Tomcat50-jwsdp Security Manager and RMI
I need to know how to configure the Tomcat 5.0 security manager to run RMI applications.
I'm building a jax-rpc application that uses RMI to access a back-end process.
I cannot run RMI because no security manager is running:
java.rmi.RemoteException: java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
java.lang.ClassNotFoundException: wxservice.remote.WebService$Listener (no security manager: RMI class loader disabled); nested exception is:
java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is:
java.lang.ClassNotFoundException: wxservice.remote.WebService$Listener (no security manager: RMI class loader disabled)However, when I try to enable security using the command
C:\tomcat50-jwsdp\bin\catalina.bat run -securityI get the following exception:
java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.commons.launcher.waitForChild read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:627)
at org.apache.commons.launcher.ChildMain.run(ChildMain.java:199)Any help would be sincerely appreciated.
First of all, you don't have to use RMISecurityManager as the security manager at all. It's a legacy class from Java 1.1. times that the RMI tutorials continue to refer to, see this thread:
http://forum.java.sun.com/thread.jsp?forum=58&thread=161874
Secondly, it is tricky but Java 2 allows a security manager to be set more than once -- it all depends on whether the currently installed manager allows to be replaced [RuntimePermission("setSecurityManager") permission].
Finally, if you expect that the user will define a security policy through command line, all you have to do is code something like this:
if (System.getSecurityManager() == null)
System.setSecurityManager(your_security_manager);to set yours only when nothing was set on the command line.
Vlad.
Similar Messages
-
I am developping an application that uses RMI.
So in the code i must declare the RMISecurityManager as the security manager. But if the user specify the standard security manager on the command line it dont works.
I understand why, because my question is :
How the user can ensure that my application is safe if he cannot specify the basic security manager on the comnd line ( -Djava.security.manager ) ?
tomFirst of all, you don't have to use RMISecurityManager as the security manager at all. It's a legacy class from Java 1.1. times that the RMI tutorials continue to refer to, see this thread:
http://forum.java.sun.com/thread.jsp?forum=58&thread=161874
Secondly, it is tricky but Java 2 allows a security manager to be set more than once -- it all depends on whether the currently installed manager allows to be replaced [RuntimePermission("setSecurityManager") permission].
Finally, if you expect that the user will define a security policy through command line, all you have to do is code something like this:
if (System.getSecurityManager() == null)
System.setSecurityManager(your_security_manager);to set yours only when nothing was set on the command line.
Vlad. -
OWSM Vs OSB: Security, Management and Monitoring
Has anyone done a comparison of the Security, Management and Monitoring capabilities of OSB 10gR3 and OWSM?
I think both of them have a place in the architecture, but I am looking for pointers on the overlapping capabilities in terms of security and service monitoring. When is one preferred over the other with pros and cons.
Thanks,
-JIn short OSB you configure process by process. OWSM is a layer you can put across your whole enterprise.
Other than that the functionality is very similar.
cheers
James -
Security Manager and Policy Files
Hi all,
I am writing a simple java rmi application, but understand it wont run without a Security Manager installed and a policy file.
I think I have installed the security manger using the following in the main() method of my client application:
System.setSecurityManager(new RMISecurityManager());However I am unsure how to use a policy file with this. I have looked on the internet, but it does not seem to be very well documented
Please could you advise me how to create a policy file that will work for my application and where to place it in my application so that my application can use it.
Any help would be greatfuly appreciated
Thanx
AaronAn RMI application doesn't need a security manager unless you are using the codebase feature.
-
Cisco Security Manager and User-aware firewall rules
Hello !
I have a firewall ASA which is managed with CSM and I try to create some user-aware rules. To do this, I need to match CSM with an Active Directory server.
I added an AAA server group matching my Active Directory server in the Identity Setting menu from Security Manager Administration and when i click on "Test", I obtain the error message "Unsuccessful Bind prevented to fetch data, please reconfigure AAA server".
What can I do to solve this problem ?
Thank you !
StephaneYou can contact your local AM to get an evaluations version, this is related to the new 'restricted' downloaded access on CCO. You need to have a service contract assocaited for that 'specific' product to download software (I know it does not make sense in case of an evaluation).
