aspose file tools*
The moose likes Websphere and the fly likes java.security.AccessControlException: Access denied issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "java.security.AccessControlException: Access denied issue" Watch "java.security.AccessControlException: Access denied issue" New topic
Author

java.security.AccessControlException: Access denied issue

Rajesh Gudikoti
Greenhorn

Joined: Sep 01, 2009
Posts: 7
when accessing one of the functionality in application we get the following error:
java.security.AccessControlException: Access denied (java.io.FilePermission /Method_Import_Yearly_0.xls write)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:548)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:978)
at java.io.File.createNewFile(File.java:875)

Below is the was.policy file contents


/*******************************************************************************/
/* */
/* Sample WAS 6.1 was.policy */
/* */
/* The contents of this file may be placed in the was.policy file located in */
/* the /<EarProjectName>/META-INF folder of your application */
/*******************************************************************************/

/* Sample was.policy */
/* Note: Add any additional lines required by your application based on */
/* "access denied" errors when doing Java2 security testing in DEV with */
/* set ENABLE_SECURITY_DEBUGGING "TRUE" flag in your application.jacl */

grant codeBase "file:${application}" {
/*** DO NOT MODIFY ***/
permission java.io.FilePermission "${FJFCONFIG_ROOT}/-", "read";
permission java.io.FilePermission "${APPLICATION_INSTALL_BASE}/-", "read, write, delete";
permission java.io.FilePermission "${WAS_HOME}/-", "read";
permission java.io.FilePermission "${WAS_USER_HOME}/-", "read";
permission java.io.FilePermission "${WEBSPHERERESOURCES_ROOT}/-", "read";
permission java.io.FilePermission "${WAS_HOME}/profiles/node/temp/-", "read,write,delete";
permission java.io.FilePermission "${MERCURY_HOME}/-", "read, write, delete";
/*********************/

/*** WELL-KNOWN ENTRIES ***/
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.infos";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.net.SocketPermission "*", "accept, resolve, connect";
permission java.util.PropertyPermission "*", "read, write";
permission java.security.SecurityPermission "printIdentity";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.security.SecurityPermission "getProperty.ssl.SocketFactory.provider";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
permission com.ibm.websphere.security.WebSphereRuntimePermission "getSSLConfig";
/**************************/

/*** ADD USER-DEFINED ENTRIES HERE ***/
permission java.io.FilePermission "/tmp", "read, write, delete";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
/*************************************/
};

please help me in resolving this issue.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42596
    
  65

java.security.AccessControlException: Access denied (java.io.FilePermission /Method_Import_Yearly_0.xls write)

Are you really trying to access a file in the root directory? That doesn't sound right - no application should access that directory, and it isn't (and shouldn't be) covered by any of the permission grants in the policy file.


Ping & DNS - my free Android networking tools app
Rajesh Gudikoti
Greenhorn

Joined: Sep 01, 2009
Posts: 7
you are right. after observing this I have moved the file path within application path. i.e i moved from root directory to ....\F2133.ear\ems.war\WEB-INF\imports\temp but still the problem persists. Now temp folder is within application installed path.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42596
    
  65
Does the policy file contain a permission statement that covers that path? If so, which one is it?

Does the account that is used to run the server have permission to access that file at all, including all directories?
Rajesh Gudikoti
Greenhorn

Joined: Sep 01, 2009
Posts: 7
permission java.io.FilePermission "${APPLICATION_INSTALL_BASE}/-", "read, write, delete";
Above is the line which provides the permission application install directory path. I assume that even subdirectories coming under this application path should have read/write/delete permission.
I am not sure about the accont having the permission as this problem occurs in client environment. we do not have access to it. Just to give background this has occured when end user is trying to access the web application and during this process file has to be created. do you think the account which runs the server and file creation by end user have relation?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: java.security.AccessControlException: Access denied issue