Security manager enabled w/o -Djava.security.manager

Hi all,
I am facing an issue where java.policy is being enforced w/o a -Djava.security.manager specified on the command line.
from ps -ef | grep java, I found the java process and it does not have -Djava.security.manager. However, when I modify jdk/jre/lib/security/java.policy, I can see the effect of the security setting when I restart the java process. I scanned through the source code, I do not find any setSecurityManager() API call either.
Given the above, does anyone have suggestion on how the security manager is enabled in this case?
Regards,
Tom

System.setProperty("java.security.manager","true");
System.getProperties().setProperty("java.security.manager","true");
Properties p = System.getProperties();
p.setProperty("java.security.manager","true");
// etc

Similar Messages

Enable security manager netbeans - where/how ?

How do I enable the java security manager in netbeans ?
for example -
the way I do on command line is :
java -Djava.security.policy=/Desktop/TestSecurity/pol.txt -Djava.security.manager test
Where do I give these options -Djava.security.policy=/Desktop/TestSecurity/pol.txt -Djava.security.manager while working in netbeans...

* reply to peter lawrey
my browser hs gone crazy..
nope,
the link talks about command line argument, this one is vm argument.
Edited by: javaflex on Jul 28, 2008 1:31 PM

WebLogic Admin Console won't work with java security manager enabled.

By just enabling the security manager on the command line with -Djava.security.manager and using the default weblogic.policy in the server/lib directory, the admin console will not work. I just see a blank page when I try to access the admin console with permission errors all over on the server console.
In looking at the admin console's weblogic.xml it should have access to everything since it contains:
grant {
permission java.security.AllPermission;
Are there known issues with this? If I add this permission to the weblogic.policy file everything works fine but then I might as well not turn on the security manager.
Thanks,
Dave

David,
I was glad to see your post regarding WLS 9.2 and the troubles with enabling Java Security Manager.
Were you able to learn any more on things like - why doesn't the admin console work when the security manager is enabled with the default policy file. Also, why is it so difficult to add permissions for your own applications and get them to actually work.
I'd be curious to see if you were able to get it to work or if you have any insights or resources that can help with this as we are really struggling to get a restrictive policy file that works.
Thanks,
D

Business Objects XI R2 SP2 with Tomcat and Security Manager enabled

XI R2 SP2 Unix server:
I need to start the tomcat that is embedded in Business Objects with Security Manager enabled. Is there a writeup on how to do that? This changes the port that tomcat runs on, so do I just change all references to the port that it is currently running? Is it that simple?
Thanks for any advice!

It sounds like an issue that would need to be troubleshot by an engineer. Can you open a message with support?
Cluster members for client tools are defined in the windows registry. Does infoview work?
Regards,
Tim

Java -Djava.security.manager -Djava.security.policy=myPolicy classfile

Hi everybody and Sun's member,
From the command line we can install security manager as follows :
java -Djava.security.manager - Djava.security.policy=myPolicy
is it possible to install security manager and policy file by our program. Sugestion pliz.
Regards
Gt

Thanks for your sugesstion. With this command "java -Djava.security.manager - Djava.security.policy=myPolicy" we are installing Security Manager and Policy file. What will be the minimum code for the above command, as I want to install dynamically (I mean how to spacify and install Security manager and policy files by programatically). Appreatiating anybodies sugesstion.
Regards
Gt

Weblogic 6.1 and -Djava.security.manager license failed

I just tried to run (under jbuilder6), weblogic 6.1 sp3 (evaluation) and I have
got a :
$$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
Unable to start WebLogic Server !!
Null public key
$$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
The VM parameters I use are :
-ms64m -mx64m
-Djava.library.path=C:/bea/wlserver6.1/bin
-Dbea.home=C:/bea
-Dweblogic.Domain=cyradeladomain -Dweblogic.Name=name
-Djava.security.policy==C:/bea/wlserver6.1/lib/weblogic.policy --Dweblogic.management.password=xxxxxxx
-Djava.security.manager
-Djava.security.debug=failure
Did I missed some VM parameters ? What should I do to bypass this error?
thanks!

I'm getting the same problem running weblogic 7.0 with sp 1.
Any other ideas on how to solve it?
"kirann" <[email protected]> wrote:
do you need to run the server with java security manager if not required
then remove -Djava.security.manager
else given full permission to the code based weblogic is in!
thanks
kiran
"ezablith" <[email protected]> wrote in message
news:3ddce60a$[email protected]..
I just tried to run (under jbuilder6), weblogic 6.1 sp3 (evaluation)and I
have
got a :
$$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
Unable to start WebLogic Server !!
Null public key
$$$$$$$$$$$$$$$$ License Exception $$$$$$$$$$$$$$$$
The VM parameters I use are :
-ms64m -mx64m
-Djava.library.path=C:/bea/wlserver6.1/bin
-Dbea.home=C:/bea
-Dweblogic.Domain=cyradeladomain -Dweblogic.Name=name
-Djava.security.policy==C:/bea/wlserver6.1/lib/weblogic.policy --Dweblogic..management.password=xxxxxxx
-Djava.security.manager
-Djava.security.debug=failure
Did I missed some VM parameters ? What should I do to bypass this error?
thanks!

