aspose file tools*
The moose likes Java in General and the fly likes Java 2 Security Problems Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Java 2 Security Problems" Watch "Java 2 Security Problems" New topic
Author

Java 2 Security Problems

L Riley
Greenhorn

Joined: Apr 04, 2006
Posts: 1
I have an XSLT webpage that hits several different systems. I have a was.policy file that grants permissions for Java 2 Security.

I have a few problems:
1. In my was.policy file I have my first permissions granted to 'application.' Then the second grant block is another 'application' block that grants more runtime permissions. If I delete that second block and put stopThread and modifyThreadGroup to the first 'application' block, I get a security issue with one of my servlets, that I do NOT get when i have the two "application" blocks. Shouldn't moving that second block to the first one be the exact same thing?

2. I have granted rights to my saxon8.jar and I'm still getting saxon errors:
Permission:

getClassLoader : access denied (java.lang.RuntimePermission getClassLoader)


Code:

net.sf.saxon.Configuration in {file:/D:/WAS/6.0/common/lib/saxon8.jar}

3. I granted permission to the ibmjsseprovider2.jar, but still getting errors.

Permission:

wasatst3 : access denied (java.net.SocketPermission wasatst3 resolve)


Code:

com.ibm.net.ssl.www2.protocol.http.y in {file:/D:/WAS/6.0/AppServer/java/jre/lib/ext/ibmjsseprovider2.jar}



Here's my was.policy file

grant codeBase "file:${application}" {
permission java.io.FilePermission "${was.install.root}${/}..${/}PC${/}config${/}MCAnalyzerConfig.xml", "read";
permission java.io.FilePermission "${was.install.root}${/}..${/}PC${/}config${/}AutomatedUnderwriting${/}-", "read";
permission java.io.FilePermission "${was.install.root}${/}..${/}PC${/}log${/}AutomatedUnderwriting${/}-", "read, write";
permission java.util.PropertyPermission "javax.xml.transform.TransformerFactory", "read, write";
permission java.lang.RuntimePermission "modifyThread, getClassLoader";
permission java.net.SocketPermission "*", "connect, resolve";
};

grant codeBase "file:${application}" {
permission java.lang.RuntimePermission "stopThread";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
};

grant codeBase "file:ibmjsseprovider2.jar" {
permission java.net.SocketPermission "*", "connect, resolve";
};

grant codeBase "file:FBRACF-new.jar" {
permission java.lang.RuntimePermission "modifyThread";
};

grant codeBase "file:MCAnalyzerWeb.war" {
permission java.lang.RuntimePermission "modifyThread, getClassLoader";
};



grant codeBase "file:${application}" {
permission javax.security.auth.PrivateCredentialPermission "* * "*"", "read";
};

grant codeBase "file:/D:/WAS/6.0/common/lib/saxon8.jar" {
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "stopThread";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "shutdownHooks";

};

Thanks for any help you could give me.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Java 2 Security Problems