And you also have the following alternate:
Note:
This download does not include CiscoWorks Resource Manager Essentials (RME). For customers that wish to also evaluate CiscoWorks RME or that prefer a media format rather than a large download, an evaluation DVD can be ordered from Cisco Marketplace. At http://www.cisco.com/pcgi-bin/marketplace/welcome.pl, navigate to the Collateral and Subscriptions Store and search for part number EVAL-CSMGR-4.0.
Regards
Farrukh -
HP Protect Tools Security Manager and Windows 7
I need assistances for my HP ProBook 4440s. There is no HP Protect tools security manager in installed in the system.I also want to install figer print security system.Kindly assist where necessary,
Thanks,
k.dineyshYou need to contact HP Technical Support since the fingerprint reader is part of their hardware configuration and HP would be the source for support of the fingerprint reader.
The HP Support website is found @
http://www8.hp.com/us/en/contact-hp/contact.html
There is also an HP Consumer Support forum @
http://h30434.www3.hp.com/psg/
There is even a dedicated thread for your problem found @
http://h30434.www3.hp.com/t5/Other-Notebook-PC-Questions/HP-Probook-4530s-fingerprint-reader-not-working/m-p/1372895#M40259
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” -
HP ProtectTools Security Manager and Windows 10
I am going to be updating to Windows 10, howevver it is saying that the HP ProtectTools Security Manager is not compatible with Windows 10. 2 questions I have. The first is: Is there going to be a replacement for these tools for Windows 10?Second is: How do I uninstall the tools so that I can proceed, properly?
Indeed! These instructions are useful but there is a newer version of Client Security Manager http://h20564.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_141863_1 Just to inform others users, HP protect tools security Manager has been rebranded to Client Security Manager. So it's the same software, they just change the name and the logo
-
Rmi with security manager not working in netbeans
Hello i'm trying to use rmi but get the error java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve) when i run it in netbeans. here is my code
public static void main(String[] args) {
if (System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
try {
String name = "Compute";
Compute engine = new ComputeEngine();
Compute stub =
(Compute) UnicastRemoteObject.exportObject(engine, 0);
Registry registry = LocateRegistry.getRegistry();
registry.rebind(name, stub);
System.out.println("ComputeEngine bound");
} catch (Exception e) {
System.err.println("ComputeEngine exception:");
e.printStackTrace();
}It works if i don't have a security manager and it works with a security manager if i don't use netbeans to run it and use the command line. i need to use a secuirty manager because the client code is running in eclipse and it moans that there is no security manager if i run it without one
this is the error i get when running with no security manager
java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
java.lang.ClassNotFoundException: takenoteremote.Compute (no security manager: RMI class loader disabled)
Please helpI have sort of got it to work, i took out the security manager and used the code base parameter on the command line, and put my interface into a jar file. I can only get it to work though on the command line, if i run it in netbeans it doesn't find the class in the jar file it needs.
Any ideas? -
Security manager not used with JNDI ?!
Hi,
I have a simple stand-alone java app that does a JNDI lookup
and subsequent method invocation on the returned session bean.
I never explicitly install a security manager and am wondering
why there are no security problems getting the bean proxy
and any subsequent code downloads from the WebLogic server.
Seems like this would never work under under pure RMI, so
what's going on in this case?
Thanks, GarryHi,
According to the screenshot, it seems like compatibility problem, What's the type of your system?
In addition, you can refer to the link below to view its compatibility list.
http://gallery.technet.microsoft.com/LocalGPOmsi-Excellent-MS-2593b2eb
Roger Lu
TechNet Community Support -
Differences in setting a security manager
Hello,
what is the difference between installing a security manager using a system property like this:
-Djava.security.manager=java.rmi.RMISecurityManagerand by executing the following at the beginning of the main method:
if (System.getSecurityManager() == null) {
System.setSecurityManager(new RMISecurityManager());
}To my understanding of the various reference documentations for java security, they should be equivalent in the obtained result. In my case, however, the system property one doesn't work, that is classes are not downloaded dynamically; everything works fine with the java code solution.
Many thanks,
valerioWorks for me.