Error while "Enabling Security for Oracle Management Service"

Hi,
I have installed OEM 10GR1 on Solaris 9. I am using 9.2.0 database for repository.
My first installation of OEM and agent went smoothly, and everything was working fine.
Then, I tried to follow configurating security for Grid Control Framework. I got following error:
/oracle/app/oracle/product/10gEM>cd bin
/oracle/app/oracle/product/10gEM/bin>./emctl secure oms
Oracle Enterprise Manager 10g Release 10.1.0.3.0.
Copyright (c) 1996, 2004 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root Password :
Enter Agent Registration password :
Enter a Hostname for this OMS :
Checking Repository... Done.
Checking Repository for an existing Enterprise Manager Root Key... Done.
Generating Enterprise Manager Root Key (this takes a minute)... Done.
Fetching Root Certificate from the Repository... Done.
Generating Registration Password Verifier in the Repository... Done.
Generating Oracle Wallet Password for Enterprise Manager OMS... Done.
Generating Oracle Wallet for Enterprise Manager OMS...Missing /oracle/app/oracle/product/10gEM/sysman/wallets/oms.uxtora1/ewallet.p12
:/oracle/app/oracle/product/10gEM/bin>
Please help.

Thanks for response. I had temp space full issue with repository database. After bouncing database, the temp tablespace became empty, and the secure operation went smooth.

Unable to open tomcat

I have BOE XI 3.1 with SP2 installed on Windows Server 2008 (64 bit). I have both CMC & Infoview working.
I am trying to open Tomcat Configuration to set up SSO, but it is giving an error message, "Access is denied. Unable to open the service 'BOE120Tomcat'.
I could see Tomcat service running under the windows service manager. Even tried running the Tomcat5.exe from "\Tomcat55\bin" folder, but it didnt openup any window. How to resolve this.
Or is there any other way to add the below two lines in Tomcat to enable SSO.
-Djava.security.auth.login.config=C:\winnt\bscLogin.conf
-Djava.security.krb5.conf=C:\winnt\Krb5.ini

Open up your Start > Run command and type in the following. You might have to change the path to the tomcat5w.exe if not installed to the default C:\ drive. The end is important as it tells which instance of Tomcat to open the config manager for. I don't believe launching the tomcatw.exe directly will work.
"C:\Program Files\Business Objects\Tomcat55\bin\tomcat5w.exe" //ES//BOE120Tomcat
The last part of the command is the service name for Tomcat. If you are using Tomcat that was installed with the default XI 3.1 installation, the above should work. If you installed your own instance of Tomcat separately, go into Administrative Tools > Services and open the properties of Tomcat. The Service Name is normally "BOE120Tomcat" but change this part of the command line if yours is named different.
Edited by: Joshua Kuhn on Jun 10, 2010 3:02 PM

