Problems using codeBase in policy file
Hi,
I'm experiencing problems using the codeBase option with the grant option in my .policy file.
I want to start a 'manager' which has limited access to files. This manager starts workers (threads) who need complete access to... everything. I know I need to use the codebase identifier to separate those two groups of rights, but I don't seem to get the codebase right. The worker threads don't get any rights at all. The manager works fine (without any codebase definition).
I've used full and relative pathnames, with and without '/-' or '/*'
The file I use currently is (slightly truncated :), pathnames are package names:
grant codeBase "file:com/response/timber/broker/*" {
permission java.security.AllPermission;
grant {
permission [..].FilePermission "manager.properties","read";
permission [..].SocketPermission "localhost","connect,[..]";
permission [..].FilePermission "com/[..]/jaxb.properties","read";
According to the various examples on the Internet, it should work, but ofcourse it doesn't. Could the use of threat have any influence on the defined security?
All I can say is I hope someone gives you
(and indirectly me) the answer. I've got a
serious problem granting special permissions
in Sun ONE to a servlet and it's jars.
One strange thing (to me), is that the format
for the .policy file seems quite different between
say Tomcat and Sun One. Things that work in Tomcat
don't work for Sun ONE. But I thought the underlying
vm et al was all the same! So did I... Why does
this have to be so Opaque? Why different syntax
platform to platform? Its all Java!
Similar Messages
-
Problems using CFFile to move files
Hi there - I am having some problems using CFFile to move
files from one directory to another. It only seems to only move
some of the files in the group that I choose to move over, and
there is nothing specific about which files are moved - different
files are moved each time. There are no error messages that are
showing up, so I am totally baffled. Has anyone else experienced
this or does anyone else have any ideas on how to fix this problem?
Any help would be much appreciated!! My code is below.First, an incidental matter. I don't think there's any need
for so many try-catch tags. I would expect all the tags <cffile
action="move"> to throw the same class of exception, and so
would use one try-catch for them all. Even if you expect different
exceptions to be thrown, one cftry tag might still be sufficient,
if implemented as follows
<cftry>
<!--- code block 1 --->
<!--- code block 2 --->
<!--- ... etc... --->
<cfcatch type="exceptionType1"></cfcatch>
<cfcatch type="exceptionType2"></cfcatch>
<!--- ... etc... --->
</cftry>
I suspect the cause of the problems lies in the dynamic
values that you give the attributes. Perhaps incorrect values are
passed for the source and/or destination values in certain
circumstances. As A3gis has said, if that were to happen you
probably wouldn't notice, because of the try-catches. Find a way to
ensure that all the generated values for source and destination are
correct. -
Problem using read from spreadsheet file and polar plotting
Hi to all labview users,
i am a beginner in labview and i am trying to do a polar plot.
i read the polar plotting example in labview and it was straightforward.
I used "write to spreadsheet file" to gather data.
and they are in the following format
13 10
4 20
8 30
....etc
now. i tried using "read from spreadfile" to get the data into a array, then using "array to cluster" to convert the array into cluster, so i could connect it to the polar plot block
however, it kept saying i couldnt connect that way, because polar plot uses 1-d array with cluster of 2 element and my source is a cluster of 9 elements....
but doesnt the "read from spreadfile" block give me a 1-d array? and where does that 9 come from? i only have 3 rows and 2 columns in my data file....
any guidance would be greatly appreciated.
thx alot
Happy guy
~ currently final year undergraduate in Electrical Engr. Graduating soon! Yes!
~ currently looking for jobs : any position related to engineering, labview, programming, tech support would be great.
~ humber learner of LabVIEW lvl: beginner-intermediateHelllo,
I've made an example to try to help you with that question.
