Java 2安全性
|
我们在WebSphere 6.1上启用了Java 2安全性,并部署了test.ear和was.policy,后者具有以下代码。
grant codeBase \"file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar\" {
permission java.security.AllPermission;
permission java.io.FilePermission \"/opt/TEST/SYSTEM/config.client.xml\", \"read, write, execute\";
};
然后,我们重新启动了Deployment Manager,节点代理以及nodemangaer。
但是,仍然在IBM日志中出现以下错误。
0000002b SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please re
fer to InfoCenter for further information.
允许:
/opt/TEST/SYSTEM/config.client.xml : access denied (java.io.FilePermission /opt/TEST/SYSTEM//config.client.xml read)
码:
com.test.system.server.common.base.ControllerBase in {file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar}
堆栈跟踪:
java.security.AccessControlException: access denied (java.io.FilePermission /opt/TEST/SYSTEM/config.client.xml read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:213)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:700)
at com.test.system.server.common.base.ControllerBase.fileNotExists(ControllerBase.java:286)
at com.test.system.server.common.base.ControllerBase.readConfigFromSystemProperty(ControllerBase.java:267)
at com.test.system.server.common.base.ControllerBase.createConfigStream(ControllerBase.java:227)
at com.test.system.server.common.base.ControllerBase.readConfigFile(ControllerBase.java:556)
at com.test.system.server.common.base.ControllerBase.init(ControllerBase.java:374)
at com.test.system.client.servlet.FrontController.init(FrontController.java:96)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:227)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.init(ServletWrapper.java:340)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:435)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:524)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3548)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:269)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:818)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:125)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:267)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:196)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:751)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:881)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)
请帮助我们纠正问题。
提前致谢,
没有找到相关结果
已邀请:
2 个回复
骇毖煽洁铂
关键位是codeBase位置前面的\“ jar:\”,以及\“。ear \”之后的感叹号(\“!\”) 我已经删除了显式FilePermission-如果您要授予AllPermission,则也不需要授予显式FilePermissions。 (但是,如果您授予AllPermission,为什么首先要麻烦打开Java 2安全性?)
爆刺疤灯
有关更多信息,请参阅信息中心主题为Java 2安全性配置was.policy文件。 注意:我同意DaveHowes的观点,即启用Java 2安全性但授予AllPermission是毫无价值的。