Java -Djava.security.manager -Djava.security.policy=myPolicy classfile
Hi everybody and Sun's member,
From the command line we can install security manager as follows :
java -Djava.security.manager - Djava.security.policy=myPolicy
is it possible to install security manager and policy file by our program. Sugestion pliz.
Regards
Gt
Thanks for your sugesstion. With this command "java -Djava.security.manager - Djava.security.policy=myPolicy" we are installing Security Manager and Policy file. What will be the minimum code for the above command, as I want to install dynamically (I mean how to spacify and install Security manager and policy files by programatically). Appreatiating anybodies sugesstion.
Regards
Gt
Similar Messages
-
Custom Security Manager or Security Event Interception from WebLogic Console
Hello,
I have built my own Security Manager and implemented custom preference/property mechanism for every Principal, so when I use my Swing client to create new User and new Group, as well as addMember to a Group, I know what to do with those properies/preferences.
Now, I want to use WebLogic Console to manage users and groups. I want to intercept events in my Security Manager about new User or Group creation or changing their memberships as Principals in order to handle their Preference/properties stuff myself...
I wonder what should I "listen" in order to understand that someone has changed membership of Users or Groups or about creation of new User or Group?
I use Weblogic Server 6.0 sp2
sergeHi Daniel,
> a custom security manager for the standard CM Repository
And this dictates you indeed to use the old API, as the CMRepositoryManager itself is using the old API.
The standard AclSecurityManager is implemented by com.sapportals.wcm.repository.manager.generic.security.AclSecurityManager. If you check out Configuration - Content Management - Repository Managers - Security Manager, you will see "ACL Security Manager" (the one from above) and "ACL Security Manager (for new Manager-API)". This is implementing / using the new API, but needs also a RM using the new API.
> java.lang.NoSuchMethodException: MySecurityManager.<init>
This exception only complains about a missing constructor!? Have you implemented a default constructor?!
> If this is the case, where can I find the API for IUMPrincipal? It is not included in any provided API because of deprecation.
The methods of the old EP5 user management are more or less similar to the new UME, so using the old deprecated API should be more or less straight forward.
There are also transformer methods for example to transform a "new" user object to an old EP5 one, see https://forums.sdn.sap.com/thread.jspa?threadID=235656&tstart=0
Hope it helps
Detlev -
Weblogic 6.1 and -Djava.security.manager license failed
I just tried to run (under jbuilder6), weblogic 6.1 sp3 (evaluation) and I have
got a :
$$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
Unable to start WebLogic Server !!
Null public key
$$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
The VM parameters I use are :
-ms64m -mx64m
-Djava.library.path=C:/bea/wlserver6.1/bin
-Dbea.home=C:/bea
-Dweblogic.Domain=cyradeladomain -Dweblogic.Name=name
-Djava.security.policy==C:/bea/wlserver6.1/lib/weblogic.policy --Dweblogic.management.password=xxxxxxx
-Djava.security.manager
-Djava.security.debug=failure
Did I missed some VM parameters ? What should I do to bypass this error?
thanks!I'm getting the same problem running weblogic 7.0 with sp 1.
Any other ideas on how to solve it?
"kirann" <[email protected]> wrote:
do you need to run the server with java security manager if not required
then remove -Djava.security.manager
else given full permission to the code based weblogic is in!
thanks
kiran
"ezablith" <[email protected]> wrote in message
news:3ddce60a$[email protected]..
I just tried to run (under jbuilder6), weblogic 6.1 sp3 (evaluation)and I
have
got a :
$$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
Unable to start WebLogic Server !!
Null public key
$$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
The VM parameters I use are :
-ms64m -mx64m
-Djava.library.path=C:/bea/wlserver6.1/bin
-Dbea.home=C:/bea
-Dweblogic.Domain=cyradeladomain -Dweblogic.Name=name
-Djava.security.policy==C:/bea/wlserver6.1/lib/weblogic.policy --Dweblogic..management.password=xxxxxxx
-Djava.security.manager
-Djava.security.debug=failure
Did I missed some VM parameters ? What should I do to bypass this error?
thanks! -
Start Tomcat 5.5 with Security Manager
Recently, i have installed Tomcat version 5.5.8 but i have problem to start tomcat with a Securiy manager.