Notes:
- the file must have values separeted by tab
- reading the values from file as you mentioned using "read from spreadfile" you'll get a 2D array and not 1D;
Software developer
www.mcm-electronics.com
PS: Don't forget to rate a good anwser ; )
Currently using Labview 2011
PORTUGAL
Attachments:
Read Table and plot polar graph.vi 26 KB
teste.txt 1 KB -
Problem using inputFile when a file is not required
I have a page that has a table component with the following fields
Title - inputText (required)
File - inputFile (not required)
File URL - inputText (not required)
The code for the input File is this:
<af:inputFile id="OrigReviewAttachmentsFileDoc"
label="#{bindings.OrigReviewAttachmentsFileDoc.hints.label}"
visible="#{bindings.OrigReviewItemsStatName.attributeValue == 'New' && row.bindings.ClsfnCode.attributeValue != null && row.bindings.ClsfnCode.attributeValue == 'PEND'}"
valueChangeListener="#{OrigReviewAttachmentsFileDocFileHandlerInTable.uploadFile}"
binding="#{OrigReviewAttachmentsFileDocFileHandlerInTable.usesUploadIndicator}"
shortDesc="#{bindings.OrigReviewAttachmentsFileDoc.hints.tooltip}"
partialTriggers="OrigReviewAttachmentsClsfnCode"/>The problem I am having is that under certain circumstances (like the file is too large) I want the user to enter a File URL instead of actually uploading a file. But when I save the row with the other 2 fields on the screen filled in and not the inputFile I get the error, "Cannot Find the File Specified." Is there any way that I can tell it, that if it doesn't have a path, to not try to upload a file?
I am using:
JDeveloper 11.1.1.4.0
Oracle 11g with OrdSys.OrdDoc column to hold the file.
Any help would be appreciated,
MichelleI figured out the problem, and it was caused by JHeadstart. I placed a default display value in JHeadstart for the download link. This caused a default values bean to be created by jheadstart and that bean was what was causing my problem. The download link had a display value, but not a valid path. I removed the default value, re-generated the screen and it is totally fixed. I have pretty much decided that it is never a good idea to use a default value in Jheadstart.
Thanks for your help,
Michelle -
Problem using CLIENT_HOST to FTP files from forms 10g
Hi,
I'm trying to use forms 10g ODS & webutil on NT to allow a user to select a file on their machine or the network and transfer the file to a DB server. I want to transfer the file to the file system on the server NOT to a BLOB column on a table. I've used webutil (client_get_file_name) to display the dialog box and allow the user to select a file. This works fine. However, when I try to use CLIENT_HOST to FTP the selected
to the remote server it fails. I'm issuing the following
command from within forms:
CLIENT_HOST('CMD /C ftp -n -s:C:\test_ftp.txt');
Something tries to kick off and a grey area the size of a dos window flashes on to the screen for a couple of seconds but the FTP does not happen. The test_ftp.txt script is a simple ftp script that transfers one file and I know it works as I can run it successfully from DOS or NT command prompt.
Questions:
(1) Does anyone know how to pause the DOS window so you
can see what is actually happening ?
(2) Has anyone implemented FTP functionality
successfully using CLIENT_HOST in the same way that's
I'm trying ?
Any help would be appreciated.
Declan.Okay...
Try this. For testing put your command in a .bat-file. In this .bat-file spool the output to a text-file. I'm not sure about the spooling syntax under Windows, check the Windows documentation for that. Like:
ftp.bat
start spooling to ftp.out
cmd /c .... (your ftp commando line)
stop spooling
Perhaps the problem is that it doesn't find the ftp commando? Try hardcode the path like c:\windows\ftp ... etc! -
Problems using a php include file with an Add-on Domain.
Hello,
I am having an issue getting a php include file to work with a new add-on domain I am working on getting up and running.
This include file is one that supplies the rest of the php code to a contact form page. It works as it should for my original domain, same file no difference. I made sure that the files hosted on the remote server had all read, write, execute permissions turned on.
I have tried putting the include file in several different locations as a test, such as:
I don't remember the exact name of the include file at the moment, as I'm at work so I will designate it below as 'includefile.php'.
file path for add-on domain - ../public_html/lorentzpainting/includes/includefile.php
alternatives I tried moving the file to - ../public_html/lorentzpainting/includefile.php
When none of those options worked, I tried just pointing the path towards other places on the server that have the include file such as:
../public_html/includes/includefile.php
../public_html/includefile.php
What can I do here? Should I just give up on using the include and put all the code back in the page? Doesn't seem like it should be this complicated, it works perfectly fine for my other site.. and still does.
