How to override weblogic.policy file?
Hi Friends,
I am using weblogic9.2
What are the steps to follow override the webloic.policy file to give the access permission on a particular file?
I tried but its not working. The following steps are i did
1. i added one entry in weblogic.policy that was
grant codeBase "http://localhost/SampleServlet/-" {
permission java.io.FilePermission "c:\\kathir\\ErrorReport.txt", "read";
2.startWeblogic.cmd
-Djava.security.manager -Djava.security.policy==%WL_HOME%\server\lib\weblogic.policy
modified this entry.
But its not working...
please help me
Thanks in advance
It would help if you could provide a much higher level description of your use case.
Example: A servlet needs to read an arbitrary file on the local file system. Explain the security behavior you would like to see, etc.
Similar Messages
-
WebLogic 9.2 and weblogic.policy file
Hello,
I'm using weblogic.policy file while starting weblogic.
After adding it to JAVA_OPTIONS in startWebLogic.cmd I've got AccessControlException, and I'have to grant this persmision to all:
permission java.util.PropertyPermission "debug.properties", "read";
permission java.util.PropertyPermission "netuix.logger.implementation", "read";
permission java.util.PropertyPermission "netuix.formatter.implementation", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "weblogic.kernelPermission";
permission java.lang.RuntimePermission "setContextClassLoader";
This is not all permissions which I have to grant.
While I'm tring to run my deployed application I've got
java.security.AccessControlException: access denied (java.io.FilePermission D:\serwery\bea\jrockit90_150_04\jre\lib\managementapi.jar read).
So which permission I have to give (I don't want to add this permissions to all, so the question is where this permissions have to be added).
I think that this permissions should be granted to Servlets, as it is written on page
http://e-docs.bea.com/wls/docs92/security/server_prot.html#wp1032298
but resource path "file:/weblogic/application/defaults/Web" seems strange to me - there is nothing like this in Weblogic 9.2"
I also add this grant:
grant codeBase "file:${user.domain}/servers/${weblogic.Name}/tmp/-" {
permission java.security.AllPermission;
to weblogic.policy to run all deployed applications.
Thanks in advice,
Marcin DabrowskiHi
According to
http://e-docs.bea.com/wls/docs90/webserv/annotations.html#1050414
If you are going to publish the policy file in the Web Service archive, the policy XML file must be located in either the META-INF/policies or WEB-INF/policies directory of the EJB JAR file (for EJB implemented Web Services) or WAR file (for Java class implemented Web Services), respectively.
Can you make sure the policy file is in there?
Also there is a sample from the developer at http://dev2dev.bea.com/blog/jlee/archive/2005/09/how_to_use_anno.html
Vimala- -
Need help with weblogic.policy file
I'm running WebLogic 5.1 sp10 on Solaris 2.8 with Java 1.3.1_b24.
WebLogic is installed in directory:
/tech/lpp/webmstr/bea/weblogic5
If I turn on jdbc logging:
weblogic.jdbc.enableLogFile=true
weblogic.jdbc.logFileName=jdbc.log
I get the following when WebLogic attempts to create a connection pool:
java.security.AccessControlException: access denied (java.sql.SQLPermission setLog)
My weblogic.policy looks like:
grant codeBase "file:/tech/-" {
permission java.io.FilePermission "${/}tech${/} "read,write,delete,execute";
Any help is greatly appreciated.
Thanks,
KevinNaveen,
That did it!
Many Thanks,
Kevin
"Naveen \([email protected]\)" <[email protected]> wrote:
Hi,
Within the grant block that is at the end of the weblogic.policy file,
try
adding the following entry :
permission java.sql.SQLPermission "setLog", "*";
Thanks,
-- Naveen
"Kevin Toomey" <[email protected]> wrote in message
news:3c0bad4a$[email protected]..
I'm running WebLogic 5.1 sp10 on Solaris 2.8 with Java 1.3.1_b24.
WebLogic is installed in directory:
/tech/lpp/webmstr/bea/weblogic5
If I turn on jdbc logging:
weblogic.jdbc.enableLogFile=true
weblogic.jdbc.logFileName=jdbc.log
I get the following when WebLogic attempts to create a connection pool:
java.security.AccessControlException: access denied(java.sql.SQLPermission setLog)
My weblogic.policy looks like:
grant codeBase "file:/tech/-" {
permission java.io.FilePermission "${/}tech${/}"read,write,delete,execute";
Any help is greatly appreciated.
