Why javax.security.Policy is deprecated ?
I was trying to refresh Policy object in my application. When I was coding as following, a warning message pops up. It says, "javax.security.Policy is deprecated." That is, I can't use it any more. I want to know why ? And how can I refresh system policy object, if my policy file is changed. I don't want to restart my application, which will be running as a server.
Policy policy = Policy.getPolicy();
policy.refresh();
Regards,
WenBin
Up.
Similar Messages
-
Why javax.security.* doesn't work for me ?
I am newbie in Java. Recently I met a problem which confused my a lot. I am a class named CSecurity which can throw LoginException. Code sample is
public class CSecurity
userLogin() throws LoginException
When compiling it, "unresolved symbol - Can't locate LoginException class" error message appears, although I put "import javax.security.*;" in the front. Compilation succeeds, if I change it to "import javax.security.auth.login.LoginException;". My question is why character "*" doesn't work at all, since it is supposed to work. I assume "import javax.security.*;" should import all class under security branch. Am I wrong about this ?
Regards,
WenBinwhen you import * it doesn't import sub packages, only the specified one.
so you would need to do..
import javax.security.auth.login.*; -
Problem with granting permissions in the security policy file
Hi,
I have a security policy file. I am granting permissions to some files. Now even if I have given permissions explicitly it doesnt taking it and gives error. My code snippet is as follows:
grant codeBase "file:${jboss.server.home.dir}/deploy/jboss-ws4ee.sar/-"{
permission java.security.AllPermission;
The stack-trace for the same is as follows:
11:09:49,518 ERROR [MainDeployer] Could not initialise deployment: file:/C:/Java/jboss-4.0.2/server/all/deploy/jboss-ws4ee.sar/jboss-ws4ee.war
java.security.AccessControlException: access denied (java.io.FilePermission C:\Java\jboss-4.0.2\server\all\tmp\deploy\tmp17221jboss-ws4ee.war read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.SecurityManager.checkRead(SecurityManager.java:863)
at java.io.File.lastModified(File.java:771)
at org.jboss.deployment.MainDeployer.init(MainDeployer.java:866)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:765)
at org.jboss.deployment.MainDeployer.addDeployer(MainDeployer.java:360)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:121)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy37.addDeployer(Unknown Source)
at org.jboss.deployment.SubDeployerSupport.startService(SubDeployerSupport.java:111)
at org.jboss.web.AbstractWebContainer.startService(AbstractWebContainer.java:600)
at org.jboss.web.tomcat.tc5.Tomcat5.startService(Tomcat5.java:409)
at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:272)
at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:222)
at sun.reflect.GeneratedMethodAccessor11.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:897)
at $Proxy0.start(Unknown Source)
at org.jboss.system.ServiceController.start(ServiceController.java:418)
at org.jboss.system.ServiceController.start(ServiceController.java:440)
at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy4.start(Unknown Source)
at org.jboss.deployment.SARDeployer.start(SARDeployer.java:273)
at org.jboss.deployment.MainDeployer.start(MainDeployer.java:964)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:775)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:738)
at sun.reflect.GeneratedMethodAccessor19.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:121)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
at $Proxy8.deploy(Unknown Source)
at org.jboss.deployment.scanner.URLDeploymentScanner.deploy
Here I am giving all permission which in turn encapsulate FilePermission also. So this should work. But why it is bypassing this permission?
Any clues?!
Thanks.
Jahnvigrant codeBase
"file:${jboss.server.home.dir}/deploy/jboss-ws4ee.sar/-"{That's not a codebase, it's a specification for a FilePermission. A codebase is a list of one or more directories or JAR files expressed as URLs. -
OPSS java security policy provider error
hi am geting the security error when deploying application my logs is
*** Using HTTP port 7101 ***
*** Using SSL port 7102 ***
"C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\bin\startWebLogic.cmd"
[waiting for the server to complete its initialization...]