Thanks ahead of time to those who may assist me.here is the contents of the include file:
<?php
if (isset($_SERVER['SCRIPT_NAME']) && strpos($_SERVER['SCRIPT_NAME'],
'.inc.php')) exit;
// remove escape characters from POST array
if (PHP_VERSION < 6 && get_magic_quotes_gpc()) {
function stripslashes_deep($value) {
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value;
$_POST = array_map('stripslashes_deep', $_POST);
// assume that there is nothing suspect
$suspect = false;
// create a pattern to locate suspect phrases
$pattern = '/Content-Type:|Bcc:|Cc:/i';
// function to check for suspect phrases
function isSuspect($val, $pattern, &$suspect) {
// if the variable is an array, loop through each element
// and pass it recursively back to the same function
if (is_array($val)) {
foreach ($val as $item) {
isSuspect($item, $pattern, $suspect);
else {
// if one of the suspect phrases is found, set Boolean to true
if (preg_match($pattern, $val)) {
$suspect = true;
//check the $_POST array and any subarrays for suspect content
isSuspect($_POST, $pattern, $suspect);
if (!empty($_POST['url'])) {
$suspect = true;
if ($suspect) {
$mailSent = false;
unset($missing);
} else {
//process the $_POST variables
foreach ($_POST as $key => $value) {
// assign to temporary variable and strip whitespace if not an array
$temp = is_array($value) ? $value : trim($value);
// if empty and required, add to $missing array
if (empty($temp) && in_array($key, $required)) {
array_push($missing, $key);
} elseif (in_array($key, $expected)) {
// otherwise, assign to a variable of the same name as $key
${$key} = $temp;
//validate the email address
if (!empty($email)) {
// regex to identify illegal characters in email address
$checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
//reject the email address if it doesn't match
if (!preg_match($checkEmail, $email)) {
$suspect = true;
$mailSent = false;
unset($missing);
//go ahead only if all required fields OK
if (!$suspect && empty($missing)) {
//initialize the $message variable
$message = '';
// loop through the $expected array
foreach($expected as $item) {
// assign the value of the current item to $val
if (isset(${$item}) && !empty(${$item})) {
$val = ${$item};
} else {
// if it has no value, assign 'Not selected'
$val = 'Not selected';
// if an array, expand as comma-sparated string
if (is_array($val)) {
$val = implode(',', $val);
// add label and value to the message body
$message .= ucfirst($item).": $val\r\n\r\n";
//limit line length to 70 characters
$message = wordwrap($message, 70);
//create Reply-To header
if (!empty($email)) {
$headers .= "\r\nReply-To: $email";
// send it
$mailSent = mail($to, $subject, $message, $headers);
if ($mailSent) {
// $missing is no longer needed if the email is sent, so unset it
unset($missing); echo('Thank you for contacting Common Wealth Web Solutions');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
</body>
</html> -
Problem using iPod to backup files
Sorry to double post, but I just realized that I'd somehow managed to post this on the Mac forum.
Using WinXP Pro SP2, I connected my 60G iPod and checked Enable disk use. I then tried several times to transfer files to the iPod, but kept getting the following message:
"The disk in the destination drive is full. Insert a new disk to continue."
Checking the properties for the drive shows plenty of available space.
Any ideas as to what I'm doing wrong?
Also is it possible to use other than the FATS format on an iPod?How many things do you have connected to usb?
Do you have alot of drive letters in "My Computer"
Windows may be confusing the iPod with a network drive, try changing the drive letter
Mac OS X (10.4.8) -
Problem using scp to copy files between Macs
I've been trying to copy a folder hierarchy containing a slew of icon files between two of my Macs. Using scp has proven to be futile.
The command line I'm using is
scp -r -p -C -E [email protected]:/Icons /Icons
After a number of files are copied I receive the following error message on a file and all thereafter:
./icons/Agrapha-Christmas/Boxes: Too many open files
More specifically the "too many open files" message.