For Tomcat version 4.xx we could start Tomcat with SecurityManager by using the "-security" option at "%CATALINA_HOME%\bin\startup.bat" after configured the catalina.policy file.
But i couldn't do so at Tomcat 5.5.8. Any idea? Many Thanks.Start it yourself with
java -Dcatalina.home=$CATALINA_HOME -Djava.security.manager -Djava.security.policy=="your.policy" -cp your.classpath org.apache.catalina.startup.Bootstrap
Cheers,
Arnaud -
Specifying system properties/security manager for OC4J
I have a couple of related questions regarding OC4J/orion.jar:
1. Generically, how can we specify system properties to orion.jar? Being an executable JAR, simply using -D does not work.
2. Specifically, I need to launch the OC4J app server with a Java security manager (with associated security policies, etc.) Java's way of doing this is via -Djava.security.manager=... but this does not work with executable JARs it seems. I tried specifying these parameters via -D and I got a security exception:
Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyP
rmission java.protocol.handler.pkgs write)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.System.setProperty(Unknown Source)
at com.evermind.server.ApplicationServer.initProtocolHandlers(ApplicationServer.java:652)
at com.evermind.server.ApplicationServer.launchCommandline(ApplicationServer.java:319)
at com.evermind.server.ApplicationServer.main(ApplicationServer.java:314)
So, how do I install the Java security manager with orion.jar? Is there any other way to specify system properties to this, or is there any other way to install the Java security manager for OC4J?
Any help much appreciated.
..HrishiThanks, that seemed to work. However it seems that spawned another little problem. I was using the -Xbootclasspath/a option while firing up orion.jar because I needed to append something to OC4J's default classpath (that is specified in orion.jar's Manifest). Now, when I start OC4J with the -D options for the security policy, it seems to ignore the -Xbootclasspath argument. I have not yet been able to confirm this fact, but based on the ClassNotFoundError I'm running into, that does seem to be the problem.
So I guess my question is, could specifying the -D options to the executable JAR cause it to ignore any other options you may be passing to it (such as -Xbootclasspath)? Is there any sequence in which these args need to be passed?
Thanks.
..Hrishi
Hi,
You can try this :
- Check if you have a file java2.policy in <OC4J_HOME>\config\policy and check if the permission java.util.PropertyPermission "read,write" is granted to <OC4J_HOME>.
if there is no file, you can create one based on <JAVA_HOME>\lib\security\java.policy and grant the approriate privileges.
- Launch OC4J :
java -Djava.security.manager -Djava.security.policy=<OC4J_HOME>/config/java2.policy -jar orion.jar
OR java -Djava.security.manager -Djava.security.policy=<PATH_TO_FILE_POLICY>/<YOUR_FILE>.policy -jar orion.jar
Maher -
Cannot find security providers when using a security manager.
Hi all,
I've done stuff with JAAS and JSSE before, but this is the first time I've combined the two :o)
I have some code for an application server and I'm using SSL sockets in order to communicate with the outside world. These all work fine, no problems at all.
However, I want to control what code is executed on the server using the security framework. When I load my server using a security manager and custom security policy it seems that my app can no longer find the security providers.
Exception in thread "SSLServer" java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.java:137)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.getEphemeralDHKeys(ServerHandshaker.java:132)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:707)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:292)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
at com.essar.hikesoft.server.netio.SSLConnectionServer.run(SSLConnectionServer.java:126)
at java.lang.Thread.run(Thread.java:595)I start my app as follows:
java -Djava.security.manager -Djava.security.policy==security.policy -classpath... and I have the following lines in my security.policy file
permission java.security.SecurityPermission "insertProvider.*";
permission java.security.SecurityPermission "putProviderProperty.*";I know that the providers are defined in the java.security file, do I have to implement my own Security manager in order to load these providers? Or have I missed something else?
Am currently chewing through the docs at http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-spec.doc6.html but any further assistance greatly appreciated!That seems to have cured it cheers - sure I copied the double '=' from somewhere, thought it was wierd at the time.
