is that Classpath still unfortunately uses a bogus
DefaultPolicy class for its policy, not the one that reads policy
files. You can force using the policy file reader by adding the option:
-Dpolicy.provider=gnu.java.security.PolicyFile
...I don't know why the default policy would reject the permission
checks, though, since (AFAIK) the default policy grants AllPermission.