I am using Tiger 10.4.7
What am I doing wrong here?One more piece of information. I ran scp with the verbose switch and have attached a portion of the feedback showing successfull copies followed by the error which occurs on all subsequent files:
Entering directory: D0777 0 Adobe CS Icons
Sending file modes: C0644 6148 .DS_Store
.DS_Store 100% 6148 6.0KB/s 00:00
copyfile(/icons/Adobe CS Icons/..DSStore, /tmp/scp.md.DJyatJ, PACK)
Sending file modes: C0400 82 ..DSStore
..DSStore 100% 82 0.1KB/s 00:00
copyfile(/icons/icons/Adobe CS Icons/..DSStore.N8P, /icons/icons/Adobe CS Icons/.DS_Store, UNPACK)
Sending file modes: C0777 68489 Adobe CS Box.icns
Adobe CS Box.icns 100% 67KB 66.9KB/s 00:01
copyfile(/icons/Adobe CS Icons/._Adobe CS Box.icns, /tmp/scp.md.00r28e, PACK)
Sending file modes: C0400 70745 ._Adobe CS Box.icns
._Adobe CS Box.icns 100% 69KB 69.1KB/s 00:00
copyfile(/icons/icons/Adobe CS Icons/._Adobe CS Box.icns.K7Q, /icons/icons/Adobe CS Icons/Adobe CS Box.icns, UNPACK)
Sending file modes: C0777 56691 Adobe CS Folder 2.icns
Adobe CS Folder 2.icns 100% 55KB 55.4KB/s 00:00
copyfile(/icons/Adobe CS Icons/._Adobe CS Folder 2.icns, /tmp/scp.md.EgDDb2, PACK)
Sending file modes: C0400 58947 ._Adobe CS Folder 2.icns
._Adobe CS Folder 2.icns 100% 58KB 57.6KB/s 00:00
copyfile(/icons/icons/Adobe CS Icons/._Adobe CS Folder 2.icns.hrC, /icons/icons/Adobe CS Icons/Adobe CS Folder 2.icns, UNPACK)
Sending file modes: C0777 57330 Adobe CS Folder 3.icns
Adobe CS Folder 3.icns 100% 56KB 56.0KB/s 00:01
copyfile(/icons/Adobe CS Icons/._Adobe CS Folder 3.icns, /tmp/scp.md.rDiEBy, PACK)
Sending file modes: C0400 59586 ._Adobe CS Folder 3.icns
._Adobe CS Folder 3.icns 100% 58KB 58.2KB/s 00:00
copyfile(/icons/icons/Adobe CS Icons/._Adobe CS Folder 3.icns.5nC, /icons/icons/Adobe CS Icons/Adobe CS Folder 3.icns, UNPACK)
Sending file modes: C0777 56289 Adobe CS Folder.icns
Adobe CS Folder.icns 100% 55KB 55.0KB/s 00:00
copyfile(/icons/Adobe CS Icons/._Adobe CS Folder.icns, /tmp/scp.md.CVrek6, PACK)
Sending file modes: C0400 58545 ._Adobe CS Folder.icns
._Adobe CS Folder.icns 100% 57KB 57.2KB/s 00:00
copyfile(/icons/icons/Adobe CS Icons/._Adobe CS Folder.icns.JMp, /icons/icons/Adobe CS Icons/Adobe CS Folder.icns, UNPACK)
Sending file modes: C0777 54831 Adobe CS Logo.icns
Adobe CS Logo.icns 100% 54KB 53.6KB/s 00:00
copyfile(/icons/Adobe CS Icons/._Adobe CS Logo.icns, /tmp/scp.md.keUSYq, PACK)
Sending file modes: C0400 57087 ._Adobe CS Logo.icns
._Adobe CS Logo.icns 100% 56KB 55.8KB/s 00:00
copyfile(/icons/icons/Adobe CS Icons/._Adobe CS Logo.icns.M39, /icons/icons/Adobe CS Icons/Adobe CS Logo.icns, UNPACK)
Entering directory: D0777 0 Agrapha-Christmas
Sending file modes: C0644 12292 .DS_Store
.DS_Store 100% 12KB 12.0KB/s 00:00
copyfile(/icons/Agrapha-Christmas/..DSStore, /tmp/scp.md.1s6tDJ, PACK)
Sending file modes: C0400 82 ..DSStore
..DSStore 100% 82 0.1KB/s 00:00
copyfile(/icons/icons/Agrapha-Christmas/..DSStore.Jmw, /icons/icons/Agrapha-Christmas/.DS_Store, UNPACK)
Sending file modes: C0777 0 Angel
Angel 100% 0 0.0KB/s 00:00
copyfile(/icons/Agrapha-Christmas/._Angel, /tmp/scp.md.hueGHQ, PACK)
Sending file modes: C0400 44820 ._Angel
._Angel 100% 44KB 43.8KB/s 00:00
copyfile(/icons/icons/Agrapha-Christmas/._Angel.ZDF, /icons/icons/Agrapha-Christmas/Angel, UNPACK)
Sending file modes: C0777 0 Basket
Basket 100% 0 0.0KB/s 00:00
copyfile(/icons/Agrapha-Christmas/._Basket, /tmp/scp.md.8NWfFT, PACK)
Sending file modes: C0400 49608 ._Basket
._Basket 100% 48KB 48.5KB/s 00:00
copyfile(/icons/icons/Agrapha-Christmas/._Basket.eIY, /icons/icons/Agrapha-Christmas/Basket, UNPACK)
Sending file modes: C0777 0 Boxes
Boxes 100% 0 0.0KB/s 00:00
copyfile(/icons/Agrapha-Christmas/._Boxes, /tmp/scp.md.oWFB8k, PACK)
Sending file modes: C0400 46314 ._Boxes
._Boxes 100% 45KB 45.2KB/s 00:00
copyfile(/icons/icons/Agrapha-Christmas/._Boxes.GGu, /icons/icons/Agrapha-Christmas/Boxes, UNPACK)
Sending file modes: C0777 0 Broach
/icons/icons/Agrapha-Christmas/Broach: Too many open files
Sending file modes: C0777 0 Candy Cane
/icons/icons/Agrapha-Christmas/Candy Cane: Too many open files
Starting with the Broach file, all subsequent files display the error "too many open files". -
Zip Exception Problem using jeode to unzip file
Hi,
I am using a JAva application, that has a client running on the IPAQ-Jeode JVM and the server is on JDK 1.3.
