grant execute file permission to a JSP?

Discussion in 'Java' started by Hank Barta, Jan 25, 2004.

  1. Hank Barta

    Hank Barta Guest

    I'm trying to run an external command from a JSP and instead get
    the exception:

    java.security.AccessControlException: access denied (java.io.FilePermission /usr/bin/killall execute)

    which seems clear enough. (The code runs and works from within a
    console application.)

    The OS is Linux and the application server is the one that
    installs with the J2EE sdk from Sun. It is installed within my
    home directory and runs under my user ID exposing deployed JSPs
    at http://localhost:8080/

    I've added the following code to both my ~/.java.policy file and
    the ${java.home}/jdk/jre/lib/security/java.policy file:

    grant codeBase "http://localhost:8080/-" {
    permission java.io.FilePermission "/usr/bin/killall", "execute";
    permission java.security.AllPermission;
    };

    Neither of the entries in either of the files makes any
    difference. The only change I've made that has any affect at all
    is to change the command from 'killall ...' to '/usr/bin/killall
    ...' which changed the file reference in the exception from "<<ALL
    FILES>>" to "/usr/bin/killall".

    Each time I made a change in the policy files, I restarted the
    application server to make sure it was using the new file contents.

    I'm clearly overlooking something or have something wrong. Any
    suggestions on how to resolve this would be most welcomed!

    thanks,
    hank
    Hank Barta, Jan 25, 2004
    #1
    1. Advertising

  2. Hank Barta

    Hank Barta Guest

    Hank Barta <> wrote:

    OK, a bit of the solution is changing:

    > grant codeBase "http://localhost:8080/-" {
    > permission java.io.FilePermission "/usr/bin/killall", "execute";
    > permission java.security.AllPermission;
    > };


    to:

    grant {
    permission java.io.FilePermission "/usr/bin/killall", "execute";
    permission java.security.AllPermission;
    };


    But I suspect that this grants the indicated permissions to
    everything. How can I restrict this to my JSPs? In other words,
    what should the "CodeBase "http://localhost:8080/-" be for JSPs on
    my host? Or is this the correct solution?

    thanks,
    hank
    Hank Barta, Jan 25, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve Richter
    Replies:
    6
    Views:
    11,471
    Steve Richter
    Apr 14, 2005
  2. Brian Takita
    Replies:
    0
    Views:
    2,125
    Brian Takita
    Apr 19, 2005
  3. =?Utf-8?B?a2FhcmtleQ==?=

    grant folder write permission

    =?Utf-8?B?a2FhcmtleQ==?=, Oct 10, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    2,871
    =?Utf-8?B?a2FhcmtleQ==?=
    Oct 11, 2005
  4. Rach
    Replies:
    0
    Views:
    429
  5. Brian Takita
    Replies:
    0
    Views:
    146
    Brian Takita
    Apr 18, 2005
Loading...

Share This Page