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m
WLS Start Mode=Development
CLASSPATH=C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.jdbc_11.1.1\ojdbc6dms.jar;C:\oracle\MIDDLE~1\patch_wls1035\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\oracle\MIDDLE~1\patch_jdev1112\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\oracle\MIDDLE~1\JDK160~1\lib\tools.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.jar;C:\oracle\MIDDLE~1\modules\features\weblogic.server.modules_10.3.5.0.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\webservices.jar;C:\oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\oracle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\common\derby\lib\derbyclient.jar;C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\xqrl.jar
PATH=C:\oracle\MIDDLE~1\patch_wls1035\profiles\default\native;C:\oracle\MIDDLE~1\patch_jdev1112\profiles\default\native;C:\oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32;C:\oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\oracle\MIDDLE~1\JDK160~1\jre\bin;C:\oracle\MIDDLE~1\JDK160~1\bin;C:\forms;C:\product\11.2.0\dbhome_1\bin;C:\product\11.2.0\dbhome_1;C:\DevSuiteHome_1\BIN;C:\DevSuiteHome_1\jlib;C:\Program Files\PHP;C:\Program Files\PC Connectivity Solution\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\DivX Shared;c:\Program Files\Java\jdk1.6.0_21\bin;C:\product\11.2.0\dbhome_1\BIN;C:\DevSuiteHome_1;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\mywls;C:\mydomain\base_domain\bin;C:\Program Files\Java\jre6\bin\client;C:\Program Files\Java\jre6\bin;C:\Program Files\Java\jdk1.6.0_21\jre\bin;C:\Program Files\Java\jdk1.6.0_21\bin;C:\Program Files\Java\jdk1.6.0_21;C:\Program Files\Java\jre6;C:\DevSuiteHome_1\forms;C:\DevSuiteHome_1\cgenf61\admin;C:\DevSuiteHome_1\forms;C:\forms\sms_code.pll;C:\mywls\wlserver\bin;C:\Java\jdk1.6.0_21;C:\oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
java version "1.6.0_24"
Java(TM) SE Runtime Environment (build 1.6.0_24-b50)
Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode)
Starting WLS with line:
C:\oracle\MIDDLE~1\JDK160~1\bin\java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=DefaultServer -Djava.security.policy=C:\oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.policy -Djavax.net.ssl.trustStore=C:\DOCUME~1\Desmond\LOCALS~1\Temp\trustStore8732822766352054612.jks -Djbo.debugoutput=silent -Doracle.jdeveloper.adrs=true -Dweblogic.nodemanager.ServiceEnabled=true -Xverify:none -da -Dplatform.home=C:\oracle\MIDDLE~1\WLSERV~1.3 -Dwls.home=C:\oracle\MIDDLE~1\WLSERV~1.3\server -Dweblogic.home=C:\oracle\MIDDLE~1\WLSERV~1.3\server -Djps.app.credential.overwrite.allowed=true -Dcommon.components.home=C:\oracle\MIDDLE~1\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1 -Djrockit.optfile=C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.server.config.dir=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\servers\DefaultServer -Doracle.domain.config.dir=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1 -Digf.arisidbeans.carmlloc=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\arisidprovider -Doracle.security.jps.config=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\fmwconfig\jps-config.xml -Doracle.deployed.app.dir=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\servers\DefaultServer\tmp\_WL_user -Doracle.deployed.app.ext=\- -Dweblogic.alternateTypesDirectory=C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\oracle\MIDDLE~1\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -Dwsm.repository.path=C:\DOCUME~1\Desmond\APPLIC~1\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\oracle\store\gmds -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\oracle\MIDDLE~1\patch_wls1035\profiles\default\sysext_manifest_classpath;C:\oracle\MIDDLE~1\patch_jdev1112\profiles\default\sysext_manifest_classpath weblogic.Server
<22 Dec 2011 10:11:07 AM> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<22 Dec 2011 10:11:07 AM> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<22 Dec 2011 10:11:07 AM> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 19.1-b02 from Sun Microsystems Inc.>
<22 Dec 2011 10:11:07 AM> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<22 Dec 2011 10:11:08 AM> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<22 Dec 2011 10:11:08 AM> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<22 Dec 2011 10:11:08 AM> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<22 Dec 2011 10:11:08 AM> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log00004. Log messages will continue to be logged in C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log.>
<22 Dec 2011 10:11:08 AM> <Notice> <Log Management> <BEA-170019> <The server log file C:\Documents and Settings\Desmond\Application Data\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log is opened. All server side log events will be written to this file.>
oracle.security.jps.JpsRuntimeException: Cannot read from policy store.