How do u read the hs_err_pid pid .log file

Hi,
When using hprof or any profiling tool, the hotspot vm crashes and generates the following file. How do we read this file or make any sense of it. Is there any utility, etc..
We are using hotspot jvm 1.4.2_12.
Any help will be appreciated.
BTW here is the latest hs file.
# An unexpected error has been detected by HotSpot Virtual Machine:
# SIGSEGV (0xb) at pc=0x6dc487e6, pid=6147, tid=1674062752
# Java VM: Java HotSpot(TM) Server VM (1.4.2_12-b03 mixed mode)
# Problematic frame:
# C [libhcclsm.so+0x97e6] ossRamboIsFlushing__FP10OSSRamboCB+0x6
--------------- T H R E A D ---------------
Current thread (0x6d0ec870): JavaThread "Thread-10" daemon [_thread_in_native, id=6173]
siginfo:si_signo=11, si_errno=0, si_code=1, si_addr=0x686e31e0
Registers:
EAX=0x686e3154, EBX=0xb7fcf4a4, ECX=0x080b4938, EDX=0x08cf42a1
ESP=0x63c81d4c, EBP=0x63c81d4c, ESI=0x63c81f34, EDI=0x63c81f54
EIP=0x6dc487e6, CR2=0x686e31e0, EFLAGS=0x00010212
Top of Stack: (sp=0x63c81d4c)
0x63c81d4c: 63c81dac 6dc447eb 686e3154 00000001
0x63c81d5c: 00000000 00000000 00000000 00000000
0x63c81d6c: 00000000 00000000 00000001 0000007d
0x63c81d7c: 00000000 686e3154 e8a53863 00000004
0x63c81d8c: 63c81dcc 6dc78801 a86a4000 41d19a0e
0x63c81d9c: 08cf42a2 00000021 00000009 00000004
0x63c81dac: 63c81ddc 6dc4fa85 080b4930 08cf4298
0x63c81dbc: 00000079 63c81f54 63c81ddc 00a7095b
Instructions: (pc=0x6dc487e6)
0x6dc487d6: 02 83 e0 01 88 c0 5d c3 89 f6 55 89 e5 8b 45 08
0x6dc487e6: 8b 80 8c 00 00 00 c1 e8 03 83 e0 01 88 c0 5d c3
Stack: [0x63c10000,0x63c83000), sp=0x63c81d4c, free space=455k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [libhcclsm.so+0x97e6] ossRamboIsFlushing__FP10OSSRamboCB+0x6
C [libhcclsm.so+0x57eb] ossRamboMultiSlotCopy+0x73
C [libhccldt.so+0xa85] ra_writeMessageBlock+0xfd
C [libpiAgent.so+0x16afc] jvmpiAgent_print+0x3c
C [libpiAgent.so+0x19f19] jvmpiAgent_printObjAllocElement+0x2a9
C [libpiAgent.so+0x1f97a]
C [libpiAgent.so+0x20499]
V [libjvm.so+0x35bf4b]
V [libjvm.so+0x44d474]
V [libjvm.so+0x2b8af8]
V [libjvm.so+0x3b760f]
V [libjvm.so+0x2cacdc]
j com.appiancorp.kougar.driver.pooling.a.run()V+8
j java.util.TimerThread.mainLoop()V+221
j java.util.TimerThread.run()V+1
v ~StubRoutines::call_stub
V [libjvm.so+0x2d5a54]
V [libjvm.so+0x3bd559]
V [libjvm.so+0x2d5ca6]
V [libjvm.so+0x2d5576]
V [libjvm.so+0x2d60ef]
V [libjvm.so+0x32fec5]
V [libjvm.so+0x43ab1a]
V [libjvm.so+0x435d33]
V [libjvm.so+0x3bf083]
C [libpthread.so.0+0x53cc]
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j com.appiancorp.kougar.driver.pooling.a.run()V+8
j java.util.TimerThread.mainLoop()V+221
j java.util.TimerThread.run()V+1
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x081ed380 JavaThread "Thread-40" [_thread_in_native, id=6151]
0x088b1240 JavaThread "http-0.0.0.0-8080-1" daemon [_thread_blocked, id=6196]
0x088b0410 JavaThread "TP-Monitor" daemon [_thread_blocked, id=6195]
0x088af880 JavaThread "TP-Processor10" daemon [_thread_in_native, id=6194]
0x08bf74b8 JavaThread "TP-Processor9" daemon [_thread_blocked, id=6193]
0x095235d0 JavaThread "TP-Processor8" daemon [_thread_blocked, id=6192]
0x09522e40 JavaThread "TP-Processor7" daemon [_thread_blocked, id=6191]
0x09522380 JavaThread "TP-Processor6" daemon [_thread_blocked, id=6190]
0x08c33590 JavaThread "TP-Processor5" daemon [_thread_blocked, id=6189]
0x082d6a70 JavaThread "TP-Processor4" daemon [_thread_blocked, id=6188]
0x09523cf0 JavaThread "TP-Processor3" daemon [_thread_blocked, id=6187]
0x08c34318 JavaThread "TP-Processor2" daemon [_thread_blocked, id=6186]
0x08bb0d18 JavaThread "TP-Processor1" daemon [_thread_blocked, id=6185]
0x6b5ac448 JavaThread "http-0.0.0.0-8080" daemon [_thread_in_native, id=6184]
0x6b515998 JavaThread "JBossLifeThread" [_thread_blocked, id=6183]
0x6b5ac448 JavaThread "http-0.0.0.0-8080" daemon [_thread_in_native, id=6184]
0x6b515998 JavaThread "JBossLifeThread" [_thread_blocked, id=6183]
0x6b2c3f68 JavaThread "Thread-14" daemon [_thread_blocked, id=6181]
0x6b5cdba0 JavaThread "Thread-13" daemon [_thread_blocked, id=6180]
0x6b258ee8 JavaThread "Thread-12" daemon [_thread_blocked, id=6175]
0x6a8829e8 JavaThread "Thread-11" daemon [_thread_blocked, id=6174]
=>0x6d0ec870 JavaThread "Thread-10" daemon [_thread_in_native, id=6173]
0x0826be80 JavaThread "Thread-9" daemon [_thread_blocked, id=6172]
0x08bf9f40 JavaThread "Thread-8" daemon [_thread_blocked, id=6171]
0x08cc18f8 JavaThread "Thread-7" daemon [_thread_blocked, id=6170]
0x08bfa3d8 JavaThread "Thread-6" daemon [_thread_blocked, id=6169]
0x0826b6f0 JavaThread "Thread-5" daemon [_thread_blocked, id=6168]
0x6b024498 JavaThread "Thread-4" daemon [_thread_blocked, id=6167]
0x0889bd88 JavaThread "HSQLDB Timer @ae1cf" daemon [_thread_blocked, id=6166]
0x08767b58 JavaThread "ContainerBackgroundProcessor[StandardEngine[jboss.web]]" daemon [_thread_blocked, id=6165]
0x08745de0 JavaThread "GC Daemon" daemon [_thread_blocked, id=6164]
0x087362a8 JavaThread "RMI Reaper" [_thread_blocked, id=6163]
0x08741bd0 JavaThread "Thread-2" daemon [_thread_blocked, id=6162]
0x08742940 JavaThread "RMI TCP Accept-4445" daemon [_thread_in_native, id=6161]
0x081296f0 JavaThread "ScannerThread" daemon [_thread_blocked, id=6160]
0x08628238 JavaThread "Thread-0" daemon [_thread_blocked, id=6159]
