Server.policy file

Similar Messages

• Losing server.policy settings

  Hi,
  I am using Sun ONE 8.1 EE on Solaris.
  My application needs an entry in config/server.policy (a secuirty provider is available). Once added the application works.
  However, stopping and starting the instance will lose the change and go back to the origianl one.
  Any ideas how to deal with this?
  Thanks
  Rakesh

  You have to change server.policy in the DAS (Domain Admin Server) configuation directory and then restart the instances. For example, if your domain is called "domain1" and it is in the directory /var/opt/SUNWappserver/domains, then you should make changes to /var/opt/SUNWappserver/domains/domain1/config/server.policy file
  From 8.1 EE, configuration for all instances is stored in the DAS. At every restart, instances get the latest configuration from DAS and cache it. Making any changes to the configuration files stored in the cache does not help because it is overwritten by the files in DAS the next time instance is restarted.
  For a graphical explanation of this, see figure 4-1 at http://docs.sun.com/source/819-0215/nodeagent.html

• How to install unlimited strength policy files with 2003 windows server

  Hi all,
  I am working on encryption AES 256 bit key encryption.
  128 is default encryption key.But for use 256 bit encryption key need to add unlimited strength policy file with jdk.
  That is working fine on windows xp.
  Now problem
  But when i run on client machine with operating system windows 2003 server standard.
  I replaced all files under folder Java\jdk1.6.0_10\jre\lib\security with files which i am using on windows XP.
  Restarted the computer after update files but on windows server 2003 256 bit key encryption not working.
  Giving following exception
  java.security.InvalidKeyException: Illegal key size or default parameters
       javax.crypto.Cipher.a(DashoA13*..)
       javax.crypto.Cipher.a(DashoA13*..)
       javax.crypto.Cipher.a(DashoA13*..)
       javax.crypto.Cipher.init(DashoA13*..)
       javax.crypto.Cipher.init(DashoA13*..)
  Please suggest me how to run encryption on windows server 2003..
  Thanks
  Anu

  anu1106 wrote:
  I replaced all files under folder Java\jdk1.6.0_10\jre\lib\security with files which i am using on windows XP.Why? Why not just install the unlimited strength files in the normal way according to the installation instructions given in the distribution file?

• Associating policy files with license server

  [ Problem ]
  I’m going through the sample and documentation for FA 2.0.  It mentions that whenever a policy is created/updated that the license server has to be informed.  In the reference implementation, there are the model usage policy samples that I see being loaded.  In the non-refimpl of flash access, how does the license server load/know about the policies available?  I looked at the sample flashaccess-tenant.xml, I didn’t see any section where policy files are configured.  Would it have to be done outside of the app?
  [ Solution ]
  If you update a policy after it was used to package content, and you want the new policy to be used when the user requests a license for that content, the license server needs access to the latest version of the policy. 
  In the Reference Implementation, there are two modes demonstrating possible business logic implementations (but of course, you may choose a different approach in your implementation).  The typical workflow for the Reference Implementation is that it will use the policy that was embedded at packaging time to generate the license.  If more than one policy was embedded, it will try each one in order until it is able to successfully generate a license (for example, if the first policy requires authentication and the user did not authenticate, the server will try the second policy in the list.  If the second policy allows anonymous access (possibly with more restrictions), it will generate a license using that policy.  The Reference Implementation supports updating policies through a Policy Update List.  The Policy Update List would be generated when a policy is updated, and contains the latest version of any policy that has changed.  If you point the server to a Policy Update List in flashacccess-refimpl.properties, the Reference Implementation server will automatically check this list for updates any time it issues a license.  Alternatively, if you had an implementation that stores all your policies in a database, you could implement your server to check the database for an updated policy before issuing a license.
  As you mentioned, there is another mode which demonstrates four different usage models and uses policy files stored on the server to determine what the license will look like.  In this "demo" mode, the server only looks at the policies used at packaging time to determine if anonymous access is allowed or if authentication is required.  The rest of the attributes used to generate the license come from one of the four policy files configured on the server (see the "Implementing the usage models" section of Protecting Content for more details). 
  The License Server for Protected Streaming addresses a slightly different use case (see Flash Access Server Deployment Guide for details).  Here, we expect the minimum policy information to be specified at packaging time, and the license server determines the actual usage rules for generating the license.  In the PolicyOverrides section of flashaccess-tenant.xml, you specify the usage rules (license caching, output protection, etc.).  The license server ignores the policy embedded during packaging and only uses the attributes in the tenant configuration file.  If you want to update the usage rules, you simple modify the tenant configuration file -- in this case there is no separate policy file.