at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:440)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.<init>(XmlPolicyStore.java:227)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:100)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:74)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:850)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:844)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: oracle.security.jps.JpsRuntimeException: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:166)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:187)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.loadXmlDataStore(XmlDataStore.java:418)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.<init>(XmlDataStore.java:283)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.getInstance(XmlDataStore.java:216)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:436)
... 28 more
Caused by: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:80)
at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
... 34 more
Caused by: javax.xml.stream.XMLStreamException: Premature end of file encountered
at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:69)
... 37 more
<22 Dec 2011 10:11:10 AM> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider>
<22 Dec 2011 10:11:10 AM> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:293)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:899)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
Truncated. see log file for complete stacktrace
Caused By: java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:860)
at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:844)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: Cannot read from policy store.
at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:440)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.<init>(XmlPolicyStore.java:227)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:100)
at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:74)
at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:166)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:187)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.loadXmlDataStore(XmlDataStore.java:418)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.<init>(XmlDataStore.java:283)
Truncated. see log file for complete stacktrace
Caused By: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:80)
at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
Truncated. see log file for complete stacktrace
Caused By: javax.xml.stream.XMLStreamException: Premature end of file encountered
at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:69)
at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
Truncated. see log file for complete stacktrace
>
<22 Dec 2011 10:11:10 AM> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<22 Dec 2011 10:11:10 AM> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<22 Dec 2011 10:11:10 AM> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
Process exited.
this is what i have try to do
delete the jazn-data.xml file under the DefaultDomain
and i try to in the folder of C:\Oracle\Middleware\user_projects\domains\UCM_dom ain\config\fmwconfig open cwallet.sso, go to properties of it and then security.Enable full control,modify,Read and execute,read and write permissions for the current user and apply it. but there is no security option when i right click cwallet.sso
and my acess log is
27.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx?_afrLoop=49432564240140&_afrWindowMode=0&Adf-Window-Id=w0 HTTP/1.1" 302 315
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/adfAuthentication HTTP/1.1" 302 313
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx HTTP/1.1" 200 5821
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx?_afrLoop=49432609646747&_afrWindowMode=0&Adf-Window-Id=w0 HTTP/1.1" 302 315
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/adfAuthentication HTTP/1.1" 302 313
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx HTTP/1.1" 200 5821
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx?_afrLoop=49432662731333&_afrWindowMode=0&Adf-Window-Id=w0 HTTP/1.1" 302 315
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/adfAuthentication HTTP/1.1" 302 313
127.0.0.1 - - [22/Dec/2011:12:10:09 -0800] "GET /StoreFrontModule/faces/login.jspx HTTP/1.1" 200 5821
Edited by: user603350 on 2011/12/22 12:04 PM
Edited by: user603350 on 2011/12/22 12:17 PM
Edited by: user603350 on 2011/12/22 1:12 PMThe problem is that your WLS domain is created in a directory whose path contains blank spaces (e.g. "...\Document and Settings\...").
Please, have a look at this message for a solution: {message:id=9588131}
Dimitar -
Javax.security.auth.AuthPermission createLoginContext.Userpass
Hi,
I am working on authentication using JAAS.
I have created small application and calling it in one of the jsp file. When I try to access the jsp I am getting the following error:
createLoginContext.Userpass : access denied
(javax.security.auth.AuthPermission createLoginContext.Userpass)
When i run the java application it is authenticating the user but when I try to run it by calling it from JSP it is giving the above error.
