Problem fetching policy-file-request
According to
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_print.html
quote:
* A SWF file may no longer make a socket connection to its
own domain without a socket policy file. Prior to version
9,0,115,0, a SWF file was permitted to make socket connections to
ports 1024 or greater in its own domain without a policy file.
* HTTP policy files may no longer be used to authorize
socket connections. Prior to version 9,0,115,0, an HTTP policy
file, served from the master location of /crossdomain.xml on port
80, could be used to authorize a socket connection to any port 1024
or greater on the same host.
So with the tighter security measures, a policy file has to
be fetched on port 843 or on the same port on which a connection is
desired. That leads to another problem. The policy file request
made by the player has a simple format: clear text
<policy-file-request/> is sent as raw data bytes on
the ports.
As most firewalls block such raw data traffic (of unknown
protocols) on all the ports, this means that the policy file fetch
will fail almost always if the user is behind any firewall.
This will render all SWFs, that do not use well known ports,
unusable. Does anyone know what is the solution to this
problem? Or am I missing something here?
Common guys, someone has to know what to do here.
I have read all that I can read and tried all that I could
and the flash app is not accepting my policy file.
Similar Messages
-
How to resolve problems in policy file of signed Applet
Hi to All,
I want to connect the web site through my Signed Applet which is working as a Proxy server. but i m facing certain problems in my policy file:
this is my policy file :-
grant {
permission java.security.AllPermission "", "";
permission java.net.SocketPermission "http://www.google.com:4321", "connect, accept,resolve";
permission java.security.UnresolvedPermission;
n i got such type of exceptions n my Applet prompt applet not initialized.
Got connection Socket[addr=/192.168.1.232,port=1200,localport=4321]
Reading request...
URI is: http://www.google.com/
Host to contact is: www.google.com at port 80
Got request...
java.security.AccessControlException: access denied (java.net.SocketPermission www.google.com resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1031)
at java.net.InetAddress.getAllByName0(InetAddress.java:1117)
at java.net.InetAddress.getAllByName0(InetAddress.java:1098)
at java.net.InetAddress.getAllByName(InetAddress.java:1061)
at java.net.InetAddress.getByName(InetAddress.java:958)
at java.net.InetSocketAddress.<init>(InetSocketAddress.java:124)
at java.net.Socket.<init>(Socket.java:179)
at ProxyApplet.handle(ProxyApplet.java:75)
at ProxyApplet.<init>(ProxyApplet.java:132)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at java.lang.Class.newInstance0(Class.java:350)
at java.lang.Class.newInstance(Class.java:303)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:721)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:650)
at sun.applet.AppletPanel.run(AppletPanel.java:324)
at java.lang.Thread.run(Thread.java:595)
here 4321 is Port no. which i've as a random port no.
plz Help
thnx in advance
with regards
pank_nainiPlease, if you can't help me, could you tell me who can I contact ?
-
Problem with policy file in Activatable tutorial
hi all,
i am just playing with the classes that comes with the RMITutorial.
i am actually trying to execute the code that comes with the 'Creating an Activatable Object' tutorial, but i am having a lot of problems due to the policy file.
First of all, i must say that i extracted all the classes in the directory d:\FalcoDevelopment;
all the files has been put in the following directory:
d:\FalcoDevelopment\examples\activation
In hte Setup.java class there is the following line of code:
props.put("java.security.policy", "examples/activation/policy");
when i have to run the Setup.class, i have to enter the following command
java -Djava.security.policy=/home/rmi_tutorial/activation/policy
-Djava.rmi.server.codebase=file:/home/rmi_tutorial/activation/ examples.activation.Setup
so, since i have to change to my own path,and since i am in the d:\FalcoDevelopment directory, i entered
java -Djava.security.policy=/examples/activation/policy -Djava.rmi.server.codebase=file:/d:/FalcoDevelopment/examples/activation/ examples.activation.Setup
when i then run the Client with the following command
java -Djava.security.policy=/examples/activation/policy
examples.activation.Client myhostname
it always return me a Security exception..
can anyone tell me what is the CORRECT path that i have to put for the above -D properties??
thanx in advance and regards
marcoHello,
I am having the same problem but to start with you are mixing up NT and UNIX things, like file paths
Other thing is you are using the tutorial given file paths. You must use your own file paths, as you have installed the classes.