  anu1106 wrote:
  I replaced all files under folder Java\jdk1.6.0_10\jre\lib\security with files which i am using on windows XP.Why? Why not just install the unlimited strength files in the normal way according to the installation instructions given in the distribution file?

• Problem fetching policy-file-request

  According to
  http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_print.html
  quote:
  * A SWF file may no longer make a socket connection to its
  own domain without a socket policy file. Prior to version
  9,0,115,0, a SWF file was permitted to make socket connections to
  ports 1024 or greater in its own domain without a policy file.
  * HTTP policy files may no longer be used to authorize
  socket connections. Prior to version 9,0,115,0, an HTTP policy
  file, served from the master location of /crossdomain.xml on port
  80, could be used to authorize a socket connection to any port 1024
  or greater on the same host.
  So with the tighter security measures, a policy file has to
  be fetched on port 843 or on the same port on which a connection is
  desired. That leads to another problem. The policy file request
  made by the player has a simple format: clear text
  <policy-file-request/> is sent as raw data bytes on
  the ports.
  As most firewalls block such raw data traffic (of unknown
  protocols) on all the ports, this means that the policy file fetch
  will fail almost always if the user is behind any firewall.
  This will render all SWFs, that do not use well known ports,
  unusable. Does anyone know what is the solution to this
  problem? Or am I missing something here?

  Common guys, someone has to know what to do here.
  I have read all that I can read and tried all that I could
  and the flash app is not accepting my policy file.

• How to use a custum permission in the .policy file

  Hi,
  I am stuck with the problem of having a custum permission that extands java.security.BasicPermission.
  I really want this permission to be checked from my .policy file, but when I try to include its location : c:\java_project\server\SpecialPolicy.class
  it pops a message that file is not found. I have tried dots, different slashes (back and forward) and still have no luck. I need this custum permission to be checked so that I can allow special access from a certain codebase so that say if I try a dangerous method I can just simply check in the code;
  this.getSecurityManager.checkPermission(new SpecialPermission("lol"));
  Also I need a paramater option, but I cant think of any since its not a FilePermission that takes a name and attributes (read, write..) what does BasicPermission take and if I extend it what attribute should I pass in. I dont really care about how this permission works, i just use it to restrict access to a certain functions in code that are ran from specific codeBAse.
  Please dont ask why I need this :)
  Thanks in advance, the documentation on how to add custum policies is simply NOT THERE. thus I have to bug people around.

  Hi
  If you just have to add another permission it is easy.
  Create a class extending the BasicPermission. Have an entry into
  the policy file like
  grant <Principal> {
  permission <CumstomPermission> "lol"
  }that should be all. If you do have a specific Principal, please
  do not forget to add the Principal to the relevant Subject after login.
  cheers
  Projyal

