M
michaelp
Hello!
i am implementing a little RMI application, and trying to use a security
manager to grant permission to classes in my codebase.
I think I understand the principles, as well as the syntax of the policy
file.
The server starts o.k. when there is no security manager.
When I plug in the following code
if (System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
}
I get security exceptions.
I have tried to fix those in the security policy file, but whatever I do
or do not do, the error messages (with the security manger enabled)
remains the same.
I have also tried to deliberately put faulty syntax in my security
policy, but java does not seem to react, making me suspect the security
file is ignored. Running with -verbose didnt help either.
Is there a way to dig into the error and find out what's going on?
Thanks!
Below are some extracts.
policy file (somewhat desperately overpopulated):
grant codeBase "file:/home/michaelp/rmiDB/" {
permission java.security.AllPermission ;
};
grant codeBase "file:/home/michaelp/rmiDB/rmi/" {
permission java.security.AllPermission ;
};
grant codeBase "file:/home/michaelp/rmiDB/server/" {
permission java.security.AllPermission ;
};
grant codeBase
"file:/home/michaelp/rmiDB/mysql-connector-java-3.1.12-bin.jar" {
permission java.security.AllPermission ;
};
command line:
java -classpath .:mysql-connector-java-3.1.12-bin.jar
-Djava.security.policy=server.policy
-Djava.rmi.server.codebase=file:/home/michaelp/rmiDB/
server.RMIServer
stack trace:
java.lang.ExceptionInInitializerError
at java.util.TimeZone$1.run (TimeZone.java:114)
at java.security.AccessController.doPrivileged
(AccessController.java:96)
at java.util.TimeZone.defaultZone (TimeZone.java:100)
at java.util.TimeZone.getDefault (TimeZone.java:1295)
at com.mysql.jdbc.Connection.<init> (Connection.java:1433)
at com.mysql.jdbc.NonRegisteringDriver.connect
(NonRegisteringDriver.java:266)
at java.sql.DriverManager.getConnection (DriverManager.java:164)
at java.sql.DriverManager.getConnection (DriverManager.java:188)
at rmi.DB_util.doConnect (DB_util.java:45)
at rmi.JDBC_lag_RMIImpl.<init> (JDBC_lag_RMIImpl.java:25)
at server.RMIServer.main (RMIServer.java:30)
Caused by: java.security.AccessControlException: permission not granted
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:122)
at java.security.AccessController.checkPermission
(AccessController.java:76)
at java.lang.SecurityManager.checkPermission (SecurityManager.java:337)
at java.lang.SecurityManager.checkLink (SecurityManager.java:496)
at java.lang.Runtime.loadLibrary (Runtime.java:171)
at java.lang.System.loadLibrary (System.java:175)
at java.util.VMTimeZone.<clinit> (VMTimeZone.java:55)
at java.util.TimeZone$1.run (TimeZone.java:114)
...10 more
java.security.AccessControlException: permission not granted
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:122)
at java.security.AccessController.checkPermission
(AccessController.java:76)
at java.lang.SecurityManager.checkPermission (SecurityManager.java:337)
at java.lang.SecurityManager.checkLink (SecurityManager.java:496)
at java.lang.Runtime.loadLibrary (Runtime.java:171)
at java.lang.System.loadLibrary (System.java:175)
at java.util.VMTimeZone.<clinit> (VMTimeZone.java:55)
at java.util.TimeZone$1.run (TimeZone.java:114)
at java.security.AccessController.doPrivileged
(AccessController.java:96)
at java.util.TimeZone.defaultZone (TimeZone.java:100)
at java.util.TimeZone.getDefault (TimeZone.java:1295)
at com.mysql.jdbc.Connection.<init> (Connection.java:1433)
at com.mysql.jdbc.NonRegisteringDriver.connect
(NonRegisteringDriver.java:266)
at java.sql.DriverManager.getConnection (DriverManager.java:164)
at java.sql.DriverManager.getConnection (DriverManager.java:188)
at rmi.DB_util.doConnect (DB_util.java:45)
at rmi.JDBC_lag_RMIImpl.<init> (JDBC_lag_RMIImpl.java:25)
at server.RMIServer.main (RMIServer.java:30)
i am implementing a little RMI application, and trying to use a security
manager to grant permission to classes in my codebase.