-Djava.security.manager=java.rmi.RMISecurityManagerThis argument needs to appear first on the command line, before any other -D and -jar arguments.
NB the RMISecurityManager is obsolete, you can use java.lang.SecurityManager. See the Javadoc. You can just specify:
-Djava.security.manager=defaultor just:
-Djava.security.manager -
Default Administrator password in BI Administration Tool - Security Manager
Hello all,
I'm new to OBIEE and have recently been playing around in the BI Administration Tool to create my own repository (.rpd) metadata files from demo DBs. I selected "Manage" -> "Security" to open Security Manager and then set a logging level of 2 on the Administrator user.
UNFORTUNATELY, there is a default password that apparently gets specified that I didn't notice, so when I closed my repository file and tried to re-open it, it is now challenging me for a password that I didn't set, don't know, and have not been able to find in documentation or posted threads anywhere.
Has anyone else ever come across this problem before or know the default password? Any help would be greatly appreciated. Thanks guys.Guys,
First, let me thank you all for you quick responses and willingness to give me a hand. It's greatly appreciated. And thanks Ally for noticing the name! Glad you liked it. :)
Unfortunately, my problem still exists. None of the following passwords worked for me: <blank>, "Administrator", "administrator", or "ADMINISTRATOR".
Also, I should clarify for the thread that I'm not using Paint.rpd or SH.rpd; I'm creating my own repository from scratch. For those who read this post and have literally 90 seconds to spare, I would ask you to try and recreate this same thing with me and see if it's just me (and if I'm crazy):
1) Open OBI Administration Tool
2) DO NOT open an existing repository, create a new one. Name it whatever; mine is the default "Metadata1.rpd"
3) Don't bother adding any metadata to it, go immediately to "Manage" --> "Security" --> "Users" and open up the Administrator user by double-clicking it.
4) Notice there is a "Password" and "Confirm Password" value already defined by default! DON'T change it (this is the password in question that I accidentally accepted). Just click the "OK" button without making any changes to that form.
5) Save, close, and then try to re-open this repository you just created. It should be challenging you for a password now, right? And I bet it will not accept <blank> or any variation of "Administrator".
Believe me, I know better now in the future to not let this happen. But I can't for the life of me figure out this password that was automatically populated and WHY there would be one there in the first place! I was walking through a lab that told me to open this security setting for Administrator to set a logging level, but it did not mention anything about a setting a password. So, I created a repository that I have now magically locked myself out of. :)
Can anyone else please try to recreate this and let me know if it's just me or not? I am using BI Administration Tool version: 10.1.3.3.2.071217.1900.
Thanks again guys. -
Searching for the Recording Security Manager utility
The WLS v6.1 docs on managing security (http://edocs.beasys.com/wls/docs61/adminguide/cnfgsec.html#1074675)
mentions a Recording Security Manager utility for detecting and resolving permission
problems. Can someone point me to it?Hi Dan,
Its available on the BEA developer center
http://developer.bea.com/do_login.jsp
You will need to have a login and password to access this site .
Just search for Recording Security Manager and you will get the tool
yeshwant
Dan McHarness wrote:
The WLS v6.1 docs on managing security (http://edocs.beasys.com/wls/docs61/adminguide/cnfgsec.html#1074675)
mentions a Recording Security Manager utility for detecting and resolving permission
problems. Can someone point me to it? -
Java.security.manager ?
My understanding about Java SecurityManager is when you want to use it,
it have to be installed. It can be installed through
using -Djava.security.manager
option with java command or calling setSecurityManager() in the application.
I'm sure that WLS startup script marketed with WLS5.1
used -Djava.security.manager
option, however, WLS6.1 and WLS7.0's script don't use the option. Do they
install a SecurityManager through setSecurityManager() method?
I'm just curious to know why they are different between WLS5.1 and
WLS6.1/7.0.
Thanks in advance,
Koji Sekiguchi6.1 and 7.0 do not install a SecurityManager programattically. It was
decided that most people do not make use of the added security provided
by the security manager and that it has a significant performance hit on
the VM (I think we found 6-7% degradation but it was a long time ago so
I may be way off) so that it did not make sense to run with it by
default. Instead we tell people to turn it on who need it. It seems
better because all of the security conscious people know to look for it
and all of the security unaware folk don't know enough to turn it off so
they are stuck with the degradation.