I know its not much help, but still :0)
Kudos
ravi -
100$ Bounty Question: How do I request a socket policy file?
I'll send you 100$ via paypal or check in the mail for the person who solves this problem for me:
4 years ago, my code requested a policy file fine, but it doesn't anymore.
Here is my code:
Security.allowInsecureDomain("*");
Security.allowDomain("*");
Security.loadPolicyFile("xmlsocket://127.0.0.1:843");
xmls.send("yo");
xmls.send("yo2");
My server receives "yo" and not "yo2".
My server does not receive "<policy-file-request/>"
What do I need to do on the Flash AS3 side to send "<policy-file-request/>" to my server?
Other forums where I request this information:
http://forums.adobe.com/message/6178906#6178906If your company doesn't let you do bounties, I'll donate the 100$ to fruit trees for Haiti.
-
Granting different permissions to different codebases : policy file problem
Hi all. I'm having a bit of a problem with policy files and granting different persmissions to different codebases. What I have at the moment is a server app that copies a class file from the client to a specified directory on the server, and then dynamically loads and runs that class. This all works fine, but obviously as user submitted code is going to be run on the server I want to restrict what they are allowed to do. My app is going to be bundled up in a single jar file, and the directory that the client code is being copied to a subdirectory of the app installtion (not that this should make much difference). What i want to do is grant all permissions to my code in the jar file and resrict the permssions granted to code in the strategies directory. I assumed i would just be able to do this using my own policy file, but at the moment i'm not having much luck.
Directory structure:
c:/project/code/
|
|-labyrinth.jar
|-strategies/
Contents of labyrinth.policy:
grant codeBase "file:../code/labyrinth.jar" {
permission java.security.AllPermission;
Command line arguments:
java -Djava.security.manager -Djava.security.policy==./labyrinth.policy -classpath .;./labyrinth.jar;./strategies/;%CLASSPATH%; labyrinth.LabyrinthServer
I've tried specifiying the absolute path to the jar file in the policy file as well as the relative path, i've tried including -Xbootclasspath/a and appending the jar file. All I seem to be able to manage though is either granting all permissions system wide, including the strategies dir, or none and getting security exceptions within my code. Anyone tried doing anything similair or got any idea where I might be going wrong? Any help would be appreciated as its really starting to doing my head in.
TIA. Matt.Did you try putting a slash at the beginning of your "file" specification? e.g., instead of saying
grant codeBase "file:../code/labyrinth.jar" {
permission java.security.AllPermission;
say
grant codeBase "file:/../code/labyrinth.jar" {
permission java.security.AllPermission;
Hope this helps. -
Problems using codeBase in policy file
Hi,
I'm experiencing problems using the codeBase option with the grant option in my .policy file.
I want to start a 'manager' which has limited access to files. This manager starts workers (threads) who need complete access to... everything. I know I need to use the codebase identifier to separate those two groups of rights, but I don't seem to get the codebase right. The worker threads don't get any rights at all. The manager works fine (without any codebase definition).
I've used full and relative pathnames, with and without '/-' or '/*'
The file I use currently is (slightly truncated :), pathnames are package names:
grant codeBase "file:com/response/timber/broker/*" {
permission java.security.AllPermission;
grant {
permission [..].FilePermission "manager.properties","read";
permission [..].SocketPermission "localhost","connect,[..]";
permission [..].FilePermission "com/[..]/jaxb.properties","read";
According to the various examples on the Internet, it should work, but ofcourse it doesn't. Could the use of threat have any influence on the defined security?All I can say is I hope someone gives you
(and indirectly me) the answer. I've got a
serious problem granting special permissions
in Sun ONE to a servlet and it's jars.