The application is using RMI to communicate between the Server and the PDA. The application code is running on JDK 1.3. Once the RMI communication is established, the server (during deployment) creates a ZIP file The zip file is serialized to the client machine (in this case, the Ipaq). The Client code later, running on Jeode, tries to unzip this file and extract the files.
We observed that the files created by the server (on JDK 1.3) cannot be unzipped by the Jeode JVM and gives an Zip Exception. The same zip file can be successfully uncompressed by machines having Sun's J2SE versions JDK 1.3 and JDK 1.1.8(which is compatible with PJava).
The exception which I receive is
2002-02-28 12:05:37,194 [Thread-0] INFO com.op40.utl.LogStream - java.util.zip.ZipException
2002-02-28 12:05:37,213 [Thread-0] INFO com.op40.utl.LogStream - at java.util.zip.ZipInputStream.read (bytecode 305)
2002-02-28 12:05:37,234 [Thread-0] INFO com.op40.utl.LogStream - at com.op40.java.util.InputStreamToOutputStream.copy (bytecode 54)
2002-02-28 12:05:37,879 [Thread-0] INFO com.op40.utl.LogStream - at com.op40.java.util.FileToStream.copy (bytecode 71)
2002-02-28 12:05:37,895 [Thread-0] INFO com.op40.utl.LogStream - at com.op40.dis.asset.FleAad.setPayload (bytecode 124)
2002-02-28 12:05:37,913 [Thread-0] INFO com.op40.utl.LogStream - at com.op40.dis.deployer.Adp.immediateDeploy (bytecode 141)
2002-02-28 12:05:38,000 [Thread-0] INFO com.op40.utl.LogStream - at com.op40.dis.deployer.Adp.immediateDeploy (bytecode 28)
2002-02-28 12:05:38,020 [Thread-0] INFO com.op40.utl.LogStream - at com.op40.dis.deployer.Adp.scheduleDeployment (bytecode 91)
2002-02-28 12:05:38,037 [Thread-0] INFO com.op40.utl.LogStream - at com.op40.dis.deployer.Adp.deployAssets (bytecode 17)
2002-02-28 12:05:38,632 [Thread-0] INFO com.op40.utl.LogStream - at com.op40.dis.client.CdaImpl.processAssets (bytecode 33)
2002-02-28 12:05:38,652 [Thread-0] INFO com.op40.utl.LogStream - at com.op40.dis.asttpt.PtpAstRcv.processAssets (bytecode 82)
2002-02-28 12:05:38,669 [Thread-0] INFO com.op40.utl.LogStream - at com.op40.dis.asttpt.PtpAstRcv.access$900 (bytecode 3)Is your client running as an applet or application? I have a client applet that tries to connect to my RMI server, but I keep getting the following exception even though java.rmi.registry.LocateRegistry is in the /Windows/lib/core.jar.
java.lang.NoClassDefFoundError: java/rmi/registry/LocateRegistry
at java.rmi.Naming.getRegistry (bytecode 12)
at java.rmi.Naming.list (bytecode 6)
Test.init (bytecode 6)
com.insignia.applet.AppletPanel.run (AppletPanel.java, line 0)
java.lang.Thread.run (bytecode 11)If you have any suggestions, that'd be great. You can contact me at [email protected]
Thanks,
Eric -
Troubleshooting Network Problems Using Log and Trace Files
Hi,
can any one tell me how to generate trace and log files related to network errors.start with inspecting listener.log
Post tailend (last 40 lines here) of listener.log -
Problems using 1080/50p video files in Premiere CS5 to Encore onto Blu-ray
Firstly apologies if this has been covered, I've searched various forums but not found anything on 1080/50p.
I have a Panasonic HDC-TM700 video camera which I only had for a week or so before I went on a weeks holiday in Egypt, so I thought I'd record my memories in the superb 1080/50p mode.
Upon returning I am now editing my work in Premiere CS5, the resulting video is very jerky (it plays back OK on the camera), rendering a sample in Encore I discover Blu-ray doesn't support 1080/50p so I tried the HDTV 1080i 25 setting, on the resulting Blu-ray the panning scenes are not smooth viewing and the video is still rather jerky.
Should I have recorded the footage in 1080 interlaced instead?
Does anybody know if I can salvage my memories?
Hoping you can help
Regards
KevinI have the same camera, only it's NTSC so 1080p60. What I do for now, until there is wider acceptance for this format, is that I export to 720p60. I know I may sound like a party pooper but I prefer progressive before interlaced... I am sure there will be support for 1080p50 or 1080p60 in the near future, so your memories will not be lost!
Some Bluray players do support 1080p60/50, but not from a disc but an SD card instead. If that's an option for you, go with that!
Here's the player I use which plays back 1080p60 beautifully from SD, I'm sure there is an equivalent player for PAL:
https://panasonic.ca/english/audiovideo/bluray/players/DMPBDT100.asp -
Granting different permissions to different codebases : policy file problem
Hi all. I'm having a bit of a problem with policy files and granting different persmissions to different codebases. What I have at the moment is a server app that copies a class file from the client to a specified directory on the server, and then dynamically loads and runs that class. This all works fine, but obviously as user submitted code is going to be run on the server I want to restrict what they are allowed to do. My app is going to be bundled up in a single jar file, and the directory that the client code is being copied to a subdirectory of the app installtion (not that this should make much difference). What i want to do is grant all permissions to my code in the jar file and resrict the permssions granted to code in the strategies directory. I assumed i would just be able to do this using my own policy file, but at the moment i'm not having much luck.
Directory structure:
c:/project/code/
|
|-labyrinth.jar
|-strategies/
Contents of labyrinth.policy:
grant codeBase "file:../code/labyrinth.jar" {
permission java.security.AllPermission;
Command line arguments:
java -Djava.security.manager -Djava.security.policy==./labyrinth.policy -classpath .;./labyrinth.jar;./strategies/;%CLASSPATH%; labyrinth.LabyrinthServer
I've tried specifiying the absolute path to the jar file in the policy file as well as the relative path, i've tried including -Xbootclasspath/a and appending the jar file. All I seem to be able to manage though is either granting all permissions system wide, including the strategies dir, or none and getting security exceptions within my code. Anyone tried doing anything similair or got any idea where I might be going wrong? Any help would be appreciated as its really starting to doing my head in.
TIA. Matt.Did you try putting a slash at the beginning of your "file" specification? e.g., instead of saying
grant codeBase "file:../code/labyrinth.jar" {
permission java.security.AllPermission;
say
grant codeBase "file:/../code/labyrinth.jar" {
permission java.security.AllPermission;
Hope this helps. -
Problem with policy file in Activatable tutorial
hi all,
i am just playing with the classes that comes with the RMITutorial.
i am actually trying to execute the code that comes with the 'Creating an Activatable Object' tutorial, but i am having a lot of problems due to the policy file.
