On 8 Mar 2010, at 08:45, Sander W G van der Waal wrote:
Another option is to properly configure the security policy which I triedto do for Wookie. The sequence of permission errors I ran into is:java.security.AccessControlException: access denied (java.util.PropertyPermission user.dir read) java.security.AccessControlException: access denied (java.io.FilePermission C:\java\apache-tomcat-6.0.24\bin \local.widgetserver.properties read) java.security.AccessControlException: access denied (java.net.SocketPermission localhost resolve) java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina) java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers) java.security.AccessControlException: access denied (java.lang.RuntimePermission getProtectionDomain) java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)Most of these are for Hibernate that needs to generate 'enhanced' classesat runtime. The fixes are the following: grant { permission java.util.PropertyPermission "*", "read,write"; }; grant { permission java.io.FilePermission "<<ALL FILES>>", "read, write"; }; grant { permission java.net.SocketPermission "*", "resolve,connect"; }; grant {permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "getProtectionDomain"; }; grant {permission java.lang.reflect.ReflectPermission "suppressAccessChecks";};Note that some of these fixes are still not very strict, which means that if you are really concerned to limit permissions as much as possible, you need to definestricter rules, but it's a start and got my Wookie up-and-running. I hope it's usful.
This information is really useful, Sander - could you add this to one of the wiki pages and link to it from the FAQ?
S
smime.p7s
Description: S/MIME cryptographic signature
