1. 首頁
  2. 問答
  3. 在JBoss 6.x上啓用Java安全管理器時無法部署應用程序EAP

在JBoss 6.x上啓用Java安全管理器時無法部署應用程序EAP

2017-07-18 65 views
0

我已經在JBoss 6.x EAP上部署了我的應用程序。啓用安全管理器後,部署失敗,並出現以下異常。在JBoss 6.x上啓用Java安全管理器時無法部署應用程序EAP

Caused by: java.security.AccessControlException: access denied ("org.jboss.vfs.VirtualFilePermission" "/E:/Servers/jboss-eap-6.4.0/jboss-eap-6.4/standalone/deployments/eQubeMI.war/WEB-INF/lib/spring-web-4.1.9.RELEASE.jar/org/springframework/web/context/ContextLoader.properties" "read") 
     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) [rt.jar:1.8.0_101] 
     at java.security.AccessController.checkPermission(AccessController.java:884) [rt.jar:1.8.0_101] 
     at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.8.0_101] 
     at org.jboss.vfs.VirtualFile.openStream(VirtualFile.java:248) [jboss-vfs-3.2.9.Final-redhat-1.jar:3.2.9.Final-redhat-1] 
     at org.jboss.as.server.deployment.module.VFSResourceLoader$VFSEntryResource.openStream(VFSResourceLoader.java:329) 
     at org.jboss.modules.Module.getResourceAsStream(Module.java:637) [jboss-modules.jar:1.3.6.Final-redhat-1] 
     at org.jboss.modules.ModuleClassLoader.findResourceAsStream(ModuleClassLoader.java:587) [jboss-modules.jar:1.3.6.Final-redhat-1] 
     at org.jboss.modules.ConcurrentClassLoader.getResourceAsStream(ConcurrentClassLoader.java:362) [jboss-modules.jar:1.3.6.Final-redhat-1] 
     at java.lang.Class.getResourceAsStream(Class.java:2223) [rt.jar:1.8.0_101] 
     at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:163) [spring-core-4.1.9.RELEASE.jar:4.1.9.RELEASE] 
     at org.springframework.core.io.support.PropertiesLoaderUtils.fillProperties(PropertiesLoaderUtils.java:132) [spring-core-4.1.9.RELEASE.jar:4.1.9.RELEASE] 
     at org.springframework.core.io.support.PropertiesLoaderUtils.loadProperties(PropertiesLoaderUtils.java:121) [spring-core-4.1.9.RELEASE.jar:4.1.9.RELEASE] 
     at org.springframework.web.context.ContextLoader.<clinit>(ContextLoader.java:176) [spring-web-4.1.9.RELEASE.jar:4.1.9.RELEASE]

我已執行了安全指南中提到的步驟: https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Security_Guide/Run_JBoss_Enterprise_Application_Platform_Within_the_Java_Security_Manager.html

我已附加standalone.conf.bat和server.policy文件以供參考。

Standalone.conf.bat

if not "x%JAVA_OPTS%" == "x" (
    echo "JAVA_OPTS already set in environment; overriding default settings with values: %JAVA_OPTS%" 
    goto JAVA_OPTS_SET 
) 


rem # JVM memory allocation pool parameters - modify as appropriate. 
set "JAVA_OPTS=%JAVA_OPTS% -Xms1G -Xmx3G -XX:MaxPermSize=512M" 



rem # Prefer IPv4 
set "JAVA_OPTS=%JAVA_OPTS% -Djava.net.preferIPv4Stack=true" 

rem # Set the jboss.modules.policy-permissions property to true by default. 
set "JAVA_OPTS=%JAVA_OPTS% -Djboss.modules.policy-permissions=true " 

rem # Make Byteman classes visible in all module loaders 
rem # This is necessary to inject Byteman rules into AS7 deployments 
set "JAVA_OPTS=%JAVA_OPTS% -Djboss.modules.system.pkgs=org.jboss.byteman" 

rem # Sample JPDA settings for remote socket debugging 
set "JAVA_OPTS=%JAVA_OPTS% -agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n" 

rem # Sample JPDA settings for shared memory debugging 
rem set "JAVA_OPTS=%JAVA_OPTS% -agentlib:jdwp=transport=dt_shmem,address=jboss,server=y,suspend=n" 

rem # Use JBoss Modules lockless mode 
rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.modules.lockless=true" 

rem # Uncomment this to run with a security manager enabled 
set "SECMGR=true" 
set "JAVA_OPTS=%JAVA_OPTS% -Djboss.home.dir=%JBOSS_HOME% -Djava.security.policy==%JBOSS_HOME%/bin/server.policy -Djava.security.debug=failure" 
echo %JAVA_OPTS% 
:JAVA_OPTS_SET

的server.policy

/* AUTOMATICALLY GENERATED ON Mon Jul 17 18:54:06 IST 2017*/ 
/* DO NOT EDIT */ 

grant codeBase "file:E:/Servers/jboss-eap-6.4.0/jboss-eap-6.4/standalone/deployments/eQubeMI.war/lib/-" { 
    permission java.security.AllPermission; 
    permission java.io.FilePermission "<<ALL FILES>>", "read"; 
    permission java.io.FilePermission "<<ALL FILES>>", "write"; 
    permission org.jboss.vfs.VirtualFilePermission "*", "read"; 
    permission org.jboss.vfs.VirtualFilePermission "*", "write"; 
}; 

grant codeBase "file:E:/Servers/jboss-eap-6.4.0/jboss-eap-6.4/standalone/deployments/eQubeMI.war/-" { 
    permission java.security.AllPermission; 
    permission java.io.FilePermission "<<ALL FILES>>", "read"; 
    permission java.io.FilePermission "<<ALL FILES>>", "write"; 
    permission org.jboss.vfs.VirtualFilePermission "*", "read"; 
    permission org.jboss.vfs.VirtualFilePermission "*", "write"; 
};

請讓我知道如果我錯過了任何步驟或者是服務器的問題。

在此先感謝..

來源

2017-07-18 Aditya Neurgaonkar

回答

0

您需要授予代碼庫比兩個在你的server.policy等,用「爲-Djava.security.debug =訪問,失敗,政策」找什麼其他codeBases,在日誌文件中搜索「Active CodeSource」。看例如https://developer.jboss.org/wiki/JBossAS7SecurityRunningUnderAJavaSecurityManager

來源

2017-08-11 04:14:42

+0

感謝您的回覆。在檢查日誌後,我發現了一個奇怪的行爲。 「訪問被授予某個文件,並再次拒絕相同的文件。」你在JBoss上遇到過這種行爲嗎? –

+0

是的,可能是由不同代碼庫中的代碼訪問同一文件引起的。如果您有「-Djava.security.debug =訪問,失敗,策略」,請檢查日誌文件。 –

相關問題

 相關問題