Now to solve the odd MySQL errors :-)
Thanks for your help. -
License Exception using security manager w/ WL 6.1 SP 3
I am running WL 6.1 SP 3 on Solaris 5.8 w/ jkd 1.3.1. I am trying to use a security
manager in a clustered environment. The startManagedWeblogic.sh starts the server
via:
java $JAVA_OPTIONS -classpath $CLASSPATH -Dweblogic.Domain=sceptre -Dweblogic.Name=$SERVER_NAME
-Dweblogic.management.server=$ADMIN_URL -Dbea.home=/disk01/abc/abc8/bea -Dweblogic.management.password=$WLS_PW
-Dweblogic.ProductionModeEnabled=$STARTMODE -Djava.security.manager -Djava.security.policy==$WL_HOME/lib/weblogic.policy
weblogic.Server
The weblogic.policy file has been altered to set the codebase / file location
for my weblogic instance as indicated in the admin guide:
grant codeBase "file:/disk01/abc/abc8/bea/wlserver6.1/-" {
permission java.io.FilePermission "/disk01/abc/abc8/bea/wlserver6.1/-", "read,write,delete,execute";
However, when I start my server I receive the following:
$$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
Unable to start WebLogic Server !!
WebLogic: license has expired on Thu Nov 28 12:00:00 EST 2002!
I'm unclear why this error only occurs if I specify the -Djava.security.manager
option, but the error is incorrect. I suspect it may be due to my licence.bea
file containing both an active license and an expired evaluation license. Is
this a known issue, and how can I get around it?
If my policy file settings are in error please let me know. I assume they are
right since if I otherwise put in invalid settings I get various java.security.AccessControlException
(s)."Peter" <PeterB> wrote:
>
"Chad Price" <[email protected]> wrote in message
news:3ffb4a9b$[email protected]..
I am running WL 6.1 SP 3 on Solaris 5.8 w/ jkd 1.3.1. I am tryingto use
a security
manager in a clustered environment. The startManagedWeblogic.sh startsthe server
via:
java $JAVA_OPTIONS -classpath$CLASSPATH -Dweblogic.Domain=sceptre -Dweblogic.Name=$SERVER_NAME
-Dweblogic.management.server=$ADMIN_URL -Dbea.home=/disk01/abc/abc8/bea-D
weblogic.management.password=$WLS_PW
-Dweblogic.ProductionModeEnabled=$STARTMODE -Djava.security.manager-Djava
.security.policy==$WL_HOME/lib/weblogic.policy
weblogic.Server
The weblogic.policy file has been altered to set the codebase / filelocation
for my weblogic instance as indicated in the admin guide:
grant codeBase "file:/disk01/abc/abc8/bea/wlserver6.1/-" {
permission java.io.FilePermission "/disk01/abc/abc8/bea/wlserver6.1/-","read,write,delete,execute";
However, when I start my server I receive the following:
$$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
Unable to start WebLogic Server !!
WebLogic: license has expired on Thu Nov 28 12:00:00 EST 2002!
I'm unclear why this error only occurs if I specifythe -Djava.security.manager
option, but the error is incorrect. I suspect it may be due to mylicence.bea
file containing both an active license and an expired evaluation license.Is
this a known issue, and how can I get around it?
Can you remove the expired license?
I removed the invalid license, and now get a different error:
License error, Invalid host IP
Having looked at ticket S-15389, I used java utils.myip java utils.netAddresses
-a to verify that the IP Address returned by the JVM is the same as the one in
the license file. Additionally, I checked the /etc/hosts file to verify the IP
address mapped to the server name was the same in the license file. -
I am trying to set a security property for a portlet deployed in a pluto/tomcat container. The portlet fails with a security permission exception.
This is how I start the jsvc daemon:
jsvc.exec -Djava.security.manager -Djava.security.debug=access -Djava.security.policy=/opt/luminis/webapps/luminis/WEB-INF/config/server.policy
This is how I configured server.policy (eventually I will restrict it to a codebase and more specific permission):
grant {
permission java.security.AllPermission;
I have tried several types of permissions, locations of the policy, editing the default security policy, nothing works.
The only thing that worked so far was disabling the security manager. Then the portlet renders with no errors.
Is there a setting that I am missing? Thank you.(a) What security exception?
(b) clearly your .policy file isn't being found.
