I'm trying to get my app to run under the security manager and I'm hitting
some problems.
I have class B, derived from class A, in Jar B in the WEB-INF/lib directory
Class A is in Jar A in the shared/lib directory.
I created an entry in the catalina.policy file:
grant codeBase "file:${catalina.base}/shared/-" {
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.security.AllPermission;
};
When a method defined in Class A uses reflection to get the constructors for
Class B, the following error message happens:
01/20/2006 13:24:36 java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
at java.lang.Class.checkMemberAccess(Class.java:2125)
at java.lang.Class.getDeclaredConstructor(Class.java:1952)
I've done some research and it seems like what I'm trying to do should work
if I specify accessClassInPackage. I've tried explicitly setting the class A
package in the accessClassInPackage statement but I'm not making any
headway.
I would rather not put Jar A in WEB-INF/lib because I have something like
100 contexts that all use that jar and I'm already hitting issues with
PermGenSpace. I also can't put Jar B in shared/lib because of design (or
lack thereof).
Does anyone have any ideas (other than the obvious one of putting Jar A in
WEB-INF/lib)?
George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
