1. 首頁
  2. 問答
  3. Java 2安全

Java 2安全

2011-04-14 58 views
0

我們在WebSphere 6.1上啓用了java 2安全性,我們將test.ear和was.policy一起部署,它具有以下代碼。Java 2安全

grant codeBase "file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar" { 
    permission java.security.AllPermission; 
    permission java.io.FilePermission "/opt/TEST/SYSTEM/config.client.xml", "read, write, execute"; 
};

然後我們重新啓動了Deployment Manager,node agent和nodemangaer。

但是我們仍然在IBM日誌中發現以下錯誤。

0000002b SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please re 
fer to InfoCenter for further information.

權限:

/opt/TEST/SYSTEM/config.client.xml : access denied (java.io.FilePermission /opt/TEST/SYSTEM//config.client.xml read)

代碼:

com.test.system.server.common.base.ControllerBase in {file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar}

堆棧跟蹤:

java.security.AccessControlException: access denied (java.io.FilePermission /opt/TEST/SYSTEM/config.client.xml read) 
     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) 
     at java.security.AccessController.checkPermission(AccessController.java:427) 
     at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) 
     at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:213) 
     at java.lang.SecurityManager.checkRead(SecurityManager.java:871) 
     at java.io.File.exists(File.java:700) 
     at com.test.system.server.common.base.ControllerBase.fileNotExists(ControllerBase.java:286) 
     at com.test.system.server.common.base.ControllerBase.readConfigFromSystemProperty(ControllerBase.java:267) 
     at com.test.system.server.common.base.ControllerBase.createConfigStream(ControllerBase.java:227) 
     at com.test.system.server.common.base.ControllerBase.readConfigFile(ControllerBase.java:556) 
     at com.test.system.server.common.base.ControllerBase.init(ControllerBase.java:374) 
     at com.test.system.client.servlet.FrontController.init(FrontController.java:96) 
     at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:227) 
     at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.init(ServletWrapper.java:340) 
     at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:435) 
     at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:524) 
     at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3548) 
     at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:269) 
     at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:818) 
     at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478) 
     at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:125) 
     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458) 
     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387) 
     at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:267) 
     at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214) 
     at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113) 
     at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) 
     at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) 
     at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) 
     at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136) 
     at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:196) 
     at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:751) 
     at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:881) 
     at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)

請幫助我們糾正問題。

由於事先

來源

2011-04-14 user6802388

回答

0

試試下面的(除非你正在部署展開的EAR文件)

關鍵位是「罐子」在代碼庫位置的前面, 「.ear」之後的感嘆號(「!」)

我已經取出了明確的FilePermission - 如果您授予AllPermission,則不需要同時授予顯式FilePermissions。 (但是,如果您正在授予AllPermission,那麼爲什麼您首先想要切換Java 2安全性?)

來源

2011-04-14 14:47:39 DaveH

+0

WAS總是以爆炸的EAR文件運行。使用jar:語法不起作用。 – 2011-04-15 22:07:18

0

在was.policy中使用相對路徑。下面的代碼片段對我的作品:

grant codeBase "file:test.war" { 
    permission java.security.AllPermission; 
};

請參閱信息中心主題Configuring the was.policy file for Java 2 security以獲取更多信息。

注意:我同意DaveHowes使Java 2安全,但授予AllPermission毫無價值。

來源

2011-04-15 22:10:57

相關問題

 相關問題