Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

java.security.AccessControlException: Access denied issue

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
when accessing one of the functionality in application we get the following error:
java.security.AccessControlException: Access denied (java.io.FilePermission /Method_Import_Yearly_0.xls write)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:548)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:978)
at java.io.File.createNewFile(File.java:875)

Below is the was.policy file contents



/*******************************************************************************/
/* */
/* Sample WAS 6.1 was.policy */
/* */
/* The contents of this file may be placed in the was.policy file located in */
/* the /<EarProjectName>/META-INF folder of your application */
/*******************************************************************************/

/* Sample was.policy */
/* Note: Add any additional lines required by your application based on */
/* "access denied" errors when doing Java2 security testing in DEV with */
/* set ENABLE_SECURITY_DEBUGGING "TRUE" flag in your application.jacl */

grant codeBase "file:${application}" {
/*** DO NOT MODIFY ***/
permission java.io.FilePermission "${FJFCONFIG_ROOT}/-", "read";
permission java.io.FilePermission "${APPLICATION_INSTALL_BASE}/-", "read, write, delete";
permission java.io.FilePermission "${WAS_HOME}/-", "read";
permission java.io.FilePermission "${WAS_USER_HOME}/-", "read";
permission java.io.FilePermission "${WEBSPHERERESOURCES_ROOT}/-", "read";
permission java.io.FilePermission "${WAS_HOME}/profiles/node/temp/-", "read,write,delete";
permission java.io.FilePermission "${MERCURY_HOME}/-", "read, write, delete";
/*********************/

/*** WELL-KNOWN ENTRIES ***/
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setFactory";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.infos";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.net.SocketPermission "*", "accept, resolve, connect";
permission java.util.PropertyPermission "*", "read, write";
permission java.security.SecurityPermission "printIdentity";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.security.SecurityPermission "getProperty.ssl.SocketFactory.provider";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
permission com.ibm.websphere.security.WebSphereRuntimePermission "getSSLConfig";
/**************************/

/*** ADD USER-DEFINED ENTRIES HERE ***/
permission java.io.FilePermission "/tmp", "read, write, delete";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
/*************************************/
};

please help me in resolving this issue.
 
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


java.security.AccessControlException: Access denied (java.io.FilePermission /Method_Import_Yearly_0.xls write)


Are you really trying to access a file in the root directory? That doesn't sound right - no application should access that directory, and it isn't (and shouldn't be) covered by any of the permission grants in the policy file.
 
Rajesh Gudikoti
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
you are right. after observing this I have moved the file path within application path. i.e i moved from root directory to ....\F2133.ear\ems.war\WEB-INF\imports\temp but still the problem persists. Now temp folder is within application installed path.
 
Ulf Dittmer
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does the policy file contain a permission statement that covers that path? If so, which one is it?

Does the account that is used to run the server have permission to access that file at all, including all directories?
 
Rajesh Gudikoti
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
permission java.io.FilePermission "${APPLICATION_INSTALL_BASE}/-", "read, write, delete";
Above is the line which provides the permission application install directory path. I assume that even subdirectories coming under this application path should have read/write/delete permission.
I am not sure about the accont having the permission as this problem occurs in client environment. we do not have access to it. Just to give background this has occured when end user is trying to access the web application and during this process file has to be created. do you think the account which runs the server and file creation by end user have relation?
reply
    Bookmark Topic Watch Topic
  • New Topic