One strange thing (to me), is that the format
for the .policy file seems quite different between
say Tomcat and Sun One. Things that work in Tomcat
don't work for Sun ONE. But I thought the underlying
vm et al was all the same! So did I... Why does
this have to be so Opaque? Why different syntax
platform to platform? Its all Java! -
Problem with granting permissions in the security policy file
Hi,
I have a security policy file. I am granting permissions to some files. Now even if I have given permissions explicitly it doesnt taking it and gives error. My code snippet is as follows:
grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-ws4ee.sar/-"{
permission java.security.AllPermission;
The stack-trace for the same is as follows:
11:09:49,518 ERROR [MainDeployer] Could not initialise deployment: file:/C:/Java/jboss-4.0.2/server/all/deploy/jboss-ws4ee.sar/jboss-ws4ee.war
java.security.AccessControlException: access denied (java.io.FilePermission C:\Java\jboss-4.0.2\server\all\tmp\deploy\tmp17221jboss-ws4ee.war read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.SecurityManager.checkRead(SecurityManager.java:863)
at java.io.File.lastModified(File.java:771)
at org.jboss.deployment.MainDeployer.init(MainDeployer.java:866)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:765)
at org.jboss.deployment.MainDeployer.addDeployer(MainDeployer.java:360)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:121)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy37.addDeployer(Unknown Source)
at org.jboss.deployment.SubDeployerSupport.startService(SubDeployerSupport.java:111)
at org.jboss.web.AbstractWebContainer.startService(AbstractWebContainer.java:600)
at org.jboss.web.tomcat.tc5.Tomcat5.startService(Tomcat5.java:409)
at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:272)
at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:222)
at sun.reflect.GeneratedMethodAccessor11.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:897)
at $Proxy0.start(Unknown Source)
at org.jboss.system.ServiceController.start(ServiceController.java:418)
at org.jboss.system.ServiceController.start(ServiceController.java:440)
at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy4.start(Unknown Source)
at org.jboss.deployment.SARDeployer.start(SARDeployer.java:273)
at org.jboss.deployment.MainDeployer.start(MainDeployer.java:964)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:775)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:738)
at sun.reflect.GeneratedMethodAccessor19.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:121)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy8.deploy(Unknown Source)
at org.jboss.deployment.scanner.URLDeploymentScanner.deploy
Here I am giving all permission which in turn encapsulate FilePermission also. So this should work. But why it is bypassing this permission?
Any clues?!
Thanks.
Jahnvigrant codeBase
"file:${jboss.server.home.dir}/deploy/jboss-ws4ee.sar/-"{That's not a codebase, it's a specification for a FilePermission. A codebase is a list of one or more directories or JAR files expressed as URLs. -
Is there someone who knows how to reinitialise the java policy file at runtime?
My signed applet writes a policy file to the users home directory, but that file is only used after closing the browser and surfing back to our page. It should immediatly use that new file.
Someone who got some experience with that...?
RegardsAnd is it true that if you use a Thawte or verisign certificate, you will not have to change the .java.policy file?
-
Load XML file from addon domain without cross-domain Policy file
Hello.
Assuming that there are two addon domains on the same server: /public_html/domain1.com and /public_html/domain2.com
I try to load XML file from domain2.com into domain1.com without using cross-domain policy file (since it doesn’t work on xml files in my case).
So the idea is to use php file in order to load XML and read it back to flash.
I’ve found an interesting scripts that seems to do the job but unfortunately I can't get it to work. In my opinion there is somewhere problem with AS3 part. Please take a look.
