The following is a repost of a message I sent out about a week ago that
received no responses. We are getting close to release, so this issue is
important to us. Is everyone just taking the easy way out and using grant {
permission java.security.AllPermission;};? Has no one actually figured out
the permissions that are required?
I'm developing on Windows 2000 with JBoss 2.2.1.
As we are getting closer to shipping, I turned on security (more accurately,
I turned off my easy way out of simply granting all permissions to the
world.) Using just a command-line client (i.e., no Tomcat), I first
received a java.net.SocketPermission which I resolved with the following:
permission java.net.SocketPermission "192.168.1.100:*",
"connect,resolve";
Is there a better way of allocating this permission rather than opening up
all ports? I started with just 1099, but then immediately hit the
restriction on the port created for communication.
But my current sticking point is the next error I hit:
Exception caught: java.security.AccessControlException: access denied
(java.io.FilePermission \H:\JBoss-2.2.1\tmp\deploy\Default\DbTester.jar\-
read)
I tried to resolve this with the following:
permission java.io.FilePermission
"\H:\JBoss-2.2.1\tmp\deploy\Default\DbTester.jar\-", "read";
but got the same error again. Two questions:
(1) Why doesn't the above permission address the error?
(2) I don't understand the required permission. Why is it asking for read
permission on a JBoss temp directory for the client? Notice that it has a
drive letter. This will be completely irrelevant when the client is run from
another computer (which I tried - it does indeed still ask for \H:\.) I
haven't implemented any method security in the bean or any logon
requirements.
Everything works if I have the blanket all permissions.
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
