GeeCON Prague 2014*
The moose likes Websphere and the fly likes Java2 Security Permissions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Products » Websphere
Bookmark "Java2 Security Permissions" Watch "Java2 Security Permissions" New topic
Author

Java2 Security Permissions

Pat Flickner
Ranch Hand

Joined: Nov 17, 2003
Posts: 173
Help. I'm lost in the muck of Java2 Security. I'm fine until I get to connecting to the database, the BOOM! it blows up. I have a was.policy set up in the META-INF of both the EAR and the WAR. Here's the error:

110.110.110.110:4100 : access denied (java.net.SocketPermission 110.110.110.110:4100 connect,resolve)

Here's my was.policy:

grant codeBase "file:${application}" {
permission java.security.AllPermission;
};

grant codeBase "file:${jars}" {
permission java.security.AllPermission;
};

grant codeBase "file:${connectorComponent}" {
permission java.security.AllPermission;
};

grant codeBase "file:${webComponent}" {
permission java.security.AllPermission;
};

grant codeBase "file:${ejbComponent}" {
permission java.security.AllPermission;
};

grant {
permission java.security.AllPermission;
};

// The following permissions apply to all the components under the application.
grant codeBase "file:${application}" {
// The following are required by JavaMail
permission java.io.FilePermission "${was.install.root}${/}lib${/}mail-impl.jar","read";
permission java.io.FilePermission "${was.install.root}${/}lib${/}activation-impl.jar","read";
permission java.net.SocketPermission "*", "connect,resolve";
permission java.util.PropertyPermission "*", "read";
};

// The following permissions apply to all utility .jar files (other
// than enterprise beans JAR files) in the application.
grant codeBase "file:${jars}" {
permission java.net.SocketPermission "*", "connect,resolve";
permission java.util.PropertyPermission "*", "read";
};

// The following permissions apply to connector resources within the application
grant codeBase "file:${connectorComponent}" {
permission java.net.SocketPermission "*", "connect,resolve";
permission java.util.PropertyPermission "*", "read";
};

// The following permissions apply to all the Web modules (.war files)
// within the application.
grant codeBase "file:${webComponent}" {
permission java.io.FilePermission "${was.module.path}${/}-", "read, write";
// where "was.module.path" is the path where the Web module is
// installed. Refer to Dynamic policy concepts for other symbols.
permission java.lang.RuntimePermission "*";
permission java.net.SocketPermission "*", "connect,resolve";
permission java.util.PropertyPermission "*", "read";
};

// The following permissions apply to all the EJB modules within the application.
grant codeBase "file:${ejbComponent}" {
permission java.lang.RuntimePermission "*";
permission java.net.SocketPermission "*", "connect,resolve";
permission java.util.PropertyPermission "*", "read";
};

Obviously, I've copied things throughout since I have very little clue as to what I'm doing. Can anyone clue me in? Thanks.

Pat
 
GeeCON Prague 2014
 
subject: Java2 Security Permissions