• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

java.security.AccessControlException: Access denied issue

 
Rajesh Gudikoti
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
when accessing one of the functionality in application we get the following error:
java.security.AccessControlException: Access denied (java.io.FilePermission /Method_Import_Yearly_0.xls write)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:548)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:978)
at java.io.File.createNewFile(File.java:875)

Below is the was.policy file contents


/*******************************************************************************/
/* */
/* Sample WAS 6.1 was.policy */
/* */
/* The contents of this file may be placed in the was.policy file located in */
/* the /<EarProjectName>/META-INF folder of your application */
/*******************************************************************************/

/* Sample was.policy */
/* Note: Add any additional lines required by your application based on */
/* "access denied" errors when doing Java2 security testing in DEV with */
/* set ENABLE_SECURITY_DEBUGGING "TRUE" flag in your application.jacl */

grant codeBase "file:${application}" {
/*** DO NOT MODIFY ***/
permission java.io.FilePermission "${FJFCONFIG_ROOT}/-", "read";
permission java.io.FilePermission "${APPLICATION_INSTALL_BASE}/-", "read, write, delete";
permission java.io.FilePermission "${WAS_HOME}/-", "read";
permission java.io.FilePermission "${WAS_USER_HOME}/-", "read";
permission java.io.FilePermission "${WEBSPHERERESOURCES_ROOT}/-", "read";
permission java.io.FilePermission "${WAS_HOME}/profiles/node/temp/-", "read,write,delete";
permission java.io.FilePermission "${MERCURY_HOME}/-", "read, write, delete";
/*********************/

/*** WELL-KNOWN ENTRIES ***/
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.infos";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.net.SocketPermission "*", "accept, resolve, connect";
permission java.util.PropertyPermission "*", "read, write";
permission java.security.SecurityPermission "printIdentity";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.security.SecurityPermission "getProperty.ssl.SocketFactory.provider";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
permission com.ibm.websphere.security.WebSphereRuntimePermission "getSSLConfig";
/**************************/

/*** ADD USER-DEFINED ENTRIES HERE ***/
permission java.io.FilePermission "/tmp", "read, write, delete";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
/*************************************/
};

please help me in resolving this issue.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

java.security.AccessControlException: Access denied (java.io.FilePermission /Method_Import_Yearly_0.xls write)

Are you really trying to access a file in the root directory? That doesn't sound right - no application should access that directory, and it isn't (and shouldn't be) covered by any of the permission grants in the policy file.
 
Rajesh Gudikoti
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you are right. after observing this I have moved the file path within application path. i.e i moved from root directory to ....\F2133.ear\ems.war\WEB-INF\imports\temp but still the problem persists. Now temp folder is within application installed path.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does the policy file contain a permission statement that covers that path? If so, which one is it?

Does the account that is used to run the server have permission to access that file at all, including all directories?
 
Rajesh Gudikoti
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
permission java.io.FilePermission "${APPLICATION_INSTALL_BASE}/-", "read, write, delete";
Above is the line which provides the permission application install directory path. I assume that even subdirectories coming under this application path should have read/write/delete permission.
I am not sure about the accont having the permission as this problem occurs in client environment. we do not have access to it. Just to give background this has occured when end user is trying to access the web application and during this process file has to be created. do you think the account which runs the server and file creation by end user have relation?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic