Java -Djava.security.manager -Djava.security.policy=myPolicy classfile

Similar Messages

• Custom Security Manager or Security Event Interception from WebLogic Console

  Hello,
  I have built my own Security Manager and implemented custom preference/property mechanism for every Principal, so when I use my Swing client to create new User and new Group, as well as addMember to a Group, I know what to do with those properies/preferences.
  Now, I want to use WebLogic Console to manage users and groups. I want to intercept events in my Security Manager about new User or Group creation or changing their memberships as Principals in order to handle their Preference/properties stuff myself...
  I wonder what should I "listen" in order to understand that someone has changed membership of Users or Groups or about creation of new User or Group?
  I use Weblogic Server 6.0 sp2
  serge

  Hi Daniel,
  > a custom security manager for the standard CM Repository
  And this dictates you indeed to use the old API, as the CMRepositoryManager itself is using the old API.
  The standard AclSecurityManager is implemented by com.sapportals.wcm.repository.manager.generic.security.AclSecurityManager. If you check out Configuration - Content Management - Repository Managers - Security Manager, you will see "ACL Security Manager" (the one from above) and "ACL Security Manager (for new Manager-API)". This is implementing / using the new API, but needs also a RM using the new API.
  > java.lang.NoSuchMethodException: MySecurityManager.<init>
  This exception only complains about a missing constructor!? Have you implemented a default constructor?!
  > If this is the case, where can I find the API for IUMPrincipal? It is not included in any provided API because of deprecation.
  The methods of the old EP5 user management are more or less similar to the new UME, so using the old deprecated API should be more or less straight forward.
  There are also transformer methods for example to transform a "new" user object to an old EP5 one, see https://forums.sdn.sap.com/thread.jspa?threadID=235656&tstart=0
  Hope it helps
  Detlev

• Weblogic 6.1 and -Djava.security.manager license failed

  I just tried to run (under jbuilder6), weblogic 6.1 sp3 (evaluation) and I have
  got a :
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  Unable to start WebLogic Server !!
  Null public key
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  The VM parameters I use are :
  -ms64m -mx64m
  -Djava.library.path=C:/bea/wlserver6.1/bin
  -Dbea.home=C:/bea
  -Dweblogic.Domain=cyradeladomain -Dweblogic.Name=name
  -Djava.security.policy==C:/bea/wlserver6.1/lib/weblogic.policy --Dweblogic.management.password=xxxxxxx
  -Djava.security.manager
  -Djava.security.debug=failure
  Did I missed some VM parameters ? What should I do to bypass this error?
  thanks!

  I'm getting the same problem running weblogic 7.0 with sp 1.
  Any other ideas on how to solve it?
  "kirann" <[email protected]> wrote:
  do you need to run the server with java security manager if not required
  then remove -Djava.security.manager
  else given full permission to the code based weblogic is in!
  thanks
  kiran
  "ezablith" <[email protected]> wrote in message
  news:3ddce60a$[email protected]..
  I just tried to run (under jbuilder6), weblogic 6.1 sp3 (evaluation)and I
  have
  got a :
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  Unable to start WebLogic Server !!
  Null public key
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  The VM parameters I use are :
  -ms64m -mx64m
  -Djava.library.path=C:/bea/wlserver6.1/bin
  -Dbea.home=C:/bea
  -Dweblogic.Domain=cyradeladomain -Dweblogic.Name=name
  -Djava.security.policy==C:/bea/wlserver6.1/lib/weblogic.policy --Dweblogic..management.password=xxxxxxx
  -Djava.security.manager
  -Djava.security.debug=failure
  Did I missed some VM parameters ? What should I do to bypass this error?
  thanks!

• Start Tomcat 5.5 with Security Manager

  Recently, i have installed Tomcat version 5.5.8 but i have problem to start tomcat with a Securiy manager.
  For Tomcat version 4.xx we could start Tomcat with SecurityManager by using the "-security" option at "%CATALINA_HOME%\bin\startup.bat" after configured the catalina.policy file.
  But i couldn't do so at Tomcat 5.5.8. Any idea? Many Thanks.

  Start it yourself with
  java -Dcatalina.home=$CATALINA_HOME -Djava.security.manager -Djava.security.policy=="your.policy" -cp your.classpath org.apache.catalina.startup.Bootstrap
  Cheers,
  Arnaud

• Specifying system properties/security manager for OC4J

  I have a couple of related questions regarding OC4J/orion.jar:
  1. Generically, how can we specify system properties to orion.jar? Being an executable JAR, simply using -D does not work.
  2. Specifically, I need to launch the OC4J app server with a Java security manager (with associated security policies, etc.) Java's way of doing this is via -Djava.security.manager=... but this does not work with executable JARs it seems. I tried specifying these parameters via -D and I got a security exception:
  Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyP
  rmission java.protocol.handler.pkgs write)
  at java.security.AccessControlContext.checkPermission(Unknown Source)
  at java.security.AccessController.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkPermission(Unknown Source)
  at java.lang.System.setProperty(Unknown Source)
  at com.evermind.server.ApplicationServer.initProtocolHandlers(ApplicationServer.java:652)
  at com.evermind.server.ApplicationServer.launchCommandline(ApplicationServer.java:319)
  at com.evermind.server.ApplicationServer.main(ApplicationServer.java:314)
  So, how do I install the Java security manager with orion.jar? Is there any other way to specify system properties to this, or is there any other way to install the Java security manager for OC4J?
  Any help much appreciated.
  ..Hrishi

  Thanks, that seemed to work. However it seems that spawned another little problem. I was using the -Xbootclasspath/a option while firing up orion.jar because I needed to append something to OC4J's default classpath (that is specified in orion.jar's Manifest). Now, when I start OC4J with the -D options for the security policy, it seems to ignore the -Xbootclasspath argument. I have not yet been able to confirm this fact, but based on the ClassNotFoundError I'm running into, that does seem to be the problem.
  So I guess my question is, could specifying the -D options to the executable JAR cause it to ignore any other options you may be passing to it (such as -Xbootclasspath)? Is there any sequence in which these args need to be passed?
  Thanks.
  ..Hrishi
  Hi,
  You can try this :
  - Check if you have a file java2.policy in <OC4J_HOME>\config\policy and check if the permission java.util.PropertyPermission "read,write" is granted to <OC4J_HOME>.
  if there is no file, you can create one based on <JAVA_HOME>\lib\security\java.policy and grant the approriate privileges.
  - Launch OC4J :
  java -Djava.security.manager -Djava.security.policy=<OC4J_HOME>/config/java2.policy -jar orion.jar
  OR java -Djava.security.manager -Djava.security.policy=<PATH_TO_FILE_POLICY>/<YOUR_FILE>.policy -jar orion.jar
  Maher

• Cannot find security providers when using a security manager.

  Hi all,
  I've done stuff with JAAS and JSSE before, but this is the first time I've combined the two :o)
  I have some code for an application server and I'm using SSL sockets in order to communicate with the outside world. These all work fine, no problems at all.
  However, I want to control what code is executed on the server using the security framework. When I load my server using a security manager and custom security policy it seems that my app can no longer find the security providers.
  Exception in thread "SSLServer" java.lang.RuntimeException: Could not generate DH keypair
       at com.sun.net.ssl.internal.ssl.DHKeyExchange.generateKeyPair(DHKeyExchange.java:137)
       at com.sun.net.ssl.internal.ssl.ServerHandshaker.getEphemeralDHKeys(ServerHandshaker.java:132)
       at com.sun.net.ssl.internal.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:707)
       at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:292)
       at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
       at com.essar.hikesoft.server.netio.SSLConnectionServer.run(SSLConnectionServer.java:126)
       at java.lang.Thread.run(Thread.java:595)I start my app as follows:
  java -Djava.security.manager -Djava.security.policy==security.policy -classpath... and I have the following lines in my security.policy file
  permission java.security.SecurityPermission "insertProvider.*";
  permission java.security.SecurityPermission "putProviderProperty.*";I know that the providers are defined in the java.security file, do I have to implement my own Security manager in order to load these providers? Or have I missed something else?
  Am currently chewing through the docs at http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-spec.doc6.html but any further assistance greatly appreciated!

