0
我有一個非常複雜的應用程序(假設企業應用程序)部署在包含多個依賴關係的Websphere 7(帶有父類最後一個類加載器策略)中。我正在部署的.ear包含4個.war文件。其中之一是axis2.war。Java 2在Websphere 7中使用Axis2 1.4的安全性
一切正常,直到我打開管理安全性和Java 2安全性。 調試完所有AccessControlExceptions並將必要的權限添加到.. \ profiles \ was70profile1 \ config \ cells \ AMSCNT0009Node01Cell \ applications \ app.ear \ deployments \ app \ META-INF \ was.policy和.. \ profiles \ was70profile1 \ installedApps \ AMSCNT0009Node01Cell \ app.ear \ META-INF \ was.policy我最終得到了一個似乎無法以任何方式消失的AccessControlException(java.io.FilePermission C:\ Program Files \ IBM \ SDP \ runtimes \ base_v7 \ profiles \ was70profile1 \ installedApps \ AMSCNT0009Node01Cell \ app.ear \ appAxis2-3.5.2.war \ WEB-INF \ scriptServices read)。
我的was.policy文件:
/* AUTOMATICALLY GENERATED ON Mon Mar 05 13:40:14 CET 2012*/
/* DO NOT EDIT */
grant codeBase "file:${application}" {
permission java.util.PropertyPermission "*", "read, write";
permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory", "read, write";
permission java.util.PropertyPermission "Axis2.prohibitDebugLogging" , "read,write";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.lang.RuntimePermission "checkPropertiesAccess";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "shutdownHooks";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.security.SecurityPermission "getPolicy";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission com.ibm.oti.shared.SharedClassPermission "java.net.URLClassLoader", "read, write";
permission com.ibm.oti.shared.SharedClassPermission "org.apache.axis2.deployment.DeploymentClassLoader", "read, write";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\attachments", "read, write";
permission java.io.FilePermission "alerts.log", "read, write";
permission java.io.FilePermission "jmxPerformance.log", "read, write";
permission java.io.FilePermission "AppLog.txt", "read, write";
permission java.io.FilePermission "hibernateStatsLogger.log", "read, write";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\plugins\\-", "read";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\plugins", "read";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\lib\\-", "read";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\deploytool\\-", "read";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\java\\-", "read";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\java\\jre\\lib\\-", "read";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\properties\\-", "read, write";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\properties\\*", "read, write";
permission java.io.FilePermission "${app.installed.path}", "read, write";
permission java.io.FilePermission "${app.installed.path}\\*", "read, write";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\logs\\_axis2", "read, write, delete";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\logs\\_axis2\\*", "read, write, delete";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\logs\\_axis2\\-", "read, write, delete";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\temp\\AMSCNT0009Node01\\server1\\app", "read, write, delete";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\temp\\AMSCNT0009Node01\\server1\\app\\*", "read, write, delete";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\temp\\AMSCNT0009Node01\\server1\\app\\-", "read, write, delete";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\classes\\-", "read";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\conf\\-", "read";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\java\\-", "read";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\java\\*", "read";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\java\\conf\\-", "read";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF", "read";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\-", "read";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\scriptServices", "read, write";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\scriptServices\\*", "read, write";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\modules\\*", "read, write";
permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\services\\*", "read, write";
permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\scriptServices", "read, write";
permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\scriptServices\\*", "read, write";
permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\modules\\-", "read, write";
permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\services\\-", "read, write";
permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\-", "read";
permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF", "read";
permission java.io.FilePermission "${app.installed.path}\\appEFDSimulator-3.5.2.war\\WEB-INF\\*", "read, write";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1", "read, write";
permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\properties", "read, write";
};
跟蹤:
[3/8/12 16:41:24:320 CET] 00000018 SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Refer to the InfoCenter for further information.
Permission:
C:\Program Files\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices : Access denied (java.io.FilePermission C:\Program Files\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices read)
Code:
org.apache.axis2.scripting.ScriptRepositoryListener$1 in {file:/C:/Program Files/IBM/SDP/runtimes/base_v7/profiles/was70profile1/temp/AMSCNT0009Node01/server1/app/appAxis2-3.5.2.war/_axis2/axis23638axis2-scripting-1.4.mar}
Stack Trace:
java.security.AccessControlException: Access denied (java.io.FilePermission C:\Program Files\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices read)
at java.lang.Throwable.<init>(Throwable.java:67)
at java.security.AccessControlException.<init>(Unknown Source)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:210)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.list(File.java:982)
at java.io.File.listFiles(File.java:1062)
at org.apache.axis2.scripting.ScriptRepositoryListener$1.run(ScriptRepositoryListener.java:47)
at java.security.AccessController.doPrivileged(AccessController.java:202)
at org.apache.axis2.java.security.AccessController.doPrivileged(AccessController.java:78)
at org.apache.axis2.scripting.ScriptRepositoryListener.findServicesInDirectory(ScriptRepositoryListener.java:45)
at org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:225)
at org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngine.java:131)
我已經試圖改變Axis2的1.4源代碼也更換Axis2的-kernel.jar和Axis2,scripting- 1.4.mar與下面的修復自定義的:
https://issues.apache.org/jira/browse/AXIS2-3816
我也嘗試通過選擇與WEB-INF \ scriptServices不同的文件夾來更改axis2源代碼,但AccessControlException仍然存在,現在位於新文件夾中。
如果任何人有關於如何解決這個問題的提示,將非常感激。 在此先感謝!