• Java.lang.SecurityException: Jurisdiction policy files are not signed by t

  Hi
  *I am installing ECC6 onAIX 6.1 with oarcle 10g.*
  *I am getting error in create secure store*
  *Policy and security files are ok,*
  aused by: java.lang.ExceptionInInitializerError
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
          at javax.crypto.Cipher.a(Unknown Source)
          at javax.crypto.Cipher.getInstance(Unknown Source)
          at iaik.security.provider.IAIK.a(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
          at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
          at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
          ... 6 more
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
          at javax.crypto.b.<clinit>(Unknown Source)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          ... 17 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.access$600(Unknown Source)
          at javax.crypto.b$0.run(Unknown Source)
          at java.security.AccessController.doPrivileged(AccessController.java:246)
          ... 20 more
  ERROR      2009-07-07 14:10:47.063
             CJSlibModule::writeError_impl()
  CJS-30050  Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
  SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  java.lang.reflect.InvocationTargetException
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
          at java.lang.reflect.Method.invoke(Method.java:391)
          at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
  Caused by: java.lang.ExceptionInInitializerError
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
          at javax.crypto.Cipher.a(Unknown Source)
          at javax.crypto.Cipher.getInstance(Unknown Source)
          at iaik.security.provider.IAIK.a(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
          at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
          at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
          ... 6 more
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
          at javax.crypto.b.<clinit>(Unknown Source)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          ... 17 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.access$600(Unknown Source)
          at javax.crypto.b$0.run(Unknown Source)
          at java.security.AccessController.doPrivileged(AccessController.java:246)
          ... 20 more.
  ERROR      2009-07-07 14:10:47.547 [sixxcstepexecute.cpp:960]
  FCO-00011  The step createSecureStore with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR ( Last error reported by the step :Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
  SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  java.lang.reflect.InvocationTargetException
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
          at java.lang.reflect.Method.invoke(Method.java:391)
          at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
  Caused by: java.lang.ExceptionInInitializerError
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
          at javax.crypto.Cipher.a(Unknown Source)
          at javax.crypto.Cipher.getInstance(Unknown Source)
          at iaik.security.provider.IAIK.a(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
          at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
          at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
          ... 6 more
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
          at javax.crypto.b.<clinit>(Unknown Source)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          ... 17 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.access$600(Unknown Source)
          at javax.crypto.b$0.run(Unknown Source)
          at java.security.AccessController.doPrivileged(AccessController.java:246)
          ... 20 more.).
  what could be the problem ?
  Please give me the soluation
  regards
  Vijay

  Dear Juan
  You are correct.
  I downloaded correct file from IBM site , and Create Secure store step completed but innext step IMPORT JAVA DUMP
  it gave error
  n error occurred while processing service SAP ERP 6.0 Support Release 3 > SAP Systems > Oracle > Central System > Central System( Last error reported by the step : Execution of JLoad tool '/usr/java14_64/bin/java -classpath /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/launcher.jar -showversion -Xmx512m -Xj9 com.sap.engine.offline.OfflineToolStart com.sap.inst.jload.Jload /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/lib/iaik_jce.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/jload.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/antlr.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/exception.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/jddi.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/logging.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/offlineconfiguration.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/opensqlsta.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/tc_sec_secstorefs.jar:/oracle/client/10x_64/instantclient/ojdbc14.jar -sec AGQ,jdbc/pool/AGQ,/usr/sap/AGQ/SYS/global/security/data/SecStore.properties,/usr/sap/AGQ/SYS/global/security/data/SecStore.key -dataDir /swdump/NW7.0_SR3_JAVA_COMP_51033513/DATA_UNITS/JAVA_EXPORT_JDMP -job /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/IMPORT.XML -log jload.log' aborts with return code 1. SOLUTION: Check 'jload.log' and '/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/jload.java.log' for more information.
  regards
  vijjay