  That seems to have cured it cheers - sure I copied the double '=' from somewhere, thought it was wierd at the time.
  Now to solve the odd MySQL errors :-)
  Thanks for your help.

• License Exception using security manager w/ WL 6.1 SP 3

  I am running WL 6.1 SP 3 on Solaris 5.8 w/ jkd 1.3.1. I am trying to use a security
  manager in a clustered environment. The startManagedWeblogic.sh starts the server
  via:
  java $JAVA_OPTIONS -classpath $CLASSPATH -Dweblogic.Domain=sceptre -Dweblogic.Name=$SERVER_NAME
  -Dweblogic.management.server=$ADMIN_URL -Dbea.home=/disk01/abc/abc8/bea -Dweblogic.management.password=$WLS_PW
  -Dweblogic.ProductionModeEnabled=$STARTMODE -Djava.security.manager -Djava.security.policy==$WL_HOME/lib/weblogic.policy
  weblogic.Server
  The weblogic.policy file has been altered to set the codebase / file location
  for my weblogic instance as indicated in the admin guide:
  grant codeBase "file:/disk01/abc/abc8/bea/wlserver6.1/-" {
  permission java.io.FilePermission "/disk01/abc/abc8/bea/wlserver6.1/-", "read,write,delete,execute";
  However, when I start my server I receive the following:
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  Unable to start WebLogic Server !!
  WebLogic: license has expired on Thu Nov 28 12:00:00 EST 2002!
  I'm unclear why this error only occurs if I specify the -Djava.security.manager
  option, but the error is incorrect. I suspect it may be due to my licence.bea
  file containing both an active license and an expired evaluation license. Is
  this a known issue, and how can I get around it?
  If my policy file settings are in error please let me know. I assume they are
  right since if I otherwise put in invalid settings I get various java.security.AccessControlException
  (s).

  "Peter" <PeterB> wrote:
  >
  "Chad Price" <[email protected]> wrote in message
  news:3ffb4a9b$[email protected]..
  I am running WL 6.1 SP 3 on Solaris 5.8 w/ jkd 1.3.1. I am tryingto use
  a security
  manager in a clustered environment. The startManagedWeblogic.sh startsthe server
  via:
  java $JAVA_OPTIONS -classpath$CLASSPATH -Dweblogic.Domain=sceptre -Dweblogic.Name=$SERVER_NAME
  -Dweblogic.management.server=$ADMIN_URL -Dbea.home=/disk01/abc/abc8/bea-D
  weblogic.management.password=$WLS_PW
  -Dweblogic.ProductionModeEnabled=$STARTMODE -Djava.security.manager-Djava
  .security.policy==$WL_HOME/lib/weblogic.policy
  weblogic.Server
  The weblogic.policy file has been altered to set the codebase / filelocation
  for my weblogic instance as indicated in the admin guide:
  grant codeBase "file:/disk01/abc/abc8/bea/wlserver6.1/-" {
  permission java.io.FilePermission "/disk01/abc/abc8/bea/wlserver6.1/-","read,write,delete,execute";
  However, when I start my server I receive the following:
  $$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
  Unable to start WebLogic Server !!
  WebLogic: license has expired on Thu Nov 28 12:00:00 EST 2002!
  I'm unclear why this error only occurs if I specifythe -Djava.security.manager
  option, but the error is incorrect. I suspect it may be due to mylicence.bea
  file containing both an active license and an expired evaluation license.Is
  this a known issue, and how can I get around it?
  Can you remove the expired license?
  I removed the invalid license, and now get a different error:
  License error, Invalid host IP
  Having looked at ticket S-15389, I used java utils.myip java utils.netAddresses
  -a to verify that the IP Address returned by the JVM is the same as the one in
  the license file. Additionally, I checked the /etc/hosts file to verify the IP
  address mapped to the server name was the same in the license file.

