geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Becker <dan.o.bec...@gmail.com>
Subject Re: Security manager issue under Windows XP
Date Thu, 22 May 2008 19:03:54 GMT
Jacques Le Roux <jacques.le.roux@...> writes:
> But I'm now facing an issue on Windows XPsp2: I 
> can't run WASCE with a security manager settled from the command line using 
> -Djava.security.manager=default -Djava.security.policy=client.policy options.  
> get the error below. Note that this is working properly under Linux (Ubuntu  
> Suze as well). Am I missing someting or should I open a Jira issue  ? (I 
> tried also -Djava.security.manager, but I guess it's the same)


Hi Jacques, as I mention in JIRA GERONIMO-4037, 
It is definitely strange that your security policy would work on Linux but not
on Windows. The behavior you mention should be  the same on all platforms.

>From your stack trace above, it appears that
org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance
is attempting to set a class loader, which is privileged action requiring a
runtime permission, but somehow the policy you have set is not visible to the
security manager.

Three possible problems with your security policy client.policy that you might
be able to easily test.
1) I thought the grant statement in the policy file required a URL for the code
base. You might need to add the URL for the Geronimo code base in order for this
permission to be visible.
2) The JVM command line arg -Djava.security.policy=client.policy requires a URL
for the location of the policy file. It could be that this file is visible in
Linux and not in Windows. You might want to hard code a file URL to test this.
3) The "-Djava.security.policy" policy file value will be ignored if the
"policy.allowSystemProperty" property in the security properties file is set to
false. The default is true. You can add this to the command line with
-Dpolicy.allowSystemProperty=true.

You can also get lots of security diagnostics of running with security managers
when you add -Djava.security.debug=policy or -Djava.security.debug=all. 

Report back and let me know if any of these work.


Mime
View raw message