• Load XML file from addon domain without cross-domain Policy file

  Hello.
  Assuming that there are two addon domains on the same server: /public_html/domain1.com       and      /public_html/domain2.com
  I try to load XML file from domain2.com into domain1.com without using cross-domain policy file (since it doesn’t work on xml files in my case).
  So the idea is to use php file in order to load XML and read it back to flash.
  I’ve found an interesting scripts that seems to do the job but unfortunately I can't get it to work. In my opinion there is somewhere problem with AS3 part. Please take a look.
  Here are the AS3/PHP scripts:
  AS3 (.swf in www.domain1.com):
  // location of the xml that you would like to load, full http address
  var xmlLoc:String = "http://www.domain2.com/MyFile.xml";
  // location of the php xml grabber file, in relation to the .swf
  var phpLoc:String = "loadXML.php";
  var xml:XML;
  var loader:URLLoader = new URLLoader();
  var request:URLRequest = new URLRequest(phpLoc+"?location="+escape(xmlLoc) );
  loader.addEventListener(Event.COMPLETE, onXMLLoaded);
  loader.addEventListener(IOErrorEvent.IO_ERROR, onIOErrorHandler);
  loader.load(request);
  function onIOErrorHandler(e:IOErrorEvent):void {
      trace("There was an error with the xml file "+e);
  function onXMLLoaded(e:Event):void {
      trace("the rss feed has been loaded");
      xml = new XML(loader.data);
      // set to string, since it is passed back from php as an object
      xml = XML(xml.toString());
      xml_txt.text = xml;
  PHP (loadXML.php in www.domain1.com):
  <?php
  header("Content-type: text/xml");
  $location = "";
  if(isset($_GET["location"])) {
      $location = $_GET["location"];
      $location = urldecode($location);
  $xml_string = getData($location);
  // pass the url encoded vars back to Flash
  echo $xml_string;
  //cURLs a URL and returns it
  function getData($query) {
      // create curl resource
      $ch = curl_init();
      // cURL url
      curl_setopt($ch, CURLOPT_URL, $query);
      //Set some necessary params for using CURL
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     //Execute the curl function, and decode the returned JSON data
      $result = curl_exec($ch);
      return $result;
      // close curl resource to free up system resources
      curl_close($ch);
  ?>

  I think you might be right about permissions/settings on the server for php. Unfortunately I'm not allowed to adjust them.
  So I wrote my own script - this time I used file path instead of http address of the XML file.  It works fine in my case.
  Here it is:
  XML file on domain2.com:
  <?xml version="1.0" encoding="UTF-8"?>
  <gallery>
      <image imagePath="galleries/gallery_1/images/1.jpg" thumbPath="galleries/gallery_1/thumbs/1.jpg" file_name= "1"> </image>
      <image imagePath="galleries/gallery_1/images/2.jpg" thumbPath="galleries/gallery_1/thumbs/2.jpg" file_name= "2"> </image>
      <image imagePath="galleries/gallery_1/images/3.jpg" thumbPath="galleries/gallery_1/thumbs/3.jpg" file_name= "3"> </image>
  </gallery>
  swf  on domain1.com:
  var imagesXML:XML;
  var variables:URLVariables = new URLVariables();
  var varURL:URLRequest = new URLRequest("MyPHPfile.php");
  varURL.method = URLRequestMethod.POST;
  varURL.data = variables;
  var MyLoader:URLLoader = new URLLoader;
  MyLoader.dataFormat =URLLoaderDataFormat.VARIABLES;
  MyLoader.addEventListener(Event.COMPLETE, XMLDone);
  MyLoader.load(varURL);
  function XMLDone(event:Event):void {
      var imported_XML:Object = event.target.data.imported_XML;
      imagesXML = new XML(imported_XML);
     MyTextfield_1.text = imagesXML;
     MyTextfield_2.text = imagesXML.image[0].attribute("thumbPath");  // sample reference to attribute "thumbPath" of the first element
  php file on domain1.com:
  <?php
  $xml_file = simplexml_load_file('../../domain2.com/galleries/gallery_1/MyXMLfile.xml');  // directory to XML file on the same server
  $imported_XML = $xml_file->asXML();
  print "imported_XML=" . $imported_XML;
  ?>
  Regards
  PS: for those who read the above discussion: the first and the second script work but you must test which one is better in your situation. The first script will also work between two domains on different servers. No cross domain policy file needed.

• How to assign special FilePermission in a policy file

  Hi,
  I'm using jaas 1.0 with JDK1.3.
  I want a user to be able to specify a file (a password file : login-password) and to be able to access it before being authenticated. (and so without any permissions to access it)
  I'd like to assign FilePermission not for a file in particulary but for files with an extension in particular (*.pwd in my example). How can I do it in a policy file ?
  Check my code :
  I am in the e:/dvpl directory.
  if I specify that the file must be passwd2.pwd, that's ok, that works, but
  if I want to give read permissions for all the files in conf/ or just for *.pwd, that doesn't work.
  How can I do ?
    //permission java.io.FilePermission "e:/dvpl/conf/passwd2.pwd", "read";
    permission java.io.FilePermission "./conf/-", "read";
    permission java.io.FilePermission "e:/dvpl/conf/-", "read";
    permission java.io.FilePermission "e:/dvpl/conf/*.pwd", "read";Thanks for any help.
  Yann P.
  JOnAS The EJB Server
  http://www.objectweb.org/jonas/index.html

  if you want to give read permissions for all the files in conf:
  permission java.io.FilePermission "\\dvp\\conf\\-","read";
  Hope this help!

• XMLSocket "Failed to load policy file" error

  I am trying to use an XMLSocket.swf file, and it is not connecting.  Do I need to open up a port on my server?  I am trying to run this on a dedicated remote Windows 2008 server.
  Here is the error from FlashFirebug:
       OK: Root-level SWF loaded: file:///C|/Users/vcaadmin/AppData/Roaming/Mozilla/Firefox/Profiles/70vbx4ys.default/exten sions/flashfirebug%40o%2Dminds.com/chrome/content/flashfirebug.swf
      OK: Root-level SWF loaded: http://speak-tome.com/flash/XMLSocket.swf
      OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at xmlsocket://speak-tome.com:9997 by requestor from http://speak-tome.com/flash/XMLSocket.swf
      Error: Failed to load policy file from xmlsocket://speak-tome.com:9997
      Error: Request for resource at xmlsocket://speak-tome.com:9997 by requestor from http://speak-tome.com/flash/XMLSocket.swf has failed because the server cannot be reached.
  My crossdomain.xml is saved to the root of the web directory and looks like:
      <?xml version="1.0"?>
      <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
      <cross-domain-policy>
      <site-control permitted-cross-domain-policies="master-only"/>
      <allow-access-from domain="*"/>
      <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
      </cross-domain-policy>
  I notice that both ports 843 and 9997 are closed for my domain (speak-tome.com - 72.167.253.16) when I check using a service such as yougetsignal.com/tools/open-ports.  Do I need to get these ports open to get the policy file to work?

  As a test, I uploaded my Flash/Gaia site into an existing site on my old host.  And although the site actually works in this setting, when I run things in the FlashPlayerDebugger, I'm still getting Security Sandbox Violations - so (as adninjastrator suggested in earlier post), this may have nothing to do with the DNS changes - but perhaps with my setting things up wrong somewhere so that the Flashplayer is trying to access my local computer - maybe??
  Debugger logs gives me this:
  Error: Failed to load policy file from xmlsocket://127.0.0.1:5800
  Error: Request for resource at xmlsocket://127.0.0.1:5800 by requestor from http://recreationofthegods.com/bin/main.swf has failed because the server cannot be reached.
  *** Security Sandbox Violation ***
  So, I've now uploaded the identical bin (which contains all the files for my site) - but I'm getting different behaviors on the two hosts.
  On the new holistic servers, the site won't go past the first page:  www.yourgods.com
  On the 1&1 servers, I still get runtime errors in FlashPlayerDebugger - but the site runs ok - http://www.RecreationOfTheGods.com/bin/index.html
  Posting those links in hopes someone with more experience in these sandbox issues can help steer me in the right direction.

• How to resolve problems in policy file of signed Applet

  Hi to All,
  I want to connect the web site through my Signed Applet which is working as a Proxy server. but i m facing certain problems in my policy file:
  this is my policy file :-
  grant {
  permission java.security.AllPermission "", "";
  permission java.net.SocketPermission "http://www.google.com:4321", "connect, accept,resolve";
  permission java.security.UnresolvedPermission;
  n i got such type of exceptions n my Applet prompt applet not initialized.
  Got connection Socket[addr=/192.168.1.232,port=1200,localport=4321]
  Reading request...
  URI is: http://www.google.com/
  Host to contact is: www.google.com at port 80
  Got request...
  java.security.AccessControlException: access denied (java.net.SocketPermission www.google.com resolve)
  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
  at java.security.AccessController.checkPermission(AccessController.java:427)
  at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
  at java.lang.SecurityManager.checkConnect(SecurityManager.java:1031)
  at java.net.InetAddress.getAllByName0(InetAddress.java:1117)
  at java.net.InetAddress.getAllByName0(InetAddress.java:1098)
  at java.net.InetAddress.getAllByName(InetAddress.java:1061)
  at java.net.InetAddress.getByName(InetAddress.java:958)
  at java.net.InetSocketAddress.<init>(InetSocketAddress.java:124)
  at java.net.Socket.<init>(Socket.java:179)
  at ProxyApplet.handle(ProxyApplet.java:75)
  at ProxyApplet.<init>(ProxyApplet.java:132)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
  at java.lang.Class.newInstance0(Class.java:350)
  at java.lang.Class.newInstance(Class.java:303)
  at sun.applet.AppletPanel.createApplet(AppletPanel.java:721)
  at sun.applet.AppletPanel.runLoader(AppletPanel.java:650)
  at sun.applet.AppletPanel.run(AppletPanel.java:324)
  at java.lang.Thread.run(Thread.java:595)
  here 4321 is Port no. which i've as a random port no.
  plz Help
  thnx in advance
  with regards
  pank_naini

  Please, if you can't help me, could you tell me who can I contact ?

• Override JCE default (limited strength) jurisdiction policy files

  Hi!
  I am writing an applet, which has to decrypt encrpyted file with some simetric algorithm, e.g. PBEWithMD5AndTripleDes. Due llimitations of key lengths in default (limited strength) jurisdiction policy files for JCE I cannot use for example TripleDES with 168 bit key or. Blowfish with 400 bit key.
  I know I can obtain Unlimited version of these files from java.sun.com and replace this files in JDK/JRE installation directory. That's ok for us at server side, but disaster at client (applet) side, because we must modify installation of JRE on every computer where user want to use applet and update it every time when JRE is being updated.
  So me question is: is there any way to distribute unlimited jurisdiction files with an applet (I know how to include *.jar files) and make it work? For example via endorsed mechanism, setting some security property, reloading JCE?
  Thanks for help!

  You can't override them. Since the restriction apply only to the JCE, your best bet is to use the lightweight API from Bouncy Castle which does not use the JCE.

• Replace the JCE Unlimited Strength Jurisdiction Policy files - SAP JVM 5

  Hi Experts,
  I had a NetWeaver 7.1 system with SAP JVM 5. I tried to run a cryptography software on the system, but the current JCE Unlimited Strength Jurisdiction Policy files of the JVM limited encryption algorithms and key lengths.
  I downloaded the jce_policy-1_5_0.zip file from the Sun website, unzipped it, replaced the old policy files (sapjvm_5/jre/lib/security/local_policy.jar and sapjvm_5/jre/lib/security/US_export_policy.jar) with the new ones, then restarted the server. But, after the server was restarted, the new policy files were deleted and the old ones were restored.
  Could you tell me what should I do to apply the new policy files?
  Thanks in advance.
  Victor

  Issue Resolved..with help of OSS note :739043
  EP 6.0 SP15.... I had same issue for Portal prodution:
  I had  copied new files (local_policy.jar and US_export_policy.jar) in directory /opt/java1.4/jre/lib/security
  Jun 16  2003 local_policy.jar
  -rw-rr   1 root       sys           4355 Jun 16  2003 US_export_policy.jar
  -rw-rr   1 root       sys           2910 Aug  2  2007 local_policy.1.jar
  -rw-rr   1 root       sys           2429 Aug  2  2007 US_export_policy.1.jar
  -rrr--   1 bin        bin           2910 Dec 12 10:14 local_policy.2.jar
  -rrr--   1 bin        bin           2429 Dec 12 10:14 US_export_policy.2.jar
  -rrr--   1 bin        bin           2223 Dec 12 10:25 java.policy
  -rrr--   1 bin        bin           6871 Dec 12 10:25 java.security
  -rrr--   1 bin        bin          41278 Dec 12 10:25 cacerts
  Thanks,
  Hari

