Hi Gernot!
I fear there is nothing we can do against this in OWB. The Javadoc of
System#getProperties says that checkPropertiesAccess is used [1].
> This method is used by the getProperties and
> setProperties methods of class System.
> This method calls checkPermission with the
> PropertyPermission("*", "read,write") permission.
Btw, if you don't plan to execute foreign wars on your box, then enabling the
SecurityManager will just cause unnecessary pain and performance decrease. This
stuff originally got invented solely for sandboxing Java applets in browsers
and later got abused for EE Server security in big data centers to keep
externally built applications under control But i's really not of much use if
you know the software you like to run on your boxes.
LieGrue,
strub
[1]
http://download.oracle.com/javase/1.4.2/docs/api/java/lang/SecurityManager.html#checkPropertiesAccess%28%29
>________________________________
> From: Gernot <[email protected]>
>To: [email protected]
>Sent: Tuesday, November 22, 2011 5:10 PM
>Subject: PropertyPermission - Security Manager
>
>
>I like to run my JSF2/CODI/OWB app in Tomcat 7 with security manager enabled,
>then I get an error (stacktrace see below) that java.util.PropertyPermission *
>read,write is missing. "read" permission is OK, but I'm wondering OWB needs
>WRITE permission?!
>
>Why? What does it write?
>
>In my opinion it seems not to be ok that webapplications require property
>write permissions, because this will have side effects to other applications
>installed in the same tomcat!!
>
>How can I prevent OWB to force property write permissions.
>
>Thx
>gernot
>
>
>org.apache.catalina.core.StandardContext listenerStart
>SEVERE: Error configuring application listener of class
>org.apache.webbeans.servlet.WebBeansConfigurationListener
>java.security.AccessControlException: access denied
>(java.util.PropertyPermission * read,write)
> at
>java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
> at
>java.security.AccessController.checkPermission(AccessController.java:546)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at
>java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
> at java.lang.System.getProperties(System.java:580)
> at
>org.apache.webbeans.config.OpenWebBeansConfiguration$1.run(OpenWebBeansConfiguration.java:235)
> at
>org.apache.webbeans.config.OpenWebBeansConfiguration$1.run(OpenWebBeansConfiguration.java:231)
> at java.security.AccessController.doPrivileged(Native Method)
> at
>org.apache.webbeans.config.OpenWebBeansConfiguration.doPrivilegedGetSystemProperties(OpenWebBeansConfiguration.java:229)
> at
>org.apache.webbeans.config.OpenWebBeansConfiguration.loadFromSystemProperties(OpenWebBeansConfiguration.java:167)
> at
>org.apache.webbeans.config.OpenWebBeansConfiguration.<init>(OpenWebBeansConfiguration.java:156)
> at
>org.apache.webbeans.config.WebBeansContext.<init>(WebBeansContext.java:98)
> at
>org.apache.webbeans.corespi.DefaultSingletonService.get(DefaultSingletonService.java:58)
> at
>org.apache.webbeans.corespi.DefaultSingletonService.get(DefaultSingletonService.java:30)
> at
>org.apache.webbeans.config.WebBeansFinder.getSingletonInstance(WebBeansFinder.java:51)
> at
>org.apache.webbeans.config.WebBeansContext.getInstance(WebBeansContext.java:163)
> at
>org.apache.webbeans.servlet.WebBeansConfigurationListener.<init>(WebBeansConfigurationListener.java:69)
>
>
>