0x6d013be0 JavaThread "DestroyJavaVM" [_thread_blocked, id=6147]
0x6d002ed0 JavaThread "CompilerThread1" daemon [_thread_blocked, id=6156]
0x6d001db8 JavaThread "CompilerThread0" daemon [_thread_blocked, id=6155]
0x080dbde8 JavaThread "AdapterThread" daemon [_thread_blocked, id=6154]
0x080db178 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=6153]
0x080cc928 JavaThread "Finalizer" daemon [_thread_blocked, id=6150]
0x080cb688 JavaThread "Reference Handler" daemon [_thread_blocked, id=6149]
Other Threads:
0x080cabe8 VMThread [id=6148]
0x6d004720 WatcherThread [id=6157]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
def new generation total 24448K, used 24448K [0x6e4c0000, 0x6fcc0000, 0x6fcc0000)
eden space 24320K, 100% used [0x6e4c0000, 0x6fc80000, 0x6fc80000)
from space 128K, 100% used [0x6fca0000, 0x6fcc0000, 0x6fcc0000)
to space 128K, 0% used [0x6fc80000, 0x6fc80000, 0x6fca0000)
tenured generation total 42796K, used 25127K [0x6fcc0000, 0x7268b000, 0xae4c0000)
the space 42796K, 58% used [0x6fcc0000, 0x71549dd0, 0x71549e00, 0x7268b000)
tenured generation total 42796K, used 25127K [0x6fcc0000, 0x7268b000, 0xae4c0000)
the space 42796K, 58% used [0x6fcc0000, 0x71549dd0, 0x71549e00, 0x7268b000)
compacting perm gen total 24832K, used 24633K [0xae4c0000, 0xafd00000, 0xb24c0000)
the space 24832K, 99% used [0xae4c0000, 0xafcce558, 0xafcce600, 0xafd00000)
Dynamic libraries:
00480000-00492000 r-xp 00000000 fd:00 361814 /lib/libnsl-2.3.4.so
00492000-00493000 r-xp 00011000 fd:00 361814 /lib/libnsl-2.3.4.so
00493000-00494000 rwxp 00012000 fd:00 361814 /lib/libnsl-2.3.4.so
00494000-00496000 rwxp 00494000 00:00 0
00a14000-00a2a000 r-xp 00000000 fd:00 360461 /lib/ld-2.3.4.so
00a2a000-00a2b000 r-xp 00015000 fd:00 360461 /lib/ld-2.3.4.so
00a2b000-00a2c000 rwxp 00016000 fd:00 360461 /lib/ld-2.3.4.so
00a2e000-00b54000 r-xp 00000000 fd:00 360463 /lib/tls/libc-2.3.4.so
00b54000-00b56000 r-xp 00125000 fd:00 360463 /lib/tls/libc-2.3.4.so
00b56000-00b58000 rwxp 00127000 fd:00 360463 /lib/tls/libc-2.3.4.so
00b58000-00b5a000 rwxp 00b58000 00:00 0
00b5c000-00b5e000 r-xp 00000000 fd:00 362922 /lib/libdl-2.3.4.so
00b5e000-00b5f000 r-xp 00001000 fd:00 362922 /lib/libdl-2.3.4.so
00b5f000-00b60000 rwxp 00002000 fd:00 362922 /lib/libdl-2.3.4.so
00b62000-00b83000 r-xp 00000000 fd:00 364019 /lib/tls/libm-2.3.4.so
00b83000-00b84000 r-xp 00020000 fd:00 364019 /lib/tls/libm-2.3.4.so
00b84000-00b85000 rwxp 00021000 fd:00 364019 /lib/tls/libm-2.3.4.so
00c68000-00c76000 r-xp 00000000 fd:00 362923 /lib/tls/libpthread-2.3.4.so
00c76000-00c77000 r-xp 0000d000 fd:00 362923 /lib/tls/libpthread-2.3.4.so
00c77000-00c78000 rwxp 0000e000 fd:00 362923 /lib/tls/libpthread-2.3.4.so
00c78000-00c7a000 rwxp 00c78000 00:00 0
00da5000-00dae000 r-xp 00000000 fd:00 364026 /lib/libgcc_s-3.4.6-20060404.so.1
00dae000-00daf000 rwxp 00009000 fd:00 364026 /lib/libgcc_s-3.4.6-20060404.so.1
08048000-08053000 r-xp 00000000 fd:03 327770 /usr/java/j2sdk1.4.2_12/bin/java
08053000-08055000 rwxp 0000a000 fd:03 327770 /usr/java/j2sdk1.4.2_12/bin/java
08055000-0b9ed000 rwxp 08055000 00:00 0
637f8000-637f9000 ---p 637f8000 00:00 0
637f9000-63806000 rwxp 637f9000 00:00 0
63806000-63809000 ---p 63806000 00:00 0
63809000-63879000 rwxp 63809000 00:00 0
63879000-6387a000 ---p 63879000 00:00 0
6387a000-63887000 rwxp 6387a000 00:00 0
63887000-6388a000 ---p 63887000 00:00 0
6388a000-638fa000 rwxp 6388a000 00:00 0
638fa000-638fb000 ---p 638fa000 00:00 0
638fb000-63908000 rwxp 638fb000 00:00 0
63908000-6390b000 rwxp 63908000 00:00 0
6390b000-6397b000 rwxp 6390b000 00:00 0
... same data as above..
VM Arguments:
jvm_args: -Duser.timezone=GMT -Duser.language= -Xmx1024m -Dsun.rmi.dgc.client.gcInterval=86400000 -Dsun.rmi.dgc.server.gcInterval=86400000 -verbose:gc -XX:+PrintGCTimeStamps -XX:+PrintGCDetails -Xloggc:gc.txt -XX:NewSize=24m -XX:MaxNewSize=24m -XX:MaxTenuringThreshold=0 -XX:SurvivorRatio=150 -Djava.awt.headless=true -Dprogram.name=run.sh -XrunpiAgent:server=enabled -XX:+HeapDumpOnOutOfMemoryError -Djava.endorsed.dirs=/home/appian/jboss-4.0.2/lib/endorsed
java_command: org.jboss.Main
Launcher Type: SUN_STANDARD
Environment Variables:
JAVA_HOME=/usr/java/j2sdk1.4.2_12
PATH=/usr/java/j2sdk1.4.2_12/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/appian/bin:/usr/local/apache-ant-1.6.5/bin
LD_LIBRARY_PATH=/usr/java/j2sdk1.4.2_12/jre/lib/i386/server:/usr/java/j2sdk1.4.2_12/jre/lib/i386:/usr/java/j2sdk1.4.2_12/jre/../lib/i386
SHELL=/bin/bash
--------------- S Y S T E M ---------------
OS:Red Hat Enterprise Linux ES release 4 (Nahant Update 5)
uname:Linux 2.6.9-55.ELsmp #1 SMP Fri Apr 20 17:03:35 EDT 2007 i686
libc:glibc 2.3.4 NPTL 2.3.4
rlimit: STACK 10240k, CORE 0k, NPROC 81920, NOFILE 1024, AS infinity
load average:325215078481544067418021531507253339114023570572081208587916205359104.00 131198811606042569760500027299787024097352946895170280943343508464786882673889726356210730355696686997119451320235216116321080642087335108750767273038475800621827641579806615210529115622778654545791307446324043502938668805095862304768.00 0.00
CPU:total 4 family 15, cmov, cx8, fxsr, mmx, sse, sse2
Memory: 4k page, physical 1012k(60k free), swap 511k(511k free)
vm_info: Java HotSpot(TM) Server VM (1.4.2_12-b03) for linux-x86, built on May 9 2006 12:16:45 by unknown with unknown compiler