• Jsvc security manager

  I am trying to set a security property for a portlet deployed in a pluto/tomcat container. The portlet fails with a security permission exception.
  This is how I start the jsvc daemon:
  jsvc.exec -Djava.security.manager -Djava.security.debug=access -Djava.security.policy=/opt/luminis/webapps/luminis/WEB-INF/config/server.policy
  This is how I configured server.policy (eventually I will restrict it to a codebase and more specific permission):
  grant {
  permission java.security.AllPermission;
  I have tried several types of permissions, locations of the policy, editing the default security policy, nothing works.
  The only thing that worked so far was disabling the security manager. Then the portlet renders with no errors.
  Is there a setting that I am missing? Thank you.

  (a) What security exception?
  (b) clearly your .policy file isn't being found.
  (c) run it with java.security.debug=access,failure and you will see exactly what security policy is in effect and exactly what permissions you need to grant.

• JAAS without a Security Manager

  Can I get JAAS authentication and authorization without using a security manager? The reason I'm asking is I've built an ACL system using JAAS permissions and it appears to work even if I don't specify a security manager (only command line options are -Djava.security.policy=policy.conf -Djava.security.auth.login.config=login.conf)
  All examples and documents I've been able to find have always included a security manager (-Djava.security.manager) so I was suprised to find it my system works without specifying one.
  -d

  Hello,
  Just got a question for you. I've noticed in one of your postings that you implemented a permissions framework that reads the settings from a database? I was wondering how you went about it.
  We are struggling with a security design we'd like to setup: we got a menuing system that allows a user to start some functionality if he has access to that. Now we want to augment that with more functional permissions instead of just access. We got the JAAS authentication setup; problem remains where to implement the check/read from the DB if a user has which permissions on a function.
  thanks for any info on this!
  Wim Van Leuven.

• Security manager enabled w/o -Djava.security.manager

  Hi all,
  I am facing an issue where java.policy is being enforced w/o a -Djava.security.manager specified on the command line.
  from ps -ef | grep java, I found the java process and it does not have -Djava.security.manager. However, when I modify jdk/jre/lib/security/java.policy, I can see the effect of the security setting when I restart the java process. I scanned through the source code, I do not find any setSecurityManager() API call either.
  Given the above, does anyone have suggestion on how the security manager is enabled in this case?
  Regards,
  Tom

  System.setProperty("java.security.manager","true");
  System.getProperties().setProperty("java.security.manager","true");
  Properties p = System.getProperties();
  p.setProperty("java.security.manager","true");
  // etc

• Cannot start OC4J instance after specifying default java.security.manager

  Hi All,
  I am using OracleiAS 10.1.3.4 and trying to make use of the new User and Role APIs introduced in 10.1.3.1.
  While trying to get an object of IdentityStore using the following code, I got this error -
  java.security.PrivilegedActionException: oracle.security.idm.ConfigurationException: java.security.AccessControlException: access denied (oracle.security.jazn.JAZNPermission getOC4JIntegrationData)
  oidFactory = (IdentityStoreFactory) AccessController.doPrivileged(
  new PrivilegedExceptionAction()
  public Object run() throws IMException
  IdentityStoreFactoryBuilder builder =
  new IdentityStoreFactoryBuilder();
  return builder.getIdentityStoreFactory();
  I then tried specifying the default security manager in start JAVA options for my oc4j instance - Djava.security.manager. I also verified that my java policy file is present under $ORACLE_HOME/j2ee/oc4j_soa/config/java2.policy. But the issue is - once I put this default secirity manager in startup options in opmn.xml, the oc4j instance does not get started, it gives following error -
  08/12/30 02:58:22 Start process
  Dec 30, 2008 2:58:24 AM com.evermind.server.XMLDataSourcesConfig parseRootNode
  INFO: Legacy datasource detected...attempting to convert to new syntax.
  08/12/30 02:58:29 WARNING: Application.setConfig Application: default is in failed state as initialization failed.
  java.lang.ExceptionInInitializerError
  08/12/30 02:58:29 Error initializing server: Application: default is in failed state as initialization failed
  08/12/30 02:58:32 Fatal error: server exiting
  Any idea ? Any pointers please ?
  Thanks,
  Ankit

  Ankit,
  Check your syntax for the datasource. If you migrated from file-based to OID, then you should look at this link:
  http://download.oracle.com/docs/cd/E12524_01/relnotes.1013/e12523/oc4j.htmThere is a known issue when migrating from file-based to OIM\OID. Navigate to:
  12.2 JAZNMigration Tool Does Not Migrate ADFPrincipal Type Correctly
  -Michael

• WebLogic Admin Console won't work with java security manager enabled.