I think I understand the principles, as well as the syntax of the policy
file.
The server starts o.k. when there is no security manager.
When I plug in the following code
if (System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
}
I get security exceptions.
I have tried to fix those in the security policy file, but whatever I do
or do not do, the error messages (with the security manger enabled)
remains the same.
I have also tried to deliberately put faulty syntax in my security
policy, but java does not seem to react, making me suspect the security
file is ignored. Running with -verbose didnt help either.
Is there a way to dig into the error and find out what's going on?
Thanks!
Below are some extracts.
policy file (somewhat desperately overpopulated):
grant codeBase "file:/home/michaelp/rmiDB/" {
permission java.security.AllPermission ;
};
grant codeBase "file:/home/michaelp/rmiDB/rmi/" {
permission java.security.AllPermission ;
};
grant codeBase "file:/home/michaelp/rmiDB/server/" {
permission java.security.AllPermission ;
};
grant codeBase
"file:/home/michaelp/rmiDB/mysql-connector-java-3.1.12-bin.jar" {
permission java.security.AllPermission ;
};
command line:
java -classpath .:mysql-connector-java-3.1.12-bin.jar
-Djava.security.policy=server.policy
-Djava.rmi.server.codebase=file:/home/michaelp/rmiDB/
server.RMIServer
stack trace:
java.lang.ExceptionInInitializerError
at java.util.TimeZone$1.run (TimeZone.java:114)
at java.security.AccessController.doPrivileged
(AccessController.java:96)
at java.util.TimeZone.defaultZone (TimeZone.java:100)
at java.util.TimeZone.getDefault (TimeZone.java:1295)
at com.mysql.jdbc.Connection.<init> (Connection.java:1433)
at com.mysql.jdbc.NonRegisteringDriver.connect
(NonRegisteringDriver.java:266)
at java.sql.DriverManager.getConnection (DriverManager.java:164)
at java.sql.DriverManager.getConnection (DriverManager.java:188)
at rmi.DB_util.doConnect (DB_util.java:45)
at rmi.JDBC_lag_RMIImpl.<init> (JDBC_lag_RMIImpl.java:25)
at server.RMIServer.main (RMIServer.java:30)
Caused by: java.security.AccessControlException: permission not granted
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:122)
at java.security.AccessController.checkPermission
(AccessController.java:76)
at java.lang.SecurityManager.checkPermission (SecurityManager.java:337)
at java.lang.SecurityManager.checkLink (SecurityManager.java:496)
at java.lang.Runtime.loadLibrary (Runtime.java:171)
at java.lang.System.loadLibrary (System.java:175)
at java.util.VMTimeZone.<clinit> (VMTimeZone.java:55)
at java.util.TimeZone$1.run (TimeZone.java:114)
...10 more
java.security.AccessControlException: permission not granted
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:122)
at java.security.AccessController.checkPermission
(AccessController.java:76)
at java.lang.SecurityManager.checkPermission (SecurityManager.java:337)
at java.lang.SecurityManager.checkLink (SecurityManager.java:496)
at java.lang.Runtime.loadLibrary (Runtime.java:171)
at java.lang.System.loadLibrary (System.java:175)
at java.util.VMTimeZone.<clinit> (VMTimeZone.java:55)
at java.util.TimeZone$1.run (TimeZone.java:114)
at java.security.AccessController.doPrivileged
(AccessController.java:96)
at java.util.TimeZone.defaultZone (TimeZone.java:100)
at java.util.TimeZone.getDefault (TimeZone.java:1295)
at com.mysql.jdbc.Connection.<init> (Connection.java:1433)
at com.mysql.jdbc.NonRegisteringDriver.connect
(NonRegisteringDriver.java:266)
at java.sql.DriverManager.getConnection (DriverManager.java:164)
at java.sql.DriverManager.getConnection (DriverManager.java:188)
at rmi.DB_util.doConnect (DB_util.java:45)
at rmi.JDBC_lag_RMIImpl.<init> (JDBC_lag_RMIImpl.java:25)
at server.RMIServer.main (RMIServer.java:30)