First of all, i must say that i extracted all the classes in the directory d:\FalcoDevelopment;
all the files has been put in the following directory:
d:\FalcoDevelopment\examples\activation
In hte Setup.java class there is the following line of code:
props.put("java.security.policy", "examples/activation/policy");
when i have to run the Setup.class, i have to enter the following command
java -Djava.security.policy=/home/rmi_tutorial/activation/policy
-Djava.rmi.server.codebase=file:/home/rmi_tutorial/activation/ examples.activation.Setup
so, since i have to change to my own path,and since i am in the d:\FalcoDevelopment directory, i entered
java -Djava.security.policy=/examples/activation/policy -Djava.rmi.server.codebase=file:/d:/FalcoDevelopment/examples/activation/ examples.activation.Setup
when i then run the Client with the following command
java -Djava.security.policy=/examples/activation/policy
examples.activation.Client myhostname
it always return me a Security exception..
can anyone tell me what is the CORRECT path that i have to put for the above -D properties??
thanx in advance and regards
marcoHello,
I am having the same problem but to start with you are mixing up NT and UNIX things, like file paths
Other thing is you are using the tutorial given file paths. You must use your own file paths, as you have installed the classes.
I know its not much help, but still :0)
Kudos
ravi -
Load XML file from addon domain without cross-domain Policy file
Hello.
Assuming that there are two addon domains on the same server: /public_html/domain1.com and /public_html/domain2.com
I try to load XML file from domain2.com into domain1.com without using cross-domain policy file (since it doesn’t work on xml files in my case).
So the idea is to use php file in order to load XML and read it back to flash.
I’ve found an interesting scripts that seems to do the job but unfortunately I can't get it to work. In my opinion there is somewhere problem with AS3 part. Please take a look.
Here are the AS3/PHP scripts:
AS3 (.swf in www.domain1.com):
// location of the xml that you would like to load, full http address
var xmlLoc:String = "http://www.domain2.com/MyFile.xml";
// location of the php xml grabber file, in relation to the .swf
var phpLoc:String = "loadXML.php";
var xml:XML;
var loader:URLLoader = new URLLoader();
var request:URLRequest = new URLRequest(phpLoc+"?location="+escape(xmlLoc) );
loader.addEventListener(Event.COMPLETE, onXMLLoaded);
loader.addEventListener(IOErrorEvent.IO_ERROR, onIOErrorHandler);
loader.load(request);
function onIOErrorHandler(e:IOErrorEvent):void {
trace("There was an error with the xml file "+e);
function onXMLLoaded(e:Event):void {
trace("the rss feed has been loaded");
xml = new XML(loader.data);
// set to string, since it is passed back from php as an object
xml = XML(xml.toString());
xml_txt.text = xml;
PHP (loadXML.php in www.domain1.com):
<?php
header("Content-type: text/xml");
$location = "";
if(isset($_GET["location"])) {
$location = $_GET["location"];
$location = urldecode($location);
$xml_string = getData($location);
// pass the url encoded vars back to Flash
echo $xml_string;
//cURLs a URL and returns it
function getData($query) {
// create curl resource
$ch = curl_init();
// cURL url
curl_setopt($ch, CURLOPT_URL, $query);
//Set some necessary params for using CURL
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//Execute the curl function, and decode the returned JSON data
$result = curl_exec($ch);
return $result;
// close curl resource to free up system resources
curl_close($ch);
?>I think you might be right about permissions/settings on the server for php. Unfortunately I'm not allowed to adjust them.
So I wrote my own script - this time I used file path instead of http address of the XML file. It works fine in my case.
Here it is:
XML file on domain2.com:
<?xml version="1.0" encoding="UTF-8"?>
<gallery>
<image imagePath="galleries/gallery_1/images/1.jpg" thumbPath="galleries/gallery_1/thumbs/1.jpg" file_name= "1"> </image>
<image imagePath="galleries/gallery_1/images/2.jpg" thumbPath="galleries/gallery_1/thumbs/2.jpg" file_name= "2"> </image>
<image imagePath="galleries/gallery_1/images/3.jpg" thumbPath="galleries/gallery_1/thumbs/3.jpg" file_name= "3"> </image>
</gallery>
swf on domain1.com:
var imagesXML:XML;
var variables:URLVariables = new URLVariables();
var varURL:URLRequest = new URLRequest("MyPHPfile.php");
varURL.method = URLRequestMethod.POST;
varURL.data = variables;
var MyLoader:URLLoader = new URLLoader;
MyLoader.dataFormat =URLLoaderDataFormat.VARIABLES;
MyLoader.addEventListener(Event.COMPLETE, XMLDone);
MyLoader.load(varURL);
function XMLDone(event:Event):void {
var imported_XML:Object = event.target.data.imported_XML;
imagesXML = new XML(imported_XML);
MyTextfield_1.text = imagesXML;
MyTextfield_2.text = imagesXML.image[0].attribute("thumbPath"); // sample reference to attribute "thumbPath" of the first element
php file on domain1.com:
<?php
$xml_file = simplexml_load_file('../../domain2.com/galleries/gallery_1/MyXMLfile.xml'); // directory to XML file on the same server
$imported_XML = $xml_file->asXML();
print "imported_XML=" . $imported_XML;
?>
Regards
PS: for those who read the above discussion: the first and the second script work but you must test which one is better in your situation. The first script will also work between two domains on different servers. No cross domain policy file needed. -
Signed applets called from javascript - how/where to load policy file?