Here are the AS3/PHP scripts:
AS3 (.swf in www.domain1.com):
// location of the xml that you would like to load, full http address
var xmlLoc:String = "http://www.domain2.com/MyFile.xml";
// location of the php xml grabber file, in relation to the .swf
var phpLoc:String = "loadXML.php";
var xml:XML;
var loader:URLLoader = new URLLoader();
var request:URLRequest = new URLRequest(phpLoc+"?location="+escape(xmlLoc) );
loader.addEventListener(Event.COMPLETE, onXMLLoaded);
loader.addEventListener(IOErrorEvent.IO_ERROR, onIOErrorHandler);
loader.load(request);
function onIOErrorHandler(e:IOErrorEvent):void {
trace("There was an error with the xml file "+e);
function onXMLLoaded(e:Event):void {
trace("the rss feed has been loaded");
xml = new XML(loader.data);
// set to string, since it is passed back from php as an object
xml = XML(xml.toString());
xml_txt.text = xml;
PHP (loadXML.php in www.domain1.com):
<?php
header("Content-type: text/xml");
$location = "";
if(isset($_GET["location"])) {
$location = $_GET["location"];
$location = urldecode($location);
$xml_string = getData($location);
// pass the url encoded vars back to Flash
echo $xml_string;
//cURLs a URL and returns it
function getData($query) {
// create curl resource
$ch = curl_init();
// cURL url
curl_setopt($ch, CURLOPT_URL, $query);
//Set some necessary params for using CURL
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//Execute the curl function, and decode the returned JSON data
$result = curl_exec($ch);
return $result;
// close curl resource to free up system resources
curl_close($ch);
?>I think you might be right about permissions/settings on the server for php. Unfortunately I'm not allowed to adjust them.
So I wrote my own script - this time I used file path instead of http address of the XML file. It works fine in my case.
Here it is:
XML file on domain2.com:
<?xml version="1.0" encoding="UTF-8"?>
<gallery>
<image imagePath="galleries/gallery_1/images/1.jpg" thumbPath="galleries/gallery_1/thumbs/1.jpg" file_name= "1"> </image>
<image imagePath="galleries/gallery_1/images/2.jpg" thumbPath="galleries/gallery_1/thumbs/2.jpg" file_name= "2"> </image>
<image imagePath="galleries/gallery_1/images/3.jpg" thumbPath="galleries/gallery_1/thumbs/3.jpg" file_name= "3"> </image>
</gallery>
swf on domain1.com:
var imagesXML:XML;
var variables:URLVariables = new URLVariables();
var varURL:URLRequest = new URLRequest("MyPHPfile.php");
varURL.method = URLRequestMethod.POST;
varURL.data = variables;
var MyLoader:URLLoader = new URLLoader;
MyLoader.dataFormat =URLLoaderDataFormat.VARIABLES;
MyLoader.addEventListener(Event.COMPLETE, XMLDone);
MyLoader.load(varURL);
function XMLDone(event:Event):void {
var imported_XML:Object = event.target.data.imported_XML;
imagesXML = new XML(imported_XML);
MyTextfield_1.text = imagesXML;
MyTextfield_2.text = imagesXML.image[0].attribute("thumbPath"); // sample reference to attribute "thumbPath" of the first element
php file on domain1.com:
<?php
$xml_file = simplexml_load_file('../../domain2.com/galleries/gallery_1/MyXMLfile.xml'); // directory to XML file on the same server
$imported_XML = $xml_file->asXML();
print "imported_XML=" . $imported_XML;
?>
Regards
PS: for those who read the above discussion: the first and the second script work but you must test which one is better in your situation. The first script will also work between two domains on different servers. No cross domain policy file needed. -
Problem displaying PDF file in new window.
Using NetBeans 6.5, Internet Explorer 7.
I am using the code example from BalusC at the site:
http://balusc.blogspot.com/2006/05/pdf-handling.html
I am having no problem reading and displaying the PDF file, but it displays it in the same window,
not a new window and it overwrites the current page, so I can't use the back arrow to fetch the page that is overwritten.
I am using a commandLink to fetch the file.
Does anyone know why I am not getting a new window or tab for the display?
The jsp portion for the link is:
<h:commandLink action="#{MainPage.linkAction3_action}" id="linkAction3"
style="color: rgb(0, 0, 0); font-family: Arial,Helvetica,sans-serif; font-size: 12px; font-weight: bold; left: 280px; top: 0px; position: absolute"
target="_blank" value="Insurance Document"/>The "MainPage.linkAction_action" method just makes a call to the display function:
public String linkAction3_action() {
sb1.setMessage("");
dsb.setFilePath("C:/");
dsb.setFileName("Insurance_Summary.pdf");
dsb.downloadPDF();
return null;
}And the downloadPDF() method is basically a cut and paste from the BalusC site;
public void downloadPDF()
// Reference: http://balusc.blogspot.com/2006/05/pdf-handling.html
// Prepare.