Thanks,
Kevin -
How to specify a policy file in a WS client (AXIS2)
I am trying to access a dot net web service and i want to make use of the policy file they gave me. i read that AXIS2 supports WS-Policy in the client side but i still can not figure out how to tell the client to use the file. I searched thouroghly for examples and searched through diffirent forums with no success. I found only similar questions with no answer. if somebody could help it would be appreciated.
Thank youWe you codegen a Policy annotated WSDL, the policies are get included in the stub. Hence you don't have to specify a separate Policy file.
But if you need to use a separate policy then you need to set them in the AxisDescription object that you use in the ServiceClient and OperationClient.
e.g.
ServiceClient serviceClient = new ServiceClient();
OperationClient operationClient = serviceClient
.createClient(ServiceClient.ANON_OUT_IN_OP);
FileInputStream fis = new FileInputStream("path-to-policy.xml");
Policy servicePolicy = PolicyEngine.getPolicy(fis);
AxisService axisService = serviceClient.getAxisService();
axisService.getPolicyInclude().setPolicy(servicePolicy);
If you need more information please repost this to [email protected] with a [AXIS2] subject prefix. -
Signed applets called from javascript - how/where to load policy file?
I'm running into some apparently well-known problems with signed applets accessing a client machine's hard drive.
So, I can get things to work if I place the following two lines in my 'local' JDK installation:
permission java.io.FilePermission "${user.home}/x.properties", "read,write";
permission java.util.PropertyPermission "user.home", "read";These let me a) read the user's home directory and b) read/write a file that's located there.
What I don't want to do is edit the java.policy file, but I'm having problems loading a separate policy file. The app server we run with our product is jetty, and I'm assuming I would be passing in the '-Djava.security.policy=='filename' with the other jetty start-up parameters- is this a correct assumption? And, what path do I give for the file, will I need to put it somewhere in the .war file we distribute, or in the JDK installation on the server? If it's on the server, will client machine's know about these extra rights?
I'd REALLY appreciate any help I could get on this...
thanks in advance,
+0^^Maybe you didn't realize but my previous post was sarcastically ment:
"hello SUN security stop bugging me in writhing this malicious program"
and
"hello SUN security, I'm a good boy now trust what I'm doing"
Are in a practical sense exactly the same.
SUN should either remove the stack check or the doprivileged. The stack check takes up
valuable resources for nothing since a malicious program can easily circumvent that.
Your post about a malicious user abusing your (CA) signed applet to ruine someone's
system is correct, it would not be difficult. A CA signed applet will not even ask a user to
trust or not. This is one of the reasons we have the usepolicy in affect, but this cannot be
used on "grandma's old PC" since it's too complicated for users to do such things.
YOU seem to be the one to blame, not the hacker! (The user accepted YOUR
certificate!).Actually you are to blame, because you made software that exposes a vonurability
other people can take advantage of.
what you can do before calling the doprivileged private method is check the call stack.
So your signed applet has a public method checking the callstack, if this lookes OK
that method will call the private doprivileged method.
Here is the example
package t;
import java.util.Properties;
import java.applet.Applet;
public class test extends Applet {
public test(){
startingPrivileged();
public void startingPrivileged(){
System.out.println("this is the stack");
try{
throw new Exception("get the call stack");
}catch(Exception e){
StackTraceElement stack[] = e.getStackTrace();
for (int i=0; i<stack.length; i++) {
System.out.println("file: " + stack.getFileName() + " method: " + stack[i].getMethodName() + " class: " + stack[i].getClassName() + " at " + new Integer(i).toString());
// this is a really simple check to see if this method was started from the t. package
// a good hacker can just create it's own package named t and take advantage of this method
// if this method was started from the same package there is no reason to make this method
// public, protected would work.
// there must be a better way to check if this method was called by "your" or "trusted" code
if(stack[1].getClassName().startsWith("t.")){
dosomePrivileged();
private void dosomePrivileged(){
System.out.println("this is the method that does privileged stuff");
public static void main(String args[]) {
new test(); -
How to configure weblogic log file?
HI
How do i configure Weblogic server log file to log weblogic related information as well as my application?
I need to maintain one log file for weblogic and my application.
Thanks,Then glassfish instance is either not configured yet or installed somewhere else. Try looking under your user's home directory like C:\Documents and Settings\<username>\Application Data\glassfish\domains\domain1\logs
-
How to view weblogic log files from a browser
Hi,
I am running WebLogic Server 7.03 on Solaris 8.
