Hi Supun, I'm sorry I missed this mail. We need to identify which method is accessing the local database. We should never give explicit read permissions for the H2 database.
We need to use Java Privileged Block API in Carbon Context APIs. If you cannot figure out the protection domain for the access failure, please check Java Security Debug logs. See Troubleshooting section in my Java Security Manager related blog post [1]. With Privileged Block API, we can let Carbon Context APIs to use same permissions we give to Carbon code. Thanks! Best Regards, [1] http://isuru-perera.blogspot.com/2014/12/enabling-java-security-manager-for-wso2.html On Thu, Aug 13, 2015 at 3:37 PM, Supun Malinga <sup...@wso2.com> wrote: > Hi, > > For accessing usermgt via CarbonContext had to provide following > permission for webapp. > > permission java.io.FilePermission > "/home/supun/smoke/java_sec/530_custom/wso2as-5.3.0-SNAPSHOT/repository/database/WSO2CARBON_DB.data.db", > "read"; > > I tested with AS 5.2.1 and we don't need this in 5.2.1. > > Can anyone tell why this is needed and if its an issue ?. > > thanks, > -- > Supun Malinga, > > Senior Software Engineer, > WSO2 Inc. > http://wso2.com > email: sup...@wso2.com <sup...@wso2.com> > mobile: +94 (0)71 56 91 321 > -- Isuru Perera Associate Technical Lead | WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware about.me/chrishantha Contact: +IsuruPereraWSO2 <https://www.google.com/+IsuruPereraWSO2/about>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
