Geek asks and answers

Some changes in java.policy are not supported by the JVM

Good afternoon friends! I have one huge problem here! First, last year I asked how to install a proxy server in the JVM so that the Lotus Notes agent programmed in java can go through the web service (also in java). I finally found the problem after several weeks of research, and now it works! So now it’s time for us to move this to a user test environment ... Guess what?!? Does not work! But, I do not face the same problem. In fact, in order to install the proxy server in the JVM, I need to set the property "http.proxyHost" and "http.proxyPort". So, I got the Domino server administrator to modify the "java.policy" file on the server so that I can access these properties (I got them to copy the development version of "java.policy" and paste it into "UAT "version"). Bad luck! The exact same code replicated on another server with the same policy file behaves in two different ways ... I get the following:

java.security.AccessControlException: access denied (java.util.PropertyPermission http.proxyHost write)

We tried to change the permission, we tried to give permission to "http.proxyHost" and "proxyHost". Nothing worked ... So, I made them remove all permissions in the "grant" section (without the code base) and put only AllPermission. It worked! I assume that we have an error in the policy file so that permissions will not be taken care of. I was wondering if you can give me a hand on this ... Here is the policy file:

// 
// @(#)src/security/sov/config/java.policy, security, as142, 20070303 1.4.2.2 
// =========================================================================== 
// Licensed Materials - Property of IBM 
// "Restricted Materials of IBM" 
// 
// IBM SDK, Java(tm) 2 Technology Edition, v1.4.2 
// (C) Copyright IBM Corp. 1998, 2002. All Rights Reserved 
// =========================================================================== 
// 


// Standard extensions get all permissions by default 

grant codeBase "file:${java.home}/lib/ext/*" { 
        permission java.security.AllPermission; 
}; 

// default permissions granted to all domains 

grant { 
        // Allows any thread to stop itself using the java.lang.Thread.stop() 
        // method that takes no argument. 
        // Note that this permission is granted by default only to remain 
        // backwards compatible. 
        // It is strongly recommended that you either remove this permission 
        // from this policy file or further restrict it to code sources 
        // that you specify, because Thread.stop() is potentially unsafe. 
        // See "http://java.sun.com/notes" for more information. 
        permission java.lang.RuntimePermission "stopThread"; 
        permission java.lang.RuntimePermission "setContextClassLoader";    // This was added 

        // allows anyone to listen on un-privileged ports 
        permission java.net.SocketPermission "localhost:1024-", "listen"; 

        permission java.net.NetPermission "setDefaultAuthenticator";
        permission java.util.PropertyPermission "http.proxySet", "write"; 
        permission java.util.PropertyPermission "http.proxyHost", "write"; 
        permission java.util.PropertyPermission "http.proxyPort", "write"; 


        // "standard" properies that can be read by anyone 

        permission java.util.PropertyPermission "java.version", "read"; 
        permission java.util.PropertyPermission "java.vendor", "read"; 
        permission java.util.PropertyPermission "java.vendor.url", "read"; 
        permission java.util.PropertyPermission "java.class.version", "read"; 
        permission java.util.PropertyPermission "os.name", "read"; 
        permission java.util.PropertyPermission "os.version", "read"; 
        permission java.util.PropertyPermission "os.arch", "read"; 
        permission java.util.PropertyPermission "file.separator", "read"; 
        permission java.util.PropertyPermission "path.separator", "read"; 
        permission java.util.PropertyPermission "line.separator", "read"; 

        permission java.util.PropertyPermission "java.specification.version", "read"; 
        permission java.util.PropertyPermission "java.specification.vendor", "read"; 
        permission java.util.PropertyPermission "java.specification.name", "read"; 

        permission java.util.PropertyPermission "java.vm.specification.version", "read"; 
        permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; 
        permission java.util.PropertyPermission "java.vm.specification.name", "read"; 
        permission java.util.PropertyPermission "java.vm.version", "read"; 
        permission java.util.PropertyPermission "java.vm.vendor", "read"; 
        permission java.util.PropertyPermission "java.vm.name", "read"; 


        permission java.util.PropertyPermission "java.assistive", "read"; 

}; 

// Notes java code gets all permissions 

grant codeBase "file:${notes.binary}/*" { 
        permission java.security.AllPermission; 
}; 

grant codeBase "file:${notes.binary}/rjext/*" { 
        permission java.security.AllPermission; 
};

Any hint would be greatly appreciated ... the client is rather tired, this does not work!

+3
source share
2 answers

For people who may have the same problem and get googling here, I solved this problem by allowing to get / install AllProperties. I still don’t know why the listing didn’t work then ...

0

Domino\jvm\lib\security\java.security 3

# The default is to have a single system-wide policy file,
# and a policy file in the user home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${java.home}/lib/security/java.pol
policy.url.3=file:///${user.home}/.java.policy

java.pol. domino java.policy.

. https://www-304.ibm.com/support/docview.wss?uid=swg21679242

0

More articles:


All Articles