FacesContext facesContext = FacesContext.getCurrentInstance();
ExternalContext externalContext = facesContext.getExternalContext();
HttpServletResponse response = (HttpServletResponse) externalContext.getResponse();
File file = new File(getFilePath(), getFileName());
BufferedInputStream input = null;
BufferedOutputStream output = null;
try {
// Open file.
input = new BufferedInputStream(new FileInputStream(file), DEFAULT_BUFFER_SIZE);
// Init servlet response.
response.reset();
response.setContentType("application/pdf");
response.setContentLength( (int)file.length());
response.setHeader("Content-disposition", "inline; filename=\"" + fileName + "\"");
output = new BufferedOutputStream(response.getOutputStream(), DEFAULT_BUFFER_SIZE);
// Write file contents to response.
byte[] buffer = new byte[DEFAULT_BUFFER_SIZE];
int length;
while ((length = input.read(buffer)) > 0) {
output.write(buffer, 0, length);
// Finalize task.
output.flush();
catch( Exception e )
System.out.println( "Error displaying file.");
finally {
// Gently close streams.
close(output);
close(input);
// Inform JSF that it doesn't need to handle response.
// This is very important, otherwise you will get the following exception in the logs:
// java.lang.IllegalStateException: Cannot forward after response has been committed.
facesContext.responseComplete();
}1) window.open will open a new window and call a servlet.
window.open ("http://path_to_yourservlet/PDFServlet", "newWindowName");
if you ant to pass some values from your web page to the servlet you can pass as
window.open ("http://path_to_yourservlet/PDFServlet?param1=value1¶m2=value2", "newWindowName");
2) The servlet will fetch and display the pdf file.
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class PDFServlet extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet
private final static int DEFAULT_BUFFER_SIZE = 1000;
public PDFServlet()
super();
public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
String fileName = "Insurance_Summary.pdf";
File file = new File("C:/"+fileName+"");
response.setContentType("application/pdf");
OutputStream output = response.getOutputStream();
BufferedInputStream input = null;
//BufferedOutputStream output = null;
try {
// Open file.
input = new BufferedInputStream(new FileInputStream(file), DEFAULT_BUFFER_SIZE);
response.setContentLength( (int)file.length());
response.setHeader("Content-disposition", "inline; filename=\"" + fileName + "\"");
output = new BufferedOutputStream(response.getOutputStream(), DEFAULT_BUFFER_SIZE);
// Write file contents to response.
byte[] buffer = new byte[DEFAULT_BUFFER_SIZE];
int length;
while ((length = input.read(buffer)) > 0) {
output.write(buffer, 0, length);
output.flush();
catch( Exception e )
System.out.println( "Error displaying file.");
finally {
input.close();
Regards,
Milind Dhar -
Very high latency in fetching static files
Problem : Really high latency in fetching static files upon first request.
Environment : Weblogic V8.1 App Server and Web Server running using jdk1.4.2_13
Mem Setting: -Xmx2048M -XX:MaxPermSize=1024M
Situaton: Restart the weblogic server, fetch a static file using " wget hostname:port/script.js". Comes back in around 100 ms for us. Then from browser we request "http://hostname:portname/Logon.do". Then again we do " wget hostname:port/script.js" and now it comes back in 400 ms. The above times are in our TEST environment. In PROD it is really worse 1300ms for one file !!!
Tests:
Wrote a servlet to handle all static file (CSS,js,gif,jpeg etc) and all requests would go through this servlet. Did not solve the problem, latency is still high.
Wrote a test servlet to load about 1000 classes explicitly (Class.forName) and then fetched the static file with out accessing Logon.do from browser. Latency was high after loading classes. This lead to conclusion that it is number of classes we are loading which is causing the problem.
Ran application under JProfiler, Took a heap dump right after starting server. About 1300 classes loaded. Took a heap dump after fetching Logon.do. About 2100 classes loaded.