HI please help me out in reading the following java crash file...If you have any utility please let me know..
we are using JDK1_5_0_12
Platform :- RedHat linux
# An unexpected error has been detected by HotSpot Virtual Machine:
# SIGSEGV (0xb) at pc=0xa3f62910, pid=15435, tid=2039286704
# Java VM: Java HotSpot(TM) Server VM (1.5.0_12-b04 mixed mode)
# Problematic frame:
[error occurred during error reporting, step 60, id 0xb]
--------------- T H R E A D ---------------
Current thread is native thread
siginfo:si_signo=11, si_errno=0, si_code=1, si_addr=0x00000000
Registers:
EAX=0x00000000, EBX=0xa3f9a65c, ECX=0x00000000, EDX=0x00000000
ESP=0x798ca500, EBP=0x798d0a18, ESI=0x00000000, EDI=0xa3f62760
EIP=0xa3f62910, CR2=0x00000000, EFLAGS=0x00010246
Top of Stack: (sp=0x798ca500)
0x798ca500: a3113d88 798cf5dc 000003e8 798d0a04
0x798ca510: 00000005 798cf5e0 00000000 00000000
0x798ca520: 00000000 00000000 00000000 00000000
0x798ca530: 00000000 00000000 00000000 00000000
0x798ca540: 00000000 00000000 00000000 00000000
0x798ca550: 00000000 00000000 00000000 00000000
0x798ca560: 00000000 00000000 00000000 00000000
0x798ca570: 00000000 00000000 00000000 00000000
Instructions: (pc=0xa3f62910)
0xa3f62900: ff 8b 8b 5c 0d 00 00 8b 93 5c 0d 00 00 8b 45 ec
0xa3f62910: 03 02 89 01 c7 45 f4 00 00 00 00 8b 45 f4 3b 45
Stack: [0x796d0000,0x798d1000), sp=0x798ca500, free space=2025k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
[error occurred during error reporting, step 120, id 0xb]
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x0808cf88 JavaThread "RMI ConnectionExpiration-[166.166.253.48:56639]" daemon [_thread_blocked, id=23404]
0x08094550 JavaThread "RMI ConnectionExpiration-[ems3:1099]" daemon [_thread_blocked, id=23402]
0x084093a0 JavaThread "KnEMSPingThread-2" daemon [_thread_blocked, id=16216]
0x08388c78 JavaThread "RMI RenewClean-[166.166.253.48:56639]" daemon [_thread_blocked, id=16210]
0x08387b58 JavaThread "RMI LeaseChecker" daemon [_thread_blocked, id=15493]
0xa1e11ce0 JavaThread "GC Daemon" daemon [_thread_blocked, id=15484]
0xa1e11800 JavaThread "RMI Reaper" [_thread_blocked, id=15483]
0xa2518040 JavaThread "Timer-1" daemon [_thread_blocked, id=15482]
0xa2517c30 JavaThread "RMI TCP Accept-0" daemon [_thread_in_native, id=15481]
0xa1a92858 JavaThread "KnStatisticsDataCollectorThread-1" [_thread_blocked, id=15477]
0xa256e690 JavaThread "DBMGR_CHECK_THREAD" [_thread_blocked, id=15455]
0xa256f050 JavaThread "com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#2" daemon [_thread_blocked, id=15454]
0xa2571700 JavaThread "com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#1" daemon [_thread_blocked, id=15453]
0xa2571a00 JavaThread "com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#0" daemon [_thread_blocked, id=15452]
0x082a9840 JavaThread "Timer-0" daemon [_thread_blocked, id=15451]
0xa4028728 JavaThread "Thread-1" daemon [_thread_blocked, id=15448]
0xa25649a8 JavaThread "Dispatcher-Thread-0" daemon [_thread_blocked, id=15447]
0xa4c0a808 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=15445]
0xa4c09450 JavaThread "CompilerThread1" daemon [_thread_blocked, id=15444]
0xa4c084f8 JavaThread "CompilerThread0" daemon [_thread_blocked, id=15443]
0xa4c07570 JavaThread "AdapterThread" daemon [_thread_blocked, id=15442]
0xa4c066f8 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=15441]
0x080f0798 JavaThread "Finalizer" daemon [_thread_blocked, id=15440]
0x080f02d0 JavaThread "Reference Handler" daemon [_thread_blocked, id=15439]
0x08063c68 JavaThread "main" [_thread_in_native, id=15435]
Other Threads:
0x080eddd8 VMThread [id=15438]
0xa4c0be08 WatcherThread [id=15446]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
def new generation total 6656K, used 174K [0xa51c0000, 0xa58f0000, 0xa5ff0000)
eden space 5952K, 2% used [0xa51c0000, 0xa51eb8e8, 0xa5790000)
from space 704K, 0% used [0xa5790000, 0xa5790000, 0xa5840000)
to space 704K, 0% used [0xa5840000, 0xa5840000, 0xa58f0000)
tenured generation total 58304K, used 2046K [0xa5ff0000, 0xa98e0000, 0xad1c0000)
the space 58304K, 3% used [0xa5ff0000, 0xa61efbf0, 0xa61efc00, 0xa98e0000)
compacting perm gen total 16384K, used 7904K [0xad1c0000, 0xae1c0000, 0xb11c0000)
the space 16384K, 48% used [0xad1c0000, 0xad978340, 0xad978400, 0xae1c0000)
No shared spaces configured.
Dynamic libraries:
08048000-08057000 r-xp 00000000 3a:05 328829 /usr/java/jdk1.5.0_12/bin/java

