Java 2安全性

| 我们在WebSphere 6.1上启用了Java 2安全性,并部署了test.ear和was.policy,后者具有以下代码。
grant codeBase \"file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar\" {
  permission java.security.AllPermission;
  permission java.io.FilePermission \"/opt/TEST/SYSTEM/config.client.xml\", \"read, write, execute\";
};
然后,我们重新启动了Deployment Manager,节点代理以及nodemangaer。 但是,仍然在IBM日志中出现以下错误。
0000002b SecurityManag W   SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please re
fer to InfoCenter for further information.
允许:
  /opt/TEST/SYSTEM/config.client.xml : access denied (java.io.FilePermission /opt/TEST/SYSTEM//config.client.xml read)
码:
 com.test.system.server.common.base.ControllerBase  in  {file:/opt/TEST/EAR/test.ear/test.war/WEB-INF/lib/system.jar}
堆栈跟踪:
java.security.AccessControlException: access denied (java.io.FilePermission /opt/TEST/SYSTEM/config.client.xml read)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at java.security.AccessController.checkPermission(AccessController.java:427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:213)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
        at java.io.File.exists(File.java:700)
        at com.test.system.server.common.base.ControllerBase.fileNotExists(ControllerBase.java:286)
        at com.test.system.server.common.base.ControllerBase.readConfigFromSystemProperty(ControllerBase.java:267)
        at com.test.system.server.common.base.ControllerBase.createConfigStream(ControllerBase.java:227)
        at com.test.system.server.common.base.ControllerBase.readConfigFile(ControllerBase.java:556)
        at com.test.system.server.common.base.ControllerBase.init(ControllerBase.java:374)
        at com.test.system.client.servlet.FrontController.init(FrontController.java:96)
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:227)
        at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.init(ServletWrapper.java:340)
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:435)
        at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:524)
        at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3548)
        at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:269)
        at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:818)
        at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478)
        at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:125)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:267)
        at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
        at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
        at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
        at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
        at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
        at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
        at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:196)
        at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:751)
        at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:881)
        at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)
请帮助我们纠正问题。 提前致谢,     
已邀请:
尝试以下操作(除非要部署爆炸的耳朵文件)
grant codeBase \"jar:file:/opt/TEST/EAR/test.ear!/test.war/WEB-INF/lib/system.jar\" {
    permission java.security.AllPermission; 
};
关键位是codeBase位置前面的\“ jar:\”,以及\“。ear \”之后的感叹号(\“!\”) 我已经删除了显式FilePermission-如果您要授予AllPermission,则也不需要授予显式FilePermissions。 (但是,如果您授予AllPermission,为什么首先要麻烦打开Java 2安全性?)     
在was.policy中使用相对路径。以下代码段对我有用:
grant codeBase \"file:test.war\" {  
  permission java.security.AllPermission;
};
有关更多信息,请参阅信息中心主题为Java 2安全性配置was.policy文件。 注意:我同意DaveHowes的观点,即启用Java 2安全性但授予AllPermission是毫无价值的。     

要回复问题请先登录注册