• Problem with granting permissions in the security policy file

  Hi,
  I have a security policy file. I am granting permissions to some files. Now even if I have given permissions explicitly it doesnt taking it and gives error. My code snippet is as follows:
  grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-ws4ee.sar/-"{
       permission java.security.AllPermission;
  The stack-trace for the same is as follows:
  11:09:49,518 ERROR [MainDeployer] Could not initialise deployment: file:/C:/Java/jboss-4.0.2/server/all/deploy/jboss-ws4ee.sar/jboss-ws4ee.war
  java.security.AccessControlException: access denied (java.io.FilePermission C:\Java\jboss-4.0.2\server\all\tmp\deploy\tmp17221jboss-ws4ee.war read)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
       at java.security.AccessController.checkPermission(AccessController.java:401)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
       at java.lang.SecurityManager.checkRead(SecurityManager.java:863)
       at java.io.File.lastModified(File.java:771)
       at org.jboss.deployment.MainDeployer.init(MainDeployer.java:866)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:765)
       at org.jboss.deployment.MainDeployer.addDeployer(MainDeployer.java:360)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:121)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
       at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy37.addDeployer(Unknown Source)
       at org.jboss.deployment.SubDeployerSupport.startService(SubDeployerSupport.java:111)
       at org.jboss.web.AbstractWebContainer.startService(AbstractWebContainer.java:600)
       at org.jboss.web.tomcat.tc5.Tomcat5.startService(Tomcat5.java:409)
       at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:272)
       at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:222)
       at sun.reflect.GeneratedMethodAccessor11.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:897)
       at $Proxy0.start(Unknown Source)
       at org.jboss.system.ServiceController.start(ServiceController.java:418)
       at org.jboss.system.ServiceController.start(ServiceController.java:440)
       at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy4.start(Unknown Source)
       at org.jboss.deployment.SARDeployer.start(SARDeployer.java:273)
       at org.jboss.deployment.MainDeployer.start(MainDeployer.java:964)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:775)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:738)
       at sun.reflect.GeneratedMethodAccessor19.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:121)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
       at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy8.deploy(Unknown Source)
       at org.jboss.deployment.scanner.URLDeploymentScanner.deploy
  Here I am giving all permission which in turn encapsulate FilePermission also. So this should work. But why it is bypassing this permission?
  Any clues?!
  Thanks.
  Jahnvi

  grant codeBase
  "file:${jboss.server.home.dir}/deploy/jboss-ws4ee.sar/-"{That's not a codebase, it's a specification for a FilePermission. A codebase is a list of one or more directories or JAR files expressed as URLs.

• Fault policy files in MDS repository is not working..

  Hi All,
  I have created my fault policy and fault bindings file and tested in my local project. It worked fine.
  To make it available in MDS,
  I added the files under JDeveloperHome/jdeveloper/integration/seed/apps/faulthandling
  I deployed this MDS repository to my server by the below method.
  I created a new generic application, then a generic project, to which I added a new Deployment Profile of type JAR file.
  To the JAR file, I added my folder in which the policy files exist. I created a SOA bundle from the ‘Applications’
  Then I deployed the project to my server finally.
  For all these things I refferred to
  http://www.orafmwschool.com/soa-11g-mds/
  Now in my adf-config.xml I have made changes as follows.
  <metadata-store-usage id="mstore-usage_2">
  <metadata-store class-name="oracle.mds.persistence.stores.file.FileMetadataStore">
  <property value="D:\StudyForInstalling\SOA11gHome\jdeveloper\integration" name="metadata-path"/>
  <property value="seed" name="partition-name"/>
  </metadata-store>
  </metadata-store-usage>
  Then in my composite.xml I have,
  <property name="oracle.composite.faultPolicyFile">oramds:/apps/faulthandling/fault-policies.xml</property>
  <property name="oracle.composite.faultBindingFile">oramds:/apps/faulthandling/fault-bindings.xml</property>
  I hav shutdown the partnerlink service.
  Now, I can see remote exception while executing. My fault policy files are not executing.
  In the same apps/ I have my PurchaseOrder.xsd file. When I tried importing the schema to my project from the mds, it is working fine.
  I used like this in my wsdl.
  <import namespace="http://www.order.org" schemaLocation="oramds:/apps/faulthandling/PurchaseOrder.xsd" />
  Why is my faultpolicy file not working?
  Kindly help me
  Thanks,
  Sabarisri .N

  I am not sure if we can use oramds references as properties values in composite.xml. Did you try with preferences ??