The SecurityManager is really most helpful if you are installing
untrusted applications on your app server (something most users don't
do). It does next-to-nothing to prevent remote attacks.
Neil Smithline
Koji Sekiguchi wrote:
My understanding about Java SecurityManager is when you want to use it,
it have to be installed. It can be installed through
using -Djava.security.manager
option with java command or calling setSecurityManager() in the application.
I'm sure that WLS startup script marketed with WLS5.1
used -Djava.security.manager
option, however, WLS6.1 and WLS7.0's script don't use the option. Do they
install a SecurityManager through setSecurityManager() method?
I'm just curious to know why they are different between WLS5.1 and
WLS6.1/7.0.
Thanks in advance,
Koji Sekiguchi -
Does anybody know how to work effectively with security manager and filtering?
It is extremely time consuming and frustrating to work with Cisco Security Manager in regards to search for entries or filter. I have not been able to find some kind of global search, is there?
How do other people cope with this?It appears to have been a temporary issue as the backup is running fine again now... closing the thread.
-
Custom Security Manager or Security Event Interception from WebLogic Console
Hello,
I have built my own Security Manager and implemented custom preference/property mechanism for every Principal, so when I use my Swing client to create new User and new Group, as well as addMember to a Group, I know what to do with those properies/preferences.
Now, I want to use WebLogic Console to manage users and groups. I want to intercept events in my Security Manager about new User or Group creation or changing their memberships as Principals in order to handle their Preference/properties stuff myself...
I wonder what should I "listen" in order to understand that someone has changed membership of Users or Groups or about creation of new User or Group?
I use Weblogic Server 6.0 sp2
sergeHi Daniel,
> a custom security manager for the standard CM Repository
And this dictates you indeed to use the old API, as the CMRepositoryManager itself is using the old API.
The standard AclSecurityManager is implemented by com.sapportals.wcm.repository.manager.generic.security.AclSecurityManager. If you check out Configuration - Content Management - Repository Managers - Security Manager, you will see "ACL Security Manager" (the one from above) and "ACL Security Manager (for new Manager-API)". This is implementing / using the new API, but needs also a RM using the new API.
> java.lang.NoSuchMethodException: MySecurityManager.<init>
This exception only complains about a missing constructor!? Have you implemented a default constructor?!
> If this is the case, where can I find the API for IUMPrincipal? It is not included in any provided API because of deprecation.
The methods of the old EP5 user management are more or less similar to the new UME, so using the old deprecated API should be more or less straight forward.
There are also transformer methods for example to transform a "new" user object to an old EP5 one, see https://forums.sdn.sap.com/thread.jspa?threadID=235656&tstart=0
Hope it helps
Detlev
Maybe you are looking for
-
Hi all, I need to bring system and user statusses to BW (for wbs-elements and cs/pm orders). I'm fairly new to BW and I cannot find any business content regarding statusses. I have varying reporting needs where these statusses are important. Are ther
-
Help needed in calculating hash code for a linked list??
I have reffered API documentation for the list interface...There i found the code below for the hashcode() method ...I couldn't get why "31" is used as a multiplicative factor? int hashCode = 1; Iterator<E> i = list.iterator(); w
-
Elements 10. Windows 7. Alastair Omand
With Elements open the screen shows - 5138 items/18 not shown (I have no idea why). Click Edit/Preferences/Backup Synch - response, ERROR IN OPENING. Click Backup Synch Key (at bottom of screen) FILES shows 27 albums (there are 28). Click Not Backed
-
Output volume reset at start up
Hi Guys, need your help. i connect my iMac to my hi fi system, so i want to keep my iMac sound level to MAX and control my sound level at my hi fi system. i use to have a Mac Pro and i didn't have any problem, now i switched to iMac i7, volume level
-
Hi Gurus, We have a requirement, to have SSO between, user Microsoft Credentials and SAP Portal. The Chalenge here is that the user name, in Microsoft credentials is different from the Portal user, so we need authenticate the user against ADS and the