Ensuring applications use a Security Manager

Is it possible to enable the use of a security manager by default for Java applications?
I understand that I can enable a security manager by using the -Djava.security.manager command-line option to java and javaw. But to utilise that I need to modify all scripts that call java/javaw, and I need to remember to include it when running all future java applications I acquire.
These are the possibilities I've looked at:
1. A configuration file that stores default options to those commands (similar to the ide.cfg in Netbeans). To my knowledge this feature doesn't exist.
2. A configuration file for specifying default system properties (the -D prefix indicates it's a system property to be passed to the VM). Again, to my knowledge such a feature doesn't exist.
3. An option in the ${java.home}/lib/java.security "master security properties file" which forces security managers by default. I couldn't find any such option. In fact, I couldn't find any solid documentation about this master security properties file on the Java web site. (The only information I found was about the JAAS extensions to this file).
Any help will be greatly appreciated.
There are two further options I would like to try, but they are nontrivial.
A. Move to a Unix-based platform where the java/javaw commands are likely to be implemented as shell scripts to which the default options can readily by added. Or if they are not can be seemlessly replaced with a shell script. (I would really like to do this, I've tried to make the switch thrice in the past but have so far encountered difficulties).
B. Build new java.exe and javaw.exe executables that invoke the originals (perhaps renamed to java-unsafe.exe) with the required default options (perhaps even reading the options from a text file a la Netbeans).
Thanks in advance. Hopefully there is something obvious I've overlooked that does this.
P.-S. I notice another poster raised this issue last year, but it received no replies. That post can be found here:
http://forum.java.sun.com/thread.jsp?forum=61&thread=301657

For those following this thread I've managed to make one step towards ensuring that no Java code is run locally without a Security Manager.
It's an OS-level solution protecting against code run by double-clicking a jar file. (Admittedly this is not something I do often, but it's a start).
The OS is Windows 2000 Professional. To add this protection, I performed the following steps.
1. Choose the 'Tools'|'Folder Options...' menu item from within Windows Explorer.
2. Within the 'File Types' tab, select the 'JAR' extension and click 'Advanced'.
3. Click 'New...'.
4. Type something like 'run with manager' in the 'Action' field. Type cmd.exe /c "java.exe -Djava.security.manager -jar "%1" %* & pause.exe" in the other field. Click OK.
5. Ensure that this 'run with manager' action is the default. (I believe that the 'Set Default' button is supposed to do this. It did not do so for me. On my setup the default action was always the action with the earliest alphabetically-listed name.)
sudheesh_j: Do you have any recommendations as to how to contact Sun? Should I post a Feature Request, or is there a list or email address that I should contact?

Report Manager - ER 8530306: NEED USER TO VALUE SECURITY FOR PT EXPANSI

Hi
We are facing the above same gap in implementing report manager. I think it's one of the most common things that reports are run for parent segment GL values to have consolidated reporting in any large organisations. Hence PT(Page/Total) is required in the content set. Yet current Oracle Report Manager security works only when PE (Page/Expand) is used. As a result of this bug, security rule does not work in parent ledgers and it only works with child ledgers.
I was wondering if enabling custom security rule (as per the note 333304.1, How to Apply Custom PL/SQL Based Security with Oracle Report Manager) could resolve the above bug? Thanks.
Regards
Michael
Edited by: Michael Cho on 2/11/2011 21:20
Edited by: Michael Cho on 2/11/2011 21:33

Michael,
Extract from Enhancement Request 8530306 Posting the contents of MOS Docs/ER violates Oracle support agreement policy so please edit the contents of the ER and mentioning the number should be enough.
I was wondering if enabling custom security rule (as per the note 333304.1, How to Apply Custom PL/SQL Based Security with Oracle Report Manager) could resolve the above bug? Thanks.I have not tried this myself but I would suggest you do in a test instance and see if it works for you, or you could log a SR and confirm this with Oracle Support.
Thanks,
Hussein

