*
The moose likes Websphere and the fly likes java.security.AccessControlException: Access denied issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "java.security.AccessControlException: Access denied issue" Watch "java.security.AccessControlException: Access denied issue" New topic
Author

java.security.AccessControlException: Access denied issue

Rajesh Gudikoti
Greenhorn

Joined: Sep 01, 2009
Posts: 7
when accessing one of the functionality in application we get the following error:
java.security.AccessControlException: Access denied (java.io.FilePermission /Method_Import_Yearly_0.xls write)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:548)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:978)
at java.io.File.createNewFile(File.java:875)

Below is the was.policy file contents


/*******************************************************************************/
/* */
/* Sample WAS 6.1 was.policy */
/* */
/* The contents of this file may be placed in the was.policy file located in */
/* the /<EarProjectName>/META-INF folder of your application */
/*******************************************************************************/

/* Sample was.policy */
/* Note: Add any additional lines required by your application based on */
/* "access denied" errors when doing Java2 security testing in DEV with */
/* set ENABLE_SECURITY_DEBUGGING "TRUE" flag in your application.jacl */

grant codeBase "file:${application}" {
/*** DO NOT MODIFY ***/
permission java.io.FilePermission "${FJFCONFIG_ROOT}/-", "read";
permission java.io.FilePermission "${APPLICATION_INSTALL_BASE}/-", "read, write, delete";
permission java.io.FilePermission "${WAS_HOME}/-", "read";
permission java.io.FilePermission "${WAS_USER_HOME}/-", "read";
permission java.io.FilePermission "${WEBSPHERERESOURCES_ROOT}/-", "read";
permission java.io.FilePermission "${WAS_HOME}/profiles/node/temp/-", "read,write,delete";
permission java.io.FilePermission "${MERCURY_HOME}/-", "read, write, delete";
/*********************/

/*** WELL-KNOWN ENTRIES ***/
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.infos";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.net.SocketPermission "*", "accept, resolve, connect";
permission java.util.PropertyPermission "*", "read, write";
permission java.security.SecurityPermission "printIdentity";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.security.SecurityPermission "getProperty.ssl.SocketFactory.provider";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
permission com.ibm.websphere.security.WebSphereRuntimePermission "getSSLConfig";
/**************************/

/*** ADD USER-DEFINED ENTRIES HERE ***/
permission java.io.FilePermission "/tmp", "read, write, delete";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
/*************************************/
};

please help me in resolving this issue.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41123
    
  45

java.security.AccessControlException: Access denied (java.io.FilePermission /Method_Import_Yearly_0.xls write)

Are you really trying to access a file in the root directory? That doesn't sound right - no application should access that directory, and it isn't (and shouldn't be) covered by any of the permission grants in the policy file.


Ping & DNS - my free Android networking tools app
Rajesh Gudikoti
Greenhorn

Joined: Sep 01, 2009
Posts: 7
you are right. after observing this I have moved the file path within application path. i.e i moved from root directory to ....\F2133.ear\ems.war\WEB-INF\imports\temp but still the problem persists. Now temp folder is within application installed path.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41123
    
  45
Does the policy file contain a permission statement that covers that path? If so, which one is it?

Does the account that is used to run the server have permission to access that file at all, including all directories?
Rajesh Gudikoti
Greenhorn

Joined: Sep 01, 2009
Posts: 7
permission java.io.FilePermission "${APPLICATION_INSTALL_BASE}/-", "read, write, delete";
Above is the line which provides the permission application install directory path. I assume that even subdirectories coming under this application path should have read/write/delete permission.
I am not sure about the accont having the permission as this problem occurs in client environment. we do not have access to it. Just to give background this has occured when end user is trying to access the web application and during this process file has to be created. do you think the account which runs the server and file creation by end user have relation?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: java.security.AccessControlException: Access denied issue
 
Similar Threads
Java 2 Security Problems
RAD - WAS6 Admin Console -Error page exception
RMI Server Connection Problem on XP prof
java 2 security & mkdirs
Changed was.policy to allow writing to file and didnt work