I have one Admin and multiple Managed servers running.
Each creates its own log file.
Is there anyway I can access this log files from the browser ?
In Apache, you can create a link from htdocs dir to the logs dir
and then view the log files from the browser. Is there a similar
mechanism in Weblogic server.
A quick response is well appreciated.
Thanks in advance.
-Anil VarmaIf you are on a unix system you can do something similar by making an open
directory webapp with symbolic links to the weblogic log directories. I suggest
that you protect that webapp with administration access only.
Sam
Anil Varma wrote:
Hi,
I am running WebLogic Server 7.03 on Solaris 8.
I have one Admin and multiple Managed servers running.
Each creates its own log file.
Is there anyway I can access this log files from the browser ?
In Apache, you can create a link from htdocs dir to the logs dir
and then view the log files from the browser. Is there a similar
mechanism in Weblogic server.
A quick response is well appreciated.
Thanks in advance.
-Anil Varma -
How to override "All My Files" and restrict search to a single external hard drive?
I've got 3 large external hard-drives--WD, Seagate, iOmega--connected to my iMac to contain a sprawling music collection. I'm working on deduping, etc., but each attempt to search a single hard drive results in my search being shunted to "All My Files." I'll watch the Finder each time I enter a search term in the window of one drive, and upon entering a syllable in a drive's Search box, the area is expanded to include every folder in at least 4 different hard drives (inclding my iMac's).
I'm not sure if the problem is overly large drives (500 GB to 1.5 TB) or some default setting, probably associated with Spotlight, that interprets each and every search as, basically, "everything Spotlight can conceivably see." Needless to say, my cleaning project is going slow--primarily because I can't work "one room at a time."
Any suggestions much appreciated.
CapHI Cap,
I've disabled Spotlight on all my Macs, I use these 2 exclusively to find what I need...
Find Any File...
http://apps.tempel.org/FindAnyFile/
I'd get EasyFind...
http://www.devon-technologies.com/download/
Near the bottom of the page. -
Weblogic.policy doesn't work
I always get the below exception output, when starting WebLogic Server with
the weblogic.policy file. It seems to me, that I forgot something, but I
don't know what. What am I doing wrong here?
I did the following:
1. I added the folling property into weblogic.properties:
'weblogic.security.URLAclFile=weblogic.policy'
2. I adjusted the weblogic.policy file:
grant codeBase "file:/d:/program files/-" {
permission java.io.FilePermission "d:${/}program files${/}weblogic${/}-",
"read,write,delete,execute";
Also, I tried to replace 'codeBase' in weblogic.policy with 'Principal' but
it didn't work.
Thank you in advance,
Andreas
WebLogic Server Output:
=================
Unable to initialize server: weblogic.utils.security.ParsingException: line
30:
only Principal-based grant entries permitted
fatal initialization exception
weblogic.utils.security.ParsingException: line 30: only Principal-based
grant en
tries permitted
at
weblogic.utils.security.PolicyParser.parseGrantEntry(PolicyParser.jav
a, Compiled Code)
at weblogic.utils.security.PolicyParser.read(PolicyParser.java,
Compiled
Code)
at
weblogic.security.acl.internal.WLPropertyRealm.loadURLAcls(WLProperty
Realm.java:402)
at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1759)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:825)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)[email protected] (Andreas Guenther) wrote in
<[email protected]>:
I always get the below exception output, when starting WebLogic Server
with the weblogic.policy file. It seems to me, that I forgot something,
but I don't know what. What am I doing wrong here?
I did the following:
1. I added the folling property into weblogic.properties:
'weblogic.security.URLAclFile=weblogic.policy'
2. I adjusted the weblogic.policy file:
grant codeBase "file:/d:/program files/-" {
permission java.io.FilePermission "d:${/}program
files${/}weblogic${/}-",
"read,write,delete,execute";
Also, I tried to replace 'codeBase' in weblogic.policy with 'Principal'
but it didn't work.
