Okay, thanks to all who responded via the mail list and directly to me, I've
got a working client. The client is executed outside of JBoss from a
command prompt, so jboss.home is not available. Here is what I found that
worked:
grant
{
permission java.net.SocketPermission "192.168.1.100:1024-",
"connect,resolve";
permission java.io.FilePermission "\\H:\\JBoss-2.2.1\\tmp\\-", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
So many questions <gr>:
(1) What is the 3rd permission?
(2) I still need help in understanding the 2nd permission. Typically, JBoss
and a client will be on different boxes. How can it make sense for the
client to need permission for a temp directory on a completely different
box? The client is simply reading what comes out of its end of an RMI pipe.
The client shouldn't be reading any JBoss directories.
----- Original Message -----
From: "Vladimir Blagojevic" <[EMAIL PROTECTED]>
To: "JBoss User" <[EMAIL PROTECTED]>
Sent: Monday, April 30, 2001 2:01 PM
Subject: Re: [JBoss-user] java.io.FilePermission on jboss tmp dir?
> Hey,
>
> > permission java.net.SocketPermission "192.168.1.100:*",
> > "connect,resolve";
> >
>
> Consult this: http://www.jboss.org/documentation/HTML/ch10s03.html
> try with "192.168.1.100:1024-", meaning all ports higher than 1024, I
> think you have actual port syntax in javadocs...
>
> > Is there a better way of allocating this permission rather than opening
up
> > all ports? I started with just 1099, but then immediately hit the
> > restriction on the port created for communication.
> >
> > But my current sticking point is the next error I hit:
> >
> > Exception caught: java.security.AccessControlException: access denied
> > (java.io.FilePermission
\H:\JBoss-2.2.1\tmp\deploy\Default\DbTester.jar\-
> > read)
> >
> > I tried to resolve this with the following:
> >
> > permission java.io.FilePermission
> > "\H:\JBoss-2.2.1\tmp\deploy\Default\DbTester.jar\-", "read";
> >
> > but got the same error again. Two questions:
> >
> > (1) Why doesn't the above permission address the error?
> > (2) I don't understand the required permission. Why is it asking for
read
> > permission on a JBoss temp directory for the client? Notice that it has
a
> > drive letter. This will be completely irrelevant when the client is run
from
> > another computer (which I tried - it does indeed still ask for \H:\.) I
> > haven't implemented any method security in the bean or any logon
> > requirements.
> What do you mean client? JVM executing JBoss instance needs to read your
> filesystems? Do you allow it or not, there is no client in this story...
>
> Try using substitutions - ${jboss.home}\tmp for cross platform
> independence. See java.policy and java.security files in your jdk distro.
>
>
> HTH,
> Vlada
> >
> > Everything works if I have the blanket all permissions.
> >
> >
> >
> >
> > _______________________________________________
> > JBoss-user mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/jboss-user
> >
>
>
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
