Hi rupert, The default permission are set in the default system graph provided by clerezza's platform.config. As there's just na RDF file there we couldn't make the permssion depend on the value of a system property. I think the easiesiest would be to add that permission ist stanbol's security.core. Question is how to add this in a way, so that if it gets manually removed it's not re-added when the system is started next.
Cheers, Reto On Wed, Jan 9, 2013 at 10:53 PM, Rupert Westenthaler < [email protected]> wrote: > Hi Reto, > > actually I was looking into that earlier today, but I was not able to > find something specific. The only thing I was able to come up was to > get the directory of the temp directory from the System properties and > than set a normal FilePermission. Because of that I adapted the > TikaEngine to call the parser within an > "AccessController.doPrivileged(..)" block (see [1]). This solves > STANBOL-865 but I think it would be still a good idea to enable > temporary file creation for the default user. > > BTW: > > * I would be interested to know where to set such permissions. I was > looking at the Launchpad, where the SecurityManager is set, but after > looking at the code I came to the conclusion that this is the wrong > place to look. > > * On Monday I had a look at the logs of the dev.iks-project.eu:8081 > server and I found a lot of SecurityExceptions. It looked like as if > all EnhancementEngines that connect to remote services (such as > dbpedia spotlight, celi, geonames, zemanta, open calais) do not work. > Integration-Tests are not affected by this as they run in offline mode > and therefore do not include tests for Engines that connect to remote > services. If I find some time I will try to test all those engines and > create the according JIRA issues. > > best > Rupert > > [1] http://svn.apache.org/viewvc?rev=1430813&view=rev > > On Wed, Jan 9, 2013 at 10:41 PM, Reto Bachmann-Gmür <[email protected]> > wrote: > > Hi Rupert > > > > Do you know what permission would have to be added? A specific permission > > allowing to write temporary files and to read only those wouldn't be a > > security risk (DOS can be implemented more efficiently by other means). > > > > Cheers, > > Reto > > On Jan 4, 2013 12:00 PM, "Rupert Westenthaler" < > > [email protected]> wrote: > > > >> Hi Reto, all > >> > >> WDYT about adding the permission to the anonymous user to create > >> temporary files. This would solve STANBOL-865 [1] and resolve the > >> security related issue the TikaEngine is encounting from time to time > >> (e.g. in the Jenkins build #1200). > >> > >> best > >> Rupert > >> > >> > >> [1] https://issues.apache.org/jira/browse/STANBOL-865 > >> > >> -- > >> | Rupert Westenthaler [email protected] > >> | Bodenlehenstraße 11 ++43-699-11108907 > >> | A-5500 Bischofshofen > >> > > > > -- > | Rupert Westenthaler [email protected] > | Bodenlehenstraße 11 ++43-699-11108907 > | A-5500 Bischofshofen >