(c) run it with java.security.debug=access,failure and you will see exactly what security policy is in effect and exactly what permissions you need to grant. -
JAAS without a Security Manager
Can I get JAAS authentication and authorization without using a security manager? The reason I'm asking is I've built an ACL system using JAAS permissions and it appears to work even if I don't specify a security manager (only command line options are -Djava.security.policy=policy.conf -Djava.security.auth.login.config=login.conf)
All examples and documents I've been able to find have always included a security manager (-Djava.security.manager) so I was suprised to find it my system works without specifying one.
-dHello,
Just got a question for you. I've noticed in one of your postings that you implemented a permissions framework that reads the settings from a database? I was wondering how you went about it.
We are struggling with a security design we'd like to setup: we got a menuing system that allows a user to start some functionality if he has access to that. Now we want to augment that with more functional permissions instead of just access. We got the JAAS authentication setup; problem remains where to implement the check/read from the DB if a user has which permissions on a function.
thanks for any info on this!
Wim Van Leuven. -
Security manager enabled w/o -Djava.security.manager
Hi all,
I am facing an issue where java.policy is being enforced w/o a -Djava.security.manager specified on the command line.
from ps -ef | grep java, I found the java process and it does not have -Djava.security.manager. However, when I modify jdk/jre/lib/security/java.policy, I can see the effect of the security setting when I restart the java process. I scanned through the source code, I do not find any setSecurityManager() API call either.
Given the above, does anyone have suggestion on how the security manager is enabled in this case?
Regards,
TomSystem.setProperty("java.security.manager","true");
System.getProperties().setProperty("java.security.manager","true");
Properties p = System.getProperties();
p.setProperty("java.security.manager","true");
// etc -
Cannot start OC4J instance after specifying default java.security.manager
Hi All,
I am using OracleiAS 10.1.3.4 and trying to make use of the new User and Role APIs introduced in 10.1.3.1.
While trying to get an object of IdentityStore using the following code, I got this error -
java.security.PrivilegedActionException: oracle.security.idm.ConfigurationException: java.security.AccessControlException: access denied (oracle.security.jazn.JAZNPermission getOC4JIntegrationData)
oidFactory = (IdentityStoreFactory) AccessController.doPrivileged(
new PrivilegedExceptionAction()
public Object run() throws IMException
IdentityStoreFactoryBuilder builder =
new IdentityStoreFactoryBuilder();
return builder.getIdentityStoreFactory();
I then tried specifying the default security manager in start JAVA options for my oc4j instance - Djava.security.manager. I also verified that my java policy file is present under $ORACLE_HOME/j2ee/oc4j_soa/config/java2.policy. But the issue is - once I put this default secirity manager in startup options in opmn.xml, the oc4j instance does not get started, it gives following error -
08/12/30 02:58:22 Start process
Dec 30, 2008 2:58:24 AM com.evermind.server.XMLDataSourcesConfig parseRootNode
INFO: Legacy datasource detected...attempting to convert to new syntax.
08/12/30 02:58:29 WARNING: Application.setConfig Application: default is in failed state as initialization failed.
java.lang.ExceptionInInitializerError
08/12/30 02:58:29 Error initializing server: Application: default is in failed state as initialization failed
08/12/30 02:58:32 Fatal error: server exiting
Any idea ? Any pointers please ?
Thanks,
AnkitAnkit,
Check your syntax for the datasource. If you migrated from file-based to OID, then you should look at this link:
http://download.oracle.com/docs/cd/E12524_01/relnotes.1013/e12523/oc4j.htmThere is a known issue when migrating from file-based to OIM\OID. Navigate to:
12.2 JAZNMigration Tool Does Not Migrate ADFPrincipal Type Correctly
-Michael -
WebLogic Admin Console won't work with java security manager enabled.
By just enabling the security manager on the command line with -Djava.security.manager and using the default weblogic.policy in the server/lib directory, the admin console will not work. I just see a blank page when I try to access the admin console with permission errors all over on the server console.
In looking at the admin console's weblogic.xml it should have access to everything since it contains:
grant {
permission java.security.AllPermission;
Are there known issues with this? If I add this permission to the weblogic.policy file everything works fine but then I might as well not turn on the security manager.
Thanks,
DaveDavid,
I was glad to see your post regarding WLS 9.2 and the troubles with enabling Java Security Manager.