Confirming method to secure web services through oracle web service manager

Hi All,
I am just wondering about the method to secure web service through oracle web service manager.
I have a unsecure web service "helloworld" which is deployed on JWSDP1.6 toolkit.I want to secure it through oracle web service manager.
Inorder to secure this unsecure web service,I use gateway(web service manager for securing web service using message level security through certificate).
So when client want to access the helloworld service,it contacts the gateway securely and gateway intern connect to original web service after decrypting and verification of the signature.When gateway gets response from the web service,it signs the response message and then encrypt and passs on to the client.
So my question is,is it the right way to secure web service?
As I am getting the following fault exception :
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode "http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode>
<faultstring>Step execution failed with an exception
</faultstring>
<detail></detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I checked the log at :
C:\coresv_install_home\external\oc4j-10.1.2.0.0\j2ee\home\log\http-web-access
but there is no helpful information available.Thanks for any help.
Kash

Hi Rajesh,
Thanks for your reply.I am using the following policy steps:
1)for Request (Decrypt and Verify signature).
2)for Response(Sign Message and Encrypt).
The configuration for Request is shown below:
Pipeline "Request"
Pipeline Steps:
Start Pipeline
Log
Decrypt and Verify Signature
Basic Properties Type Default Value
Enabled (*) boolean true true
XML Decryption Properties Type Default Value
Decryptor''s keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
Decrypt Keystore Type (*) string jks jks
Decryptor''s keystore password string *******
Decryptor''s private-key alias (*) string s1as
Decryptor''s private-key password string *******
Enforce Encryption (*) boolean true true
XML Signature Verification Properties Type Default Value
Verifying Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
Verifying Keystore type (*) string jks jks
Verifying Keystore password string *******
Signer''s public-key alias (*) string xws-security-client
Enforce Signing (*) boolean true true
End Pipeline
And the configuration for Response is shown below:
Pipeline "Response"
Pipeline Steps:
Start Pipeline
Log
Sign Message and Encrypt
Basic Properties Type Default Value
Enabled (*) boolean true true
Signing Properties Type Default Value
Signing Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
Signing Keystore Type (*) string jks jks
Signing Keystore password string *******
Signer''s private-key alias (*) string s1as
Signer''s private-key password string *******
Signed Content (*) string BODY BODY
Sign XPATH Expression string
Sign XML Namespace string[]
Encryption Properties Type Default Value
Encryption Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
Encrypt Keystore Type (*) string jks jks
Encryption Keystore password string *******
Decryptor''s public-key alias (*) string xws-security-client
Encrypted Content (*) string BODY BODY
Encrypt XPATH Expression string
Encrypt XML Namespace string[]
End Pipeline
I checked the log again but nothing useful there,it is just giving the following values:
2006-08-14 16:32:50,372 INFO [Thread-21] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - INSERT INTO MEASUREMENT_PERSISTED_STORE (ID,DEF_ID,CONTEXT_ID,PARENT_CONTEXT_ID,TIME,STORETIME,KEY0,KEY1,KEY2,KEY3,KEY4,KEY5,KEY6,KEY7,KEY8,KEY9,KEY10,KEY11,KEY12,KEY13,KEY14,KEY15,KEY16,KEY17,KEY18,KEY19,KEY20,KEY21,KEY22,KEY23,KEY24,KEY25,KEY26,KEY27,KEY28,KEY29,KEY30,KEY31,KEY32,KEY33,KEY34,KEY35,KEY36,KEY37,KEY38,KEY39,DBM0,MEASUREMENT_STR) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,'R',empty_clob())
2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
Any help would be appreciated.Thanks.
Kash

Deploying ADF application to a managed weblogic server - ADF security error

Hi,
Our group has written an ADF web application, which we are attempting to deploy to a managed weblogic server. Thus far, we have been unsuccessful. The application does successfully deploy to the AdminServer. Our setup:
Weblogic version is 10.3.0. Domain name is adf_domain. We have installed the ADF (ADF version is 11.1.1.0.0), JSTL(1.2.0.1), and JSF(1.2.7.1) runtime libraries, and they are targeted to both the admin server AND the managed server, which is called CollabServer. This server communicates with the node manager and can be started and stopped via the admin console successfully. The AdminServer is on port 7101, and the CollabServer is on port 7104. We are not using SSL.
application.xml:
<?xml version = '1.0' encoding = 'windows-1252'?>
<application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd"
version="5" xmlns="http://java.sun.com/xml/ns/javaee">
<display-name>OracleRetailCollaboration</display-name>
<module>
<web>
<web-uri>orc.war</web-uri>
<context-root>orc</context-root>
</web>
</module>
</application>
weblogic-application.xml (as taken from the ear file):
<?xml version = '1.0' encoding = 'windows-1252'?>
<weblogic-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-application.xsd" xmln
s="http://www.bea.com/ns/weblogic/weblogic-application">
<listener>
<listener-class>oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener</listener-class>
</listener>
<library-ref>
<library-name>adf.oracle.domain</library-name>
</library-ref>
</weblogic-application>
weblogic.xml (as taken from the war file):
<?xml version = '1.0' encoding = 'UTF-8'?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ww
w.bea.com/ns/weblogic/weblogic-web-app http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
<container-descriptor>
<prefer-web-inf-classes>true</prefer-web-inf-classes>
</container-descriptor>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>users</principal-name>
</security-role-assignment>
<library-ref>
<library-name>jstl</library-name>
<specification-version>1.2</specification-version>
</library-ref>
<library-ref>
<library-name>jsf</library-name>
<specification-version>1.2</specification-version>
</library-ref>
</weblogic-web-app>
As I said, there are no deployment errors when we deploy to the admin server. However, we always see the following errors when deploying to the managed server:
java.lang.ClassNotFoundException: oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener
etc.
This error occurs when deploying via the <wldeploy> ant task included with weblogic, and when deploying the application manually via the admin console.
So I removed this from weblogic-application.xml:
<listener>
<listener-class>oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener</listener-class>
</listener>
Which resolved the initial error (I assume there is some sort of bug that causes this workaround to be necessary). The next error is this:
java.lang.ClassNotFoundException: oracle.adf.share.security.authentication.AuthenticationServlet
Again, we don't get this error when deploying to the AdminServer - ONLY the managed server CollabServer.
web.xml:
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
I then added some adf jar files to the ear file, finally get this error message:
java.lang.ClassNotFoundException: oracle.adf.share.jsp.ADFLibUtils
Any ideas on how to resolve this? Thanks.
Edited by: user10451099 on Apr 15, 2009 12:10 PM

