1. 首页
  2. 问答
  3. Java 2安全

Java 2安全

2011-04-14 68 views
0

我们在WebSphere 6.1上启用了java 2安全性,我们将test.ear和was.policy一起部署,它具有以下代码。Java 2安全

grant codeBase "file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar" { 
    permission java.security.AllPermission; 
    permission java.io.FilePermission "/opt/TEST/SYSTEM/config.client.xml", "read, write, execute"; 
};

然后我们重新启动了Deployment Manager,node agent和nodemangaer。

但是我们仍然在IBM日志中发现以下错误。

0000002b SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please re 
fer to InfoCenter for further information.

权限:

/opt/TEST/SYSTEM/config.client.xml : access denied (java.io.FilePermission /opt/TEST/SYSTEM//config.client.xml read)

代码:

com.test.system.server.common.base.ControllerBase in {file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar}

堆栈跟踪:

java.security.AccessControlException: access denied (java.io.FilePermission /opt/TEST/SYSTEM/config.client.xml read) 
     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) 
     at java.security.AccessController.checkPermission(AccessController.java:427) 
     at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) 
     at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:213) 
     at java.lang.SecurityManager.checkRead(SecurityManager.java:871) 
     at java.io.File.exists(File.java:700) 
     at com.test.system.server.common.base.ControllerBase.fileNotExists(ControllerBase.java:286) 
     at com.test.system.server.common.base.ControllerBase.readConfigFromSystemProperty(ControllerBase.java:267) 
     at com.test.system.server.common.base.ControllerBase.createConfigStream(ControllerBase.java:227) 
     at com.test.system.server.common.base.ControllerBase.readConfigFile(ControllerBase.java:556) 
     at com.test.system.server.common.base.ControllerBase.init(ControllerBase.java:374) 
     at com.test.system.client.servlet.FrontController.init(FrontController.java:96) 
     at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:227) 
     at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.init(ServletWrapper.java:340) 
     at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:435) 
     at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:524) 
     at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3548) 
     at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:269) 
     at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:818) 
     at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478) 
     at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:125) 
     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458) 
     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387) 
     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:267) 
     at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214) 
     at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113) 
     at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) 
     at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) 
     at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) 
     at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136) 
     at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:196) 
     at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:751) 
     at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:881) 
     at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)

请帮助我们纠正问题。

由于事先

来源

2011-04-14 user6802388

回答

0

试试下面的(除非你正在部署展开的EAR文件)

关键位是“罐子”在代码库位置的前面, “.ear”之后的感叹号(“!”)

我已经取出了明确的FilePermission - 如果您授予AllPermission,则不需要同时授予显式FilePermissions。 (但是,如果您正在授予AllPermission,那么为什么您首先想要切换Java 2安全性?)

来源

2011-04-14 14:47:39 DaveH

+0

WAS总是以爆炸的EAR文件运行。使用jar:语法不起作用。 – 2011-04-15 22:07:18

0

在was.policy中使用相对路径。下面的代码片段对我的作品:

grant codeBase "file:test.war" { 
    permission java.security.AllPermission; 
};

请参阅信息中心主题Configuring the was.policy file for Java 2 security以获取更多信息。

注意:我同意DaveHowes使Java 2安全,但授予AllPermission毫无价值。

来源

2011-04-15 22:10:57

相关问题

 相关问题