Scott, I took example from your policy file, with few differences. I'm trying to rely
on the default security mechanism that the security model follows in order to find the
security policy of an application, that is the intersection between the
${java.home}/jre/lib/security.policy and ${user.home}/.java.policy files. Since I
don't want to change the policy file under ${java.home}, I'm trying to configure the
user's policy file in order to run JBoss. For this reason, I don't specify the
property
-Djava.security.policy==server.policy as suggested (is this a mistake? If so, why?).
The only thing I do, I install the security manager in the run.bat file.
This is the current user's policy file:
| /* AUTOMATICALLY GENERATED ON Mon Jun 07 22:14:27 BST 2004*/
| /* DO NOT EDIT */
|
| keystore ".keystore";
|
| grant codeBase "file:${java.home}/lib/ext/-" {
| permission java.security.AllPermission;
| };
|
| grant codeBase "file:${java.home}/lib/*" {
| permission java.security.AllPermission;
| };
|
| grant codeBase "file:${jboss.home.dir}/-" {
| permission java.io.FilePermission "D:\\OPENSOURCES\\jboss-snapshot\\-", "read,
write, delete, execute";
| permission java.lang.RuntimePermission "*";
| permission javax.security.auth.AuthPermission "createLoginContext.HsqlDbRealm";
| permission java.util.PropertyPermission "axis.EngineConfigFactory", "read,
write";
| permission java.util.PropertyPermission "catalina.*", "read, write";
| permission java.io.FilePermission "D:\\J2SE\\jre\\lib\\castor.properties",
"read";
| permission java.net.SocketPermission "localhost:1024-", "accept, resolve";
| };
|
| grant codeBase "file:${jboss.home.dir}/bin/-" {
| permission java.security.AllPermission;
| };
|
| grant codeBase "file:${jboss.home.dir}/lib/-" {
| permission java.security.AllPermission;
| };
|
| grant codeBase "file:${jboss.server.home.dir}/lib/-" {
| permission java.security.AllPermission;
| };
|
| grant codeBase "file:${jboss.server.home.dir}/deploy/-" {
| permission java.security.AllPermission;
| };
|
| grant {
| permission java.util.PropertyPermission "*", "read";
| permission java.net.SocketPermission "*", "connect";
| permission javax.management.MBeanServerPermission "findMBeanServer";
| };
|
The server executes the most (and at the end it starts). However, I get the following
exception:
| java.lang.SecurityException: Invalid authentication attempt, principal=null
| at
org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:647)
| at
org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:476)
| at
org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:814)
| at
org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:102)
| at
org.jboss.mq.pm.jdbc2.PersistenceManager.getConnection(PersistenceManager.java:1266)
| at
org.jboss.mq.pm.jdbc2.PersistenceManager.resolveAllUncommitedTXs(PersistenceManager.java:216)
| at
org.jboss.mq.pm.jdbc2.PersistenceManager.startService(PersistenceManager.java:1356)
| at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:192)
| at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
| at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:324)
| at
org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
| at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
| at
org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:976)
| at $Proxy14.start(Unknown Source)
| at org.jboss.system.ServiceController.start(ServiceController.java:394)
| at org.jboss.system.ServiceController.start(ServiceController.java:411)
| ..
| ..
|
|
| How could I bypass this problem? It seems that somehow I should grant a permission
for principal = null.
|
|
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3837862#3837862
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3837862
---
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user