Dan,
thanks fro reminding me :-)
Here are the steps we had to take to get a managed WLS to run an adf application without copying any jar in the domain/lib directory:
1. you still have to install the adf runtime to any server you want the adf application to deploy to
2. open the admin console, select the managed server, and select the 'server start' tab in configutation settings.
3. add /u01/bea/patch_wls1030/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/bea/patch_jdev1111/profiles/default/sys_manifest_classpath/weblogic_patch.jar:
/u01/bea/patch_cie660/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/bea/jrockit_160_05/lib/tools.jar:/u01/bea/wlserver_103/server/lib/weblogic_sp.jar:
/u01/bea/wlserver_103/server/lib/weblogic.jar:/u01/bea/modules/features/weblogic.server.modules_10.3.0.0.jar:/u01/bea/wlserver_103/server/lib/webservices.jar:
/u01/bea/modules/org.apache.ant_1.6.5/lib/ant-all.jar:/u01/bea/modules/net.sf.antcontrib_1.0.0.0_1-0b2/lib/ant-contrib.jar:/u01/bea/jdeveloper/modules/features/adf.share_11.1.1.jar:
/u01/bea/wlserver_103/common/eval/pointbase/lib/pbclient57.jar:/u01/bea/wlserver_103/server/lib/xqrl.jar:
/u01/bea/patch_wls1030/profiles/default/sysext_manifest_classpath/weblogic_ext_patch.jar to the classpath edit box you have to change '/u01/bea/' with your bea home. The classpath should be on one line without the CR/LF i put in to make it readable.
4. add -Xms256m -Xmx512m -da -Dplatform.home=/u01/bea/wlserver_103 -Dwls.home=/u01/bea/wlserver_103/server -Dweblogic.home=/u01/bea/wlserver_103/server
-Ddomain.home=/u01/bea/user_projects/domains/naa_qs -Doracle.home=/u01/bea/jdeveloper -Doracle.security.jps.config=/u01/bea/user_projects/domains/naa_qs/config/oracle/jps-config.xml
-Doracle.dms.context=OFF -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.management.discover=false -Dweblogic.management.server=http://localhost:7001
-Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=
-Dweblogic.ext.dirs=/u01/bea/patch_wls1030/profiles/default/sysext_manifest_classpath:/u01/bea/patch_jdev1111/profiles/default/sysext_manifest_classpath:/u01/bea/patch_cie660/profiles/default/sysext_manifest_classpath
-Dweblogic.management.username=weblogic -Dweblogic.management.password=******** -Dweblogic.Name=GESTIS_QS
-Djava.security.policy=/u01/bea/wlserver_103/server/lib/weblogic.policy to the 'Arguments' edit box. As with the calsspath change '/u01/bea' to your bea home and change the domain name (in our case 'naa_qs') to your domain name. change the managementuser and passwort to your needs. As whith the classpath I put some CR/LF into the code section to make it readable.
5. save the changes and restart the server
Essentially all we copied the arguments from the admin server start script in addition to adding the class path.
Timo

Securing web services with Sun Access Manager

Hi!
I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
My questions are:
1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
2) Are there any documentation/tutorials/etc?
Thanks in advance :-)
Anders

what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
So.. having said that. here's what I'd recommend.
1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
2. configure it to use your access manager instance for authentication.
3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
4. voila... your webservices are not "protected" by acces manager ;-)

Network security:LAN manager authentication level setting on GPO

Hi,
We have a requirement from project team to change the one of the security setting on default domain policy for all computers in domain. Below are the security setting which we need to modify.
computer configuration-->windows settings-->security settings-->local policies-->security options-->
Network security: LAN manager authentication level
this setting need to be changed to - Send LM & NTLM - use NTLMv2 session security if negotiated.
The project team facing issue with Apache web server and they found the solution on below link.(we have tested this by changing local group policy and this solution works as expected)
https://www.sysaid.com/Sysforums/posts/list/9065.page
We need to know what is the impact after enabling this on domain computers.
Need help on this to go-head on this.

Hi,
you have a weaker domain security overall. "
LM Hash Generation
The algorithm introduces several weaknesses that attackers can exploit. First, all lowercase characters are set to uppercase, reducing the number of possible characters. Second, it splits a long, strong, password into two seven-character chunks.
Both the LM and NTLM protocols operate essentially the same way; the only difference is the password hash.
REF: The Most Misunderstood Windows Security Setting of All Time
This post is provided AS IS with no warranties or guarantees, and confers no rights.
~~~
Questo post non fornisce garanzie e non conferisce diritti

Security manager enabled w/o -Djava.security.manager

Similar Messages

Maybe you are looking for