Question :
1) Isn't 1300 too high for just the server to start? (there are some classes loaded because of our references in ejb's)
2) We use prototype factory to instantiate classes. All the interface and implementation definitions are specified in config file and it seems to load all the classes. May be we can change this. But what confuses me is that the response time was okay when we had 1300 classes loaded how come it became so bad when there were 2100 classes ?
If any body is using these same set of technologies, what is the average number of classes loaded on initial start up?
I am running out of options to test?There's no way from what you posted that you could draw a conclusion that you are infected.
I totally missed that tracert, but from a ping response time, it looks healthy.
The packet loss, could easily cause your problem.
Does it consistently loose packets there ? Cause I've pinged it from here and got no loss.
Also remember that in this case, ping is also the time it takes the blizzard servers to response to your network message, so it could be local to blizzard, and ping might not detect that.
Have you tried a netstat -p tcp -b command too see whats active on your PC ? That could point you towards something local. -
Associating policy files with license server
[ Problem ]
I’m going through the sample and documentation for FA 2.0. It mentions that whenever a policy is created/updated that the license server has to be informed. In the reference implementation, there are the model usage policy samples that I see being loaded. In the non-refimpl of flash access, how does the license server load/know about the policies available? I looked at the sample flashaccess-tenant.xml, I didn’t see any section where policy files are configured. Would it have to be done outside of the app?
[ Solution ]
If you update a policy after it was used to package content, and you want the new policy to be used when the user requests a license for that content, the license server needs access to the latest version of the policy.
In the Reference Implementation, there are two modes demonstrating possible business logic implementations (but of course, you may choose a different approach in your implementation). The typical workflow for the Reference Implementation is that it will use the policy that was embedded at packaging time to generate the license. If more than one policy was embedded, it will try each one in order until it is able to successfully generate a license (for example, if the first policy requires authentication and the user did not authenticate, the server will try the second policy in the list. If the second policy allows anonymous access (possibly with more restrictions), it will generate a license using that policy. The Reference Implementation supports updating policies through a Policy Update List. The Policy Update List would be generated when a policy is updated, and contains the latest version of any policy that has changed. If you point the server to a Policy Update List in flashacccess-refimpl.properties, the Reference Implementation server will automatically check this list for updates any time it issues a license. Alternatively, if you had an implementation that stores all your policies in a database, you could implement your server to check the database for an updated policy before issuing a license.
As you mentioned, there is another mode which demonstrates four different usage models and uses policy files stored on the server to determine what the license will look like. In this "demo" mode, the server only looks at the policies used at packaging time to determine if anonymous access is allowed or if authentication is required. The rest of the attributes used to generate the license come from one of the four policy files configured on the server (see the "Implementing the usage models" section of Protecting Content for more details).
The License Server for Protected Streaming addresses a slightly different use case (see Flash Access Server Deployment Guide for details). Here, we expect the minimum policy information to be specified at packaging time, and the license server determines the actual usage rules for generating the license. In the PolicyOverrides section of flashaccess-tenant.xml, you specify the usage rules (license caching, output protection, etc.). The license server ignores the policy embedded during packaging and only uses the attributes in the tenant configuration file. If you want to update the usage rules, you simple modify the tenant configuration file -- in this case there is no separate policy file.anu1106 wrote:
I replaced all files under folder Java\jdk1.6.0_10\jre\lib\security with files which i am using on windows XP.Why? Why not just install the unlimited strength files in the normal way according to the installation instructions given in the distribution file? -
Help with which permissions to go into policy file
I posted this question in Java Web Start & JNLP forum, but realize it may be more appropriate here.
I am writing my first policy file. I am trying to devise a "system" whereby the users/developers within my organization can use Java Web Start to access each other's applications from our intranet. Previously we were either copying the applications and running them locally or else mapping network drives, but they were running from command line (with no sandbox issues?) either way.
The application that I am testing Java Web Start with tries to make a database connection. Even with my jarfile signed and my application requesting "all-permissions" and the user granting the permission when prompted, the database connection was always failing. I started looking into the solution of having each user (within my organization) append some "grants" into their user policy file.
