Java 2 安全性
我们在 WebSphere 6.1 上启用了 java 2 安全性,并部署了 test.ear 和 was.policy,它具有以下代码。
grant codeBase "file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar" {
permission java.security.AllPermission;
permission java.io.FilePermission "/opt/TEST/SYSTEM/config.client.xml", "read, write, execute";
};
然后我们重新启动部署管理器、节点代理以及nodemangaer。
但我们仍然在 IBM 日志中收到以下错误。
0000002b SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please re
fer to InfoCenter for further information.
权限:
/opt/TEST/SYSTEM/config.client.xml : access denied (java.io.FilePermission /opt/TEST/SYSTEM//config.client.xml read)
代码:
com.test.system.server.common.base.ControllerBase in {file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar}
堆栈跟踪:
java.security.AccessControlException: access denied (java.io.FilePermission /opt/TEST/SYSTEM/config.client.xml read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:213)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:700)
at com.test.system.server.common.base.ControllerBase.fileNotExists(ControllerBase.java:286)
at com.test.system.server.common.base.ControllerBase.readConfigFromSystemProperty(ControllerBase.java:267)
at com.test.system.server.common.base.ControllerBase.createConfigStream(ControllerBase.java:227)
at com.test.system.server.common.base.ControllerBase.readConfigFile(ControllerBase.java:556)
at com.test.system.server.common.base.ControllerBase.init(ControllerBase.java:374)
at com.test.system.client.servlet.FrontController.init(FrontController.java:96)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:227)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.init(ServletWrapper.java:340)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:435)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:524)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3548)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:269)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:818)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:125)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:267)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:196)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:751)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:881)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)
请帮助我们纠正问题。
提前致谢,
We enabled the java 2 security on the WebSphere 6.1 and we deployed our test.ear along with was.policy which is having the following code.
grant codeBase "file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar" {
permission java.security.AllPermission;
permission java.io.FilePermission "/opt/TEST/SYSTEM/config.client.xml", "read, write, execute";
};
And then we restarted the Deployment manager, node agent and also the nodemangaer.
But still we are getting the following errors in the IBM logs.
0000002b SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please re
fer to InfoCenter for further information.
Permission:
/opt/TEST/SYSTEM/config.client.xml : access denied (java.io.FilePermission /opt/TEST/SYSTEM//config.client.xml read)
Code:
com.test.system.server.common.base.ControllerBase in {file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar}
Stack Trace:
java.security.AccessControlException: access denied (java.io.FilePermission /opt/TEST/SYSTEM/config.client.xml read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:213)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:700)
at com.test.system.server.common.base.ControllerBase.fileNotExists(ControllerBase.java:286)
at com.test.system.server.common.base.ControllerBase.readConfigFromSystemProperty(ControllerBase.java:267)
at com.test.system.server.common.base.ControllerBase.createConfigStream(ControllerBase.java:227)
at com.test.system.server.common.base.ControllerBase.readConfigFile(ControllerBase.java:556)
at com.test.system.server.common.base.ControllerBase.init(ControllerBase.java:374)
at com.test.system.client.servlet.FrontController.init(FrontController.java:96)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:227)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.init(ServletWrapper.java:340)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:435)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:524)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3548)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:269)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:818)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:125)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:267)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:196)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:751)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:881)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)
Please help us in rectifying the problem.
Thanks in Advance,
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
尝试以下操作(除非您正在部署分解的ear文件)
“.ear”后面的感叹号(“!”)
关键位是codeBase位置前面的“jar:”,以及我取出的 显式 FilePermission - 如果您授予 AllPermission,则无需同时授予显式 FilePermissions。 (但是,如果您授予 AllPermission,为什么还要费心打开 Java 2 安全性呢?)
Try the following ( unless you are deploying an exploded ear file )
The key bits are the "jar:" at the front of the codeBase location, and the exclamation mark ( "!" ) after the ".ear"
I've taken out the explicit FilePermission- if you are granting AllPermission, there's no need to grant explict FilePermissions as well. ( But if you are granting AllPermission, why are you bothering switching Java 2 security on in the first place ? )
在 was.policy 中使用相对路径。以下代码片段对我有用:
请参阅信息中心主题 配置 Java 2 安全性的 was.policy 文件了解更多信息。
注意:我同意 DaveHowes 的观点,即启用 Java 2 安全性但授予 AllPermission 是毫无价值的。
Use a relative path in was.policy. The following snippet works for me:
See the InfoCenter topic Configuring the was.policy file for Java 2 security for more information.
Note: I agree with DaveHowes that enabling Java 2 security but granting AllPermission is worthless.