Thank you in advance,
Andreas
WebLogic Server Output:
=================
Unable to initialize server: weblogic.utils.security.ParsingException:
line 30:
only Principal-based grant entries permitted
fatal initialization exception
weblogic.utils.security.ParsingException: line 30: only Principal-based
grant en
tries permitted
at
weblogic.utils.security.PolicyParser.parseGrantEntry(PolicyParser.jav
a, Compiled Code)
at weblogic.utils.security.PolicyParser.read(PolicyParser.java,
Compiled
Code)
at
weblogic.security.acl.internal.WLPropertyRealm.loadURLAcls(WLProperty
Realm.java:402)
at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1759)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:825)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
Obvious question/answer time:
I am unaware of problems with spaces, but they may need to be escaped. i
could not find any reference to special characters in the Sun
documentation.
Are you using only this policy file? The WebLogic documentation expects
you to specify this file as the security policy file to the JVM (ie on the
java.exe command-line). It must also be specified with ==, not = (e.g. -
Djava.security.policy==c:/weblogic/weblogic.policy) so the default policy
is overridden, not appended.
Finally, in the top of the weblogic.policy file, it is stated:
// If WebLogic is not installed in a root directory, you must only
// list the first component of the path in the "file:" URL. This is
// because of a bug in JavaSoft JDK 1.2.1. For example, if you
// install WebLogic in the "c:/test/weblogic" directory, the first
// two lines below must be:
// grant codeBase "file:/c:/test/-" {
// permission java.io.FilePermission "c:${/}test${/}weblogic${/}-",
"read,write,delete,execute";
This may apply to you since you're not in a root directory.
Jesse -
Help! Unable to Start - weblogic.policy - (Linux) and WLS 5.1
Does this hold true for NT as well? The comments in the weblogic.policy file read:
// If WebLogic is not installed in a root directory, you must only
// list the first component of the path in the "file:" URL. This is
// because of a bug in JavaSoft JDK 1.2.1. For example, if you
// install WebLogic in the "c:/test/weblogic" directory, the first
// two lines below must be:
// grant codeBase "file:/c:/test/-" {
// permission java.io.FilePermission "c:${/}test${/}weblogic${/}-", "read,write,delete,execute";
However, when I use the similar file structure:
grant codeBase "file:/c:/bea/-" {
permission java.io.FilePermission "c:${/}bea${/}wlserver6.0sp1${/}lib${/}-",
"read,write,delete,execute";
I receive the same error and WebLogic Server will not start up.
Thanks for your help.
Tawnya
Mark Griffith <[email protected]> wrote:
If you have a directory :
/usr/local/releases/451/weblogic
in that dir lives:
weblogic.policy
that policy file should say:
grant codeBase "file://weblogic/-" {
NOT
grant codeBase "file://usr/local/releases/451/weblogic/-" {
mbg
In article <[email protected]>, [email protected]
says...
ENV:
Redhat Linux 6.2 (Current Kernel)
Weblogic Server 5.1
Sun JDK for Linux version 1.2.2
It seems like I am having a weblogic.policy problem. I have read the
documenattion over and over and still cannot figure out this problem.
I have weblogic installed on /usr/local/weblogic directory
I Start with the command line:from the startWebLogic.sh Script
$JAVA $JAVA_OPTIONS -ms64m -mx64m -classpath $JAVACLASSPATH
-Dweblogic.class.path=$WEBLOGICCLASSPATH -Djava.security.manager
-Djava.security.policy=='pwd'/weblogic.policy
-Dweblogic.home=. weblogic.Server
I followed all the instrcutions on modifying the weblogic.policy
file.
example:
grant codeBase "file:/usr/local/weblogic/-" {
permission java.io.FilePermission "${/}usr${/}local${/}weblogic${/}-",
"read,write,delete,execute";
I still get the following :
Exception in thread "main" java.security.AccessControlException:access
denied (java.lang.RuntimePermission createSecurityManager )
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:191)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.<init>(SecurityManager.java:303)
at
weblogic.boot.ServerSecurityManager.<init>(ServerSecurityManager.java:11)
at weblogic.Server.main(Server.java:59)
at weblogic.Server.main(Server.java:55)
Can anyboby Help me out here?
Tony McClay
Mr. BigMAN--
==================================================
NewsGroup Rant
==================================================
Rant 1.
The less info you provide about your problem means
the less we can help you. Try to look at the
problem from an external perspective and provide
all the data necessary to put your problem in
perspective. -
Security Manager and Policy Files
Hi all,
I am writing a simple java rmi application, but understand it wont run without a Security Manager installed and a policy file.