Since these users have already been "trusting" each other's programs enough to run them from the command line, they wouldn't mind an "automatically" having the same level of trust via JWS. But I don't know enough about permissions to know how to specify the correct permissions and know that I am not dangerously widening the permissions.
How do I write grant clauses into a policy file that say "anything run from our intranet web server can do anything a command-line program could do" ? I tried this:
grant codeBase "http://our_intranet_webserver/-" {
permission java.security.AllPermission;
};...but the database connection still fails. But when I add this:
grant codeBase "file:/C:/Program Files/Java Web Start/-"{
permission java.net.SocketPermission "*", "connect";
(the codebase would refer to the local Java Web Start program itself)...the database connection succeeds. (When I replace SocketPermission with AllPermission, the connection fails. I don't understand that.) BUT if I go granting general permissions to Java Web Start, wouldn't that grant apply to every Java-Web-Start-deployed application on the Web, not just our stuff?
Thanks for any help or advice on the matter,
/Mel(When I replace SocketPermission with AllPermission, the connection fails. I don't
understand that.) This problem is solved. It is not true. I currently have a policy file that says:
grant codeBase "http://our_intranet_webserver/-" {
permission java.security.AllPermission;
grant codeBase "file:/C:/Program Files/Java Web Start/-"{
permission java.security.AllPermission;
};and the db connection does not fail. If I remove the first grant clause, leaving only AllPermissions to Java Web Start, the db connection does not fail.
BUT if I go granting general permissions to Java Web Start, wouldn't that grant apply to
every Java-Web-Start-deployed application on the Web, not just our stuff?This is still my problem. Why should I have to grant Java Web Start permissions (regardless of all or some) when I only want to grant them to a subset of codebases from which Java Web Start can run programs (specifically our intranet webserver)? I think this question has gone back to being more appropriate for the JWS Forum.
Thank you,
/Mel -
The ejb I am developing is trying to delete the following file from a local filesystem (Linux SuSE 9.3 Pro) : /path/to/file/delete.me I get the following exception:
java.security.AccessControlException: access denied (java.io.FilePermission /path/to/file/delete.me delete)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkDelete(SecurityManager.java:990)
at java.io.File.delete(File.java:869)
I tried to modify the server.policy file adding the following line:
permission java.io.FilePermission "/path/to/file/delete.me", "delete";
but nothing changes, even when I restart the application server (don't know even if it is necessary to restart). I am using Sun Java System Application Server Enterprise Edition 8.1. Any help is welcome...
Thanks in advance
nullI think I solved the problem. At least I managed to delete the file :-)
First I had to add the following line to JRE's java.policy file:
permission java.io.FilePermission "/path/to/file/delete.me", "delete";Then I added the following entry to the server's server.policy file:
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-apps/MyApp-" {
permission java.io.FilePermission "/path/to/file/delete.me", "delete";
};like described here:
http://docs.sun.com/app/docs/doc/819-3659/6n5s6m58n?a=view#beabz
I hope this could help to someone with the same problem -
Problem in sending HTTP request to the server.
Hi,
i dveloped an ant script for sar deployment.
i deployed a sar to my local soa server with ant script. it got deployed succesfully..
but when i try to deploy to a remote server, getting the below error..
"Problem in sending HTTP request to the server. Please make sure the server is up and/or check standard HTTP response code for 404"
but the server is up and runnig and i am able to ping it from my machine and also access the console...
