I have a problem, and I don't understand whether it is a jdk bug or some
kind of strange configuration problem. My problem is: it seems that every
time I install an RMISecurityManager in a servlet and from a "root" account,
the system ignores the policies I specified in my .policy files (both the
system file and the ".java.properties" user one, located in my system root
directory) and acts as if there where no policy file at all, assuming the
default restrictive permissions.
E.g.: if I ask for the properties my code has when a SecurityManager is not
installed, I receive the list of the standard permissions, plus the
"java.security.AllPermission" that I specified for the code. Nevertheless,
if the following code installs a SecurityManager, every further operation is
subjected to the standard policy (and consequently, a System.getProperty(
"user.home" ); causes an AccessControlException). This is strange, because
the same code works not only in a normal (non-servlet) application, executed
in the root account, but also, with the same class, when executed in my
normal (non-root) account.
The problem arises if I try to execute the servlet both in apache with the
Jrun jse installed and with the jsdk 2.1 web server. The code originating
the problem, for instance, is:
import java.io.*;
import java.util.*;
import java.rmi.*;
import java.net.*;
import java.security.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class ProvaServlet extends HttpServlet {
private String mgrName = null;
public void init( ServletConfig config ) throws ServletException {
super.init( config );
SecurityManager mgr = System.getSecurityManager();
if ( mgr == null ) {
mgrName = "Set by me";
mgr = new SecurityManager();
// Uncommenting the following line in a root account causes an
AccessControlException for every sensible operation
// Even if both policy files specify grant { permission
java.security.AllPermission; };
System.setSecurityManager( mgr );
}
else {
mgrName = mgr.getClass().getName();
}
}
protected void doGet( HttpServletRequest req, HttpServletResponse res )
throws ServletException, IOException {
res.setContentType( "text/html" );
PrintWriter output = res.getWriter();
String page = "<html><head><title>Test
servlet.</title></head><body>Here is a test servlet " +
"<br>user.home: " + System.getProperty( "user.home" )
+
"<br>java.home: " + System.getProperty( "java.home" )
+
"<br>java.version: " + System.getProperty(
"java.version" ) +
"<br>java.specification.version: " +
System.getProperty( "java.specification.version" ) +
"<br>java.vm.specification.version: "+
System.getProperty( "java.vm.specification.version" ) +
"<br>java.vm.version: "+ System.getProperty(
"java.vm.version" ) +
"<br>java.vm.vendor: "+ System.getProperty(
"java.vm.vendor" ) +
"<br>java.vm.name: "+ System.getProperty(
"java.vm.name" ) +
"<br>SecurityManager: " + mgrName;
PermissionCollection perms = Policy.getPolicy().getPermissions(
new CodeSource( new URL(
"file:/home/sesrv/se/master11/baroncel/Documenti/ProgettoLabyrinth/Codice/-"
), null ) );
page = page.concat( "<br>Permissions value for
file:/home/sesrv/se/master11/baroncel/Documenti/ProgettoLabyrinth/Codice/-:
" +
perms.toString() );
page = page + "</body></html>";
output.println( page );
}
}
anyone having an idea of why this could happen?
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