I think I have installed the security manger using the following in the main() method of my client application:
System.setSecurityManager(new RMISecurityManager());However I am unsure how to use a policy file with this. I have looked on the internet, but it does not seem to be very well documented
Please could you advise me how to create a policy file that will work for my application and where to place it in my application so that my application can use it.
Any help would be greatfuly appreciated
Thanx
AaronAn RMI application doesn't need a security manager unless you are using the codebase feature.
-
Sample of weblogic.policy for WLS6.0
Dear all,
I had installed WLS6.0 on Solaris 2.6 and try to turn on
java security manager with this option
-Djava.security.policy==/usr/home/bea/wlserver6.0/lib/
weblogic.policy -Djava.security.manager
This make me unable to boot WLS. Here is contents of my weblogic.policy
grant {
// Permission "enableSubstitution" needed to run the WebLogic console
permission java.io.SerializablePermission "enableSubstitution";
// Permission "modifyThreadGroup" required to run the WebLogic Server
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "setContextClassLoader";
// Permission "setIO" needed to start a server from the WebLogic console
permission java.lang.RuntimePermission "setIO";
// Permission "getClassLoader" needed for many EJB clients
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "stopThread";
permission java.net.SocketPermission "localhost:1024-", "listen";
permission java.util.PropertyPermission "*", "read,write";
permission java.io.FilePermission "${/}usr${/}home${/}bea${/}wlserver6.0${/}-",
"read,write,delete,execute";
And here is the error occurs
java.security.AccessControlException: access denied (java.io.FilePermission /usr/home/bea/wlserver6.0
read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkRead(SecurityManager.java:890)
at java.io.File.exists(File.java:535)
at weblogic.utils.classloaders.ClasspathClassFinder.<init>(ClasspathClassFinder.java:61)
at weblogic.Home.getFileSource(Home.java:64)
at weblogic.Home.<init>(Home.java:29)
at weblogic.Home.getInstance(Home.java:82)
at weblogic.Home.getPath(Home.java:90)
at weblogic.security.internal.ServerAuthenticate.main(ServerAuthenticate.java:76)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:167)
at weblogic.Server.main(Server.java:35)
Could anyone give me what goes wrong. If you have a working version of weblogic.policy,
please share with me.
Regards,
KhemchartHere's a snippet from upcoming release notes about the Java
security manager and the example weblogic.policy file.
Using the Java Security Manager with WebLogic Server
When you run WebLogic Server under Java 2 (JDK 1.2 or 1.3), WebLogic
Server can use the Java Security Manager in Java 2 to provide
additional access control for WebLogic Server resources. The Java
Virtual Machine (JVM) has security mechanisms built into it which can
be managed via a security policy file. The Java Security Manager can
enforce a set of permissions granted to CodeSource or SignedBy
classes. The permissions allow certain classes running in that
instance of the JVM to do or not do certain runtime operations. In
many cases, where the threat model does not include malicious code
being run on the JVM, the Java Security Manager is unnecessary. In
cases such as when an Application Service Provider uses WebLogic
Server and unknown classes are being run, the Java Security Manager is
necessary. To use the Java Security Manager with WebLogic Server,
specify the -Djava.security.manager property when starting WebLogic
Server.
Note: In past releases of WebLogic Server, the Java Security Manager
was enabled by using the -Dweblogic.security.manager property when
starting WebLogic Server. Please note the change in the property for
WebLogic Server version 6.0 and greater.
The Java Security Manager uses a security policy file that defines
permissions. The full pathname of security policy is specified in the
-Djava.security.policy property when starting WebLogic Server. If you
enable the Java Security Manager but do not specify a security policy
file, the Java Security Manager uses the default security policies
defined in the java.security and java.policy files in the
$JAVA_HOME/lib/security directory.
WebLogic Server includes an example security policy file named
weblogic.policy. This file contains a set of default permissions.
You need to make the following edits to the file in order to use the
file with your WebLogic Server deployment.
1. Edit the following lines in the weblogic.policy file, replacing the
specified location with the location of your WebLogic Server
installation:
grant codebase "file://BEA/-"{
permission java.io.FilePermission "D:${/}BEA${/}=", ...
Note: This change assumes your installation directory structure is the
same as the one described in the BEA Home Directory topic in the BEA
WebLogic Server Installation Guide.