  By just enabling the security manager on the command line with -Djava.security.manager and using the default weblogic.policy in the server/lib directory, the admin console will not work. I just see a blank page when I try to access the admin console with permission errors all over on the server console.
  In looking at the admin console's weblogic.xml it should have access to everything since it contains:
  grant {
  permission java.security.AllPermission;
  Are there known issues with this? If I add this permission to the weblogic.policy file everything works fine but then I might as well not turn on the security manager.
  Thanks,
  Dave

  David,
  I was glad to see your post regarding WLS 9.2 and the troubles with enabling Java Security Manager.
  Were you able to learn any more on things like - why doesn't the admin console work when the security manager is enabled with the default policy file. Also, why is it so difficult to add permissions for your own applications and get them to actually work.
  I'd be curious to see if you were able to get it to work or if you have any insights or resources that can help with this as we are really struggling to get a restrictive policy file that works.
  Thanks,
  D

• Java.security.manager ?

  My understanding about Java SecurityManager is when you want to use it,
  it have to be installed. It can be installed through
  using -Djava.security.manager
  option with java command or calling setSecurityManager() in the application.
  I'm sure that WLS startup script marketed with WLS5.1
  used -Djava.security.manager
  option, however, WLS6.1 and WLS7.0's script don't use the option. Do they
  install a SecurityManager through setSecurityManager() method?
  I'm just curious to know why they are different between WLS5.1 and
  WLS6.1/7.0.
  Thanks in advance,
  Koji Sekiguchi

  6.1 and 7.0 do not install a SecurityManager programattically. It was
  decided that most people do not make use of the added security provided
  by the security manager and that it has a significant performance hit on
  the VM (I think we found 6-7% degradation but it was a long time ago so
  I may be way off) so that it did not make sense to run with it by
  default. Instead we tell people to turn it on who need it. It seems
  better because all of the security conscious people know to look for it
  and all of the security unaware folk don't know enough to turn it off so
  they are stuck with the degradation.
  The SecurityManager is really most helpful if you are installing
  untrusted applications on your app server (something most users don't
  do). It does next-to-nothing to prevent remote attacks.
  Neil Smithline
  Koji Sekiguchi wrote:
  My understanding about Java SecurityManager is when you want to use it,
  it have to be installed. It can be installed through
  using -Djava.security.manager
  option with java command or calling setSecurityManager() in the application.
  I'm sure that WLS startup script marketed with WLS5.1
  used -Djava.security.manager
  option, however, WLS6.1 and WLS7.0's script don't use the option. Do they
  install a SecurityManager through setSecurityManager() method?
  I'm just curious to know why they are different between WLS5.1 and
  WLS6.1/7.0.
  Thanks in advance,
  Koji Sekiguchi

• Security manager & mention "Java Applet Window"

  A simple program that displays a frame with one button in it.
  The frame displays, no problem.
  When a security manager is added "System.setSecurityManager(new SecurityManager());"
  and the program is run again a "status bar" is added at the bottom of the frame
  mentioning "Java Applet Window".
  Why is that, and can it be suppressed ? (I am working in JDK 1.4)
  Any tip greatly appreciated

  I was dealing with this myself and just discovered that the adding the following line to my security policy removed the message:
  permission java.awt.AWTPermission "showWindowWithoutWarningBanner";

• Security Manager and Policy Files

  Hi all,
  I am writing a simple java rmi application, but understand it wont run without a Security Manager installed and a policy file.
  I think I have installed the security manger using the following in the main() method of my client application:
  System.setSecurityManager(new RMISecurityManager());However I am unsure how to use a policy file with this. I have looked on the internet, but it does not seem to be very well documented
  Please could you advise me how to create a policy file that will work for my application and where to place it in my application so that my application can use it.
  Any help would be greatfuly appreciated
  Thanx
  Aaron

  An RMI application doesn't need a security manager unless you are using the codebase feature.