I'm running into some apparently well-known problems with signed applets accessing a client machine's hard drive.
So, I can get things to work if I place the following two lines in my 'local' JDK installation:
permission java.io.FilePermission "${user.home}/x.properties", "read,write";
permission java.util.PropertyPermission "user.home", "read";These let me a) read the user's home directory and b) read/write a file that's located there.
What I don't want to do is edit the java.policy file, but I'm having problems loading a separate policy file. The app server we run with our product is jetty, and I'm assuming I would be passing in the '-Djava.security.policy=='filename' with the other jetty start-up parameters- is this a correct assumption? And, what path do I give for the file, will I need to put it somewhere in the .war file we distribute, or in the JDK installation on the server? If it's on the server, will client machine's know about these extra rights?
I'd REALLY appreciate any help I could get on this...
thanks in advance,
+0^^Maybe you didn't realize but my previous post was sarcastically ment:
"hello SUN security stop bugging me in writhing this malicious program"
and
"hello SUN security, I'm a good boy now trust what I'm doing"
Are in a practical sense exactly the same.
SUN should either remove the stack check or the doprivileged. The stack check takes up
valuable resources for nothing since a malicious program can easily circumvent that.
Your post about a malicious user abusing your (CA) signed applet to ruine someone's
system is correct, it would not be difficult. A CA signed applet will not even ask a user to
trust or not. This is one of the reasons we have the usepolicy in affect, but this cannot be
used on "grandma's old PC" since it's too complicated for users to do such things.
YOU seem to be the one to blame, not the hacker! (The user accepted YOUR
certificate!).Actually you are to blame, because you made software that exposes a vonurability
other people can take advantage of.
what you can do before calling the doprivileged private method is check the call stack.
So your signed applet has a public method checking the callstack, if this lookes OK
that method will call the private doprivileged method.
Here is the example
package t;
import java.util.Properties;
import java.applet.Applet;
public class test extends Applet {
public test(){
startingPrivileged();
public void startingPrivileged(){
System.out.println("this is the stack");
try{
throw new Exception("get the call stack");
}catch(Exception e){
StackTraceElement stack[] = e.getStackTrace();
for (int i=0; i<stack.length; i++) {
System.out.println("file: " + stack.getFileName() + " method: " + stack[i].getMethodName() + " class: " + stack[i].getClassName() + " at " + new Integer(i).toString());
// this is a really simple check to see if this method was started from the t. package
// a good hacker can just create it's own package named t and take advantage of this method
// if this method was started from the same package there is no reason to make this method
// public, protected would work.
// there must be a better way to check if this method was called by "your" or "trusted" code
if(stack[1].getClassName().startsWith("t.")){
dosomePrivileged();
private void dosomePrivileged(){
System.out.println("this is the method that does privileged stuff");
public static void main(String args[]) {
new test();
Maybe you are looking for
-
Hello Experts, There are 2 issues 1)More than one copy of Print of Export invoices 2)A Contract number to be mentioned/flown into Export Invoice Are they both done by ABAPers or SD has a role in that.Kindly guide. Regards, Raj
-
Can't preview NEF files in Bridge to see/sort/rate
I've purchased CS6 and cannot view my new nikon d800 NEF files in Bridge. I can see them in Lightroom, but have always used bridge to sort/rate my images before importing them.
-
URGENT HELP !!! ORA-31011: XML parsing failed
Hi, Oracle 9.2.0.4 I've run into ORA-31011: XML parsing failed ORA-19202: Error occurred in XML processing LPX-00247: invalid Document Type Declaration (DTD) Error at line 1 ORA-06512: at line 15 during updateXML operation under CLOB resource. It see
-
See question.
-
Hello, I was reading a help.sap.com site. I don't understand that sentence: "The communication channel in which the RFC adapter is defined must be defined for a service of type Business System in the area Service Without Party. In the PCK, you must c