Were you able to learn any more on things like - why doesn't the admin console work when the security manager is enabled with the default policy file. Also, why is it so difficult to add permissions for your own applications and get them to actually work.
I'd be curious to see if you were able to get it to work or if you have any insights or resources that can help with this as we are really struggling to get a restrictive policy file that works.
Thanks,
D -
Java.security.manager ?
My understanding about Java SecurityManager is when you want to use it,
it have to be installed. It can be installed through
using -Djava.security.manager
option with java command or calling setSecurityManager() in the application.
I'm sure that WLS startup script marketed with WLS5.1
used -Djava.security.manager
option, however, WLS6.1 and WLS7.0's script don't use the option. Do they
install a SecurityManager through setSecurityManager() method?
I'm just curious to know why they are different between WLS5.1 and
WLS6.1/7.0.
Thanks in advance,
Koji Sekiguchi6.1 and 7.0 do not install a SecurityManager programattically. It was
decided that most people do not make use of the added security provided
by the security manager and that it has a significant performance hit on
the VM (I think we found 6-7% degradation but it was a long time ago so
I may be way off) so that it did not make sense to run with it by
default. Instead we tell people to turn it on who need it. It seems
better because all of the security conscious people know to look for it
and all of the security unaware folk don't know enough to turn it off so
they are stuck with the degradation.
The SecurityManager is really most helpful if you are installing
untrusted applications on your app server (something most users don't
do). It does next-to-nothing to prevent remote attacks.
Neil Smithline
Koji Sekiguchi wrote:
My understanding about Java SecurityManager is when you want to use it,
it have to be installed. It can be installed through
using -Djava.security.manager
option with java command or calling setSecurityManager() in the application.
I'm sure that WLS startup script marketed with WLS5.1
used -Djava.security.manager
option, however, WLS6.1 and WLS7.0's script don't use the option. Do they
install a SecurityManager through setSecurityManager() method?
I'm just curious to know why they are different between WLS5.1 and
WLS6.1/7.0.
Thanks in advance,
Koji Sekiguchi -
Security manager & mention "Java Applet Window"
A simple program that displays a frame with one button in it.
The frame displays, no problem.
When a security manager is added "System.setSecurityManager(new SecurityManager());"
and the program is run again a "status bar" is added at the bottom of the frame
mentioning "Java Applet Window".
Why is that, and can it be suppressed ? (I am working in JDK 1.4)
Any tip greatly appreciatedI was dealing with this myself and just discovered that the adding the following line to my security policy removed the message:
permission java.awt.AWTPermission "showWindowWithoutWarningBanner"; -
Security Manager and Policy Files
Hi all,
I am writing a simple java rmi application, but understand it wont run without a Security Manager installed and a policy file.
I think I have installed the security manger using the following in the main() method of my client application:
System.setSecurityManager(new RMISecurityManager());However I am unsure how to use a policy file with this. I have looked on the internet, but it does not seem to be very well documented
Please could you advise me how to create a policy file that will work for my application and where to place it in my application so that my application can use it.
Any help would be greatfuly appreciated
Thanx
AaronAn RMI application doesn't need a security manager unless you are using the codebase feature.
Maybe you are looking for
-
Editable Field in ALV TREE Display Using OOPs
Hi, I am trying to make a field editable on the ALV Tree display. I could create an editable check box. But could not make a field Editable. I have made EDIT = 'X' in the fieldcatalog for the particular field. but it is not working. Please help me i
-
Hi, How can I create a Down payment request at the time of creating PO with payment terms - 100% advance with PO. Thanks in advance. Biswajit M
-
How to do File Comparison in SAP PI
Hi All, I have another requirement. I have two text files, both containing a list of materials. I want to compare file A with file B and add the materials from file B that are not in file A. For example Input: File A 15-G 12-B 18-A 18-D Inp
-
Replacing ProBook 640 G1 HDD to SSD
Hi all, I have a HP ProBook 640 G1 and would like to replace the HDD with a 500GB SSD. - Is this possible? - If yes, what specs/kind of SSD to look for to buy? - Best reliable brand of SSD forum members have experienced/recommend? - What is the best
-
Hello All, Am using output type set up as external send. I have configured and assigned smart form defined. But while issuing the output it is going into error and no processing log is shown. Can anyone tell me how can I send PO though email, by usin