below is my script
build.properties
wn.bea.home=C:/Oracle/Middleware
all.needed.jars.path=D:/SourceCode/neededJAR
oracle.soa.home=C:/Oracle/Middleware/Oracle_SOA1
java.passed.home=C:/Oracle/Middleware/jdk160_24
#Deployment environment
deployment.plan.environment=DEV
#Deploy Action
deployAction =redeploy
#credentials
user=weblogic
password=welcome1
#For Composite deployment
serverURL=http://10.177.154.6:7001
forceDefault=true
server=10.177.154.6
port=7001
sarLocation=D:/SourceCode/JAR
build.xml
<?xml version="1.0" encoding="iso-8859-1"?>
<project name="soaDeployAll" default="deployAll">
<echo>basedir ${basedir}</echo>
<property environment="env"/>
<echo>current folder ${basedir}</echo>
<property file="${basedir}/build.properties"/>
<taskdef resource="net/sf/antcontrib/antlib.xml">
<classpath>
<pathelement location="${all.needed.jars.path}/ant-contrib.jar"/>
</classpath>
</taskdef>
<target name="init">
<tstamp>
<format property="timestamp" pattern="yyyy-MM-dd_HH-mm-ss"/>
</tstamp>
<property name="build.log.dir" location="${basedir}/buildlogs"/>
<mkdir dir="${build.log.dir}"/> <property name="build.log.filename" value="build_${timestamp}.log"/>
<record name="${build.log.dir}/${build.log.filename}" loglevel="verbose" append="false"/>
<echo message="Build logged to ${build.log.filename}"/>
</target>
<target name="deployAll" depends="init">
<echo>Deploy for environment ${deployment.plan.environment}</echo>
<antcall target="deployAllComposites"/>
</target>
<!-- Following Actions are performed for Composite files in Managed Server - Deploy,Redeploy -->
<target name="deployAllComposites" depends="init">
<foreach target="deployComposites" param="Files">
<fileset dir="${sarLocation}" casesensitive="no" includes="*.jar"/>
</foreach>
</target>
<target name="deployComposites" depends="init">
<basename file="${Files}" property="basename"/>
<echo>Deploy Project ${basename} for environment ${deployment.plan.environment}</echo>
<if>
<equals arg1="${deployAction}" arg2="deploy" />
<then>
<echo message="Deploying composites in Managed server........." />
<ant antfile="${oracle.soa.home}/bin/ant-sca-deploy.xml" inheritAll="true" target="deploy">
<property name="serverURL" value="${serverURL}"/>
<property name="user" value="${user}"/>
<property name="password" value="${password}"/>
<property name="overwrite" value="false"/>
<property name="forceDefault" value="${forceDefault}"/>
<property name="sarLocation" value="${sarLocation}/${basename}"/>
</ant>
</then>
<else>
<echo message="ReDeploying composites in Managed server........." />
<ant antfile="${oracle.soa.home}/bin/ant-sca-deploy.xml" inheritAll="true" target="deploy">
<property name="serverURL" value="${serverURL}"/>
<property name="user" value="${user}"/>
<property name="password" value="${password}"/>
<property name="overwrite" value="true"/>
<property name="forceDefault" value="${forceDefault}"/>
<property name="sarLocation" value="${sarLocation}/${basename}"/>
</ant>
</else>
</if>
</target>
</project>
please help....Hi,
Give the serverURL as http://<host>:<managed.server.port>/soa-infra/deployer and try.
e.g . http://10.177.154.6:8001/soa-infra/deployer
Regards,
Neeraj Sehgal
Maybe you are looking for
-
For example access eBay with Firefox and launch a search on the word Frankenstein: you'll get something like 23,671 results (if you search in ''All categories''). Then quit the Firefox browser and load Microsoft Internet Explorer instead; access eBay
-
Adding new field in ES55 transaction
Hi experts 1)I have to add new input field in transaction ES55( second screen where address and all other details are coming )to input Business Partener Number . I tried to do so using user exit I tried all function modules of XES55 function group bu
-
My iPad 2 screen is suddenly very dark, blurred and flickers...
Ive had my ipad for about a month. I opened my smart cover today and the screen is very dim. I've had to turn it up tp full brightness just to use it to type on now. Furthermore it's very blurry and has tons of ghosting, I have no idea what has cause
-
Problem with spanish characters
Hello I am using an existing and proven app written in visual foxpro with a recently installed Oracle11g database (have done this before without problems) I am using Microsoft ODBC for Oracle and have no possibility of changing this. (always used thi
-
Reports 10g: Creating a graph in a repeating frame
I'm preparing a mortality report in which I want, for every diagnosis, a pie chart which displays a breakdown by gender or ethnicity for every diagnosis. Is someone aware of example code which illustrates how to do this in Reports 10g? Thanks in adva