2. If you want to run the Administration Console, add the following
grant block and permissions to the weblogic.policy file:
grant {
permission java.io.FilePermission
"D:{/}BEA${/}wlserver600${/}weblogic${/}management${/}console${/}-",
"read";
permission java.io.FilePermission
"D:{/}BEA${/}wlserver600${/}config${/}mydomain${/}applications${/}.wl_te\
mp_do_not_delete${/}weblogic${/}management${/}console${/}-", "read";
permission java.util.PropertyPermission "user.*", "read";
3. If you have extra directories in your CLASSPATH or if you are
deploying applications in extra directories, you need to add specific
permissions for those directories to your weblogic.policy file.
BEA also recommends taking the following precautions:
? Make a backup copy of the weblogic.policy file and put the backup
copy in a secure location.
? Set the permissions on the weblogic.policy file such that the
adminstrator of the WebLogic Server deployment has write and read
privileges and no other users
To use the Java Security Manager and the weblogic.policy file with
your WebLogic Server deployment, use the following properties when
starting WebLogic Server:
$java... -Djava.security.manager \
-Djava.security.policy==D:/BEA/wlserver600/lib/weblogic.policy
For more information about the Java Security Manager, see the Javadoc
shipped with Java 2.
The RecordingSecurityManager utility can be used to detect permission
problems that occur when starting and running WebLogic Server. The
utility outputs permissions that can be added to your security policy
file to resolve the permission problems that the utility finds. The
RecordingSecurityManager is available at the BEA Developer's Center. -
HI,
I want to run this example of the RMI.
I'm in the "Running" level.
http://java.sun.com/docs/books/tutorial/rmi/compiling.html
I didn't understend where to put these files and what the goal for these:
server.policy ,client.policy
Am I create these files with the notpad editor?
I'm using the same computer for server & client.
I have this project: (in one directory - "RMI")
My JVM in D:\Programs\Java\jdk1.5.0_08
My project locations:
D:\MyJava\RMI
client
compute
engine
public_html\classes\compute.jar
so, where shuld I put theses policy?
and how to create these policy files?
Thank'sSAP on windows server 2008 64 bit
Markus -
Weblogic.policy and class.forname
Hi,
my company develops an application for an external customer (bea 6.1). In
our cutomers eyes the application is a security risk because our customer is
afraid that we are using the class.forname command to create manually
connections to other databases.
I would like to know, is it possible to disable this command for our
application with the help of the weblogic.policy file?
Regards
Michaelyes.. i think it returns Class object. But, isthere
any other way to instantiate a class other thanusing
the new operatorOthers
- JNI, similar but not exactly new
- Serialization which by passes the normal processCloning
Class.newInstance has been mentioned, but Constructor.newInstance has not -
Ramifications of weblogic.policy permissions...
What are the ramifications/dangers of setting these
in the general grant section of the weblogic.policy file:
permission java.net.NetPermission "specifyStreamHandler";
permission java.security.AllPermission
I am running wl 5.1, sp8 (maybe sp10), jdk 1.3.1_01.
JasonWhat are the ramifications/dangers of setting these
in the general grant section of the weblogic.policy file:
permission java.net.NetPermission "specifyStreamHandler";
permission java.security.AllPermission
I am running wl 5.1, sp8 (maybe sp10), jdk 1.3.1_01.
Jason
Maybe you are looking for
-
HP laserjet CP3530 MFP, I can't get this baby to scan to a server or workstation folder
Hey Guys(and ladies), I have a HP laserjet CM3539 MFP and when I try to set up the scan to folder option, and I click the scan wizard, it asks for me to install the CD that came with this printer. I purchased it on ebay and they don't have a CD for i
-
Error while creating Discussions for a document inside a room
Hi, I am getting an error when i am trying to start a discussion for a document. When i go back to the details screen and try to add a discussion it shows that the discussion is actually created inspite of the error being displayed. Thanks Regards Pr
-
Best Practice while configuring Traffic Manager for Azure Website
Hi Team, I want to understand What is the best practice while we configure traffic manager for Azure website. To give you the base, Here let me explain my requirement. I have one website which 40% target audiences would be East US, while 40% would b
-
How do I enable cookies in Safari so that I can submit an on-line resume?
How do I enable cookies in Safari so that I can submit an on-line resume? Message reads, "You do not have per-session cookies enables! Per-session cookies must be enabled in your browser to submit online resumes."
-
I am trying to e-mail photos from iPhoto on my MacBook Pro (OS X Lion 10.7.5). When I hit "send", I get this message, "The email server didn't recognize your user name/password combination". How do I resolve this issue? Thank-you