I have java.policy file and I have modified that too and it is able to give permissions to all the jar file accept the one which I have created.
Can any body suggest how to give permission to (javax.security.auth.AuthPermission createLoginContext.Userpass).
Edited by: Vaibhav818 on Jun 30, 2008 2:54 AMThe error occurs because you don't grant createLoginContext permission to the Sample jar file in your policy file or you do but you don't specify your policy file. Below is example for authorization sample.
grant codebase "file:./SampleAzn.jar" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
Cheers
Zi -
Partially Trusted Security Policy
Hi,
I'm using the ODAC1110510beta.exe in my Windows XP SP2 "development" machine and Windows 2003 SP2 "test deployment" machine.
I am able to use the Personalization Data Provider in both windows xp and 2003. The sample web app project was using WebPartManager, WebPartZone, CatalogZone, DeclarativeCatalogPart, PageCatalogPart, EditorZone, AppearanceEditorPart, BehaviorEditorPart, LayoutEditorPart, PropertyGridEditorPart.
Upon checking in the Oracle tables that was created, several rows has been inserted when testing out the sample web app project. (note that there was an error in the installation scripts - something to do with a missing "s" in one of the tables)
Ok, now that I have established my current setup and situation, my question now is, why is that when I run ASP.NET AJAX Toolkit "Samples" website, I get the following error message:
Server Error in '/MicrosoftAJAXToolkit' Application.
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Type 'Oracle.Web.Management.OracleWebEventProvider' cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttribute is not present on the target assembly).
Source Error:
[No relevant source lines]
Source File: machine.config Line: 160
Version Information: Microsoft .NET Framework Version:2.0.50727.832; ASP.NET Version:2.0.50727.832
Things I did to try to resolve this problem is by following the instructions in the following site: http://msdn2.microsoft.com/en-us/library/zdc263t0(VS.80).aspx
I followed and executed the following steps in:
"To grant full trust to an assembly or folder on your local computer"
The location C:\oracle\product\11.1.0\client_1\ASP.NET\bin\2.x\* is now added for FullTrust
I also followed and executed the following steps in:
"To grant full trust to an assembly or folder on a network computer or mapped drive"
The location C:\oracle\product\11.1.0\client_1\ASP.NET\bin\2.x\* is now added for FullTrust
But still I get the same error message when running the "Samples" AJAX Toolkit website.
Please help on how to go about this.
Many Thanks,
Henry WuI am, 6 months later, getting the same issue. Has something to do with Oracle.web. My intention as of now is to remove Oracle.Web.*
What did you do?
Thanks -
11.2.3 security policy not applying
This was in another post felt it need its on post and subject.
11.2.3 has help, but now on device that have 11.2.3 the security policy is
not applying. I have 4 device I'm testing on one was a clean instill of
11.2.3 the other 3 were upgraded, out of all 4 only one the security policy
is applying right. Where would the security policy be store when it is
applied to a device. Is their a better way to apply security policy.
I found that the gpttmpl.inf file is not being copy to the
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
folder and did confirm that it is in the zcm meachine cache folder
[C:\Program Files
(x86)\Novell\ZENworks\bin\handlers\CacheFiles\Work stationCache\GroupPolicy\M
achine\Microsoft\Windows NT\SecEdit]. I manual copy it to the SecEdit
folder
logged off back on and then did get the Security Options Settings set
properly.
So why is it not copying it over, the Registry.pol file is and all other
group policy are working (so far). And on the one computer that Security
Options is working right on and running 11.2.3 the gpttmpl.inf is not in
the
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
folder ether and I have checked computers that are still on 11.2.0 and the
Security Settings are applied but the gpttmpl.inf file in not in the
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]. Is
ZEN suppose to copy gpttmpl.inf to the system32 group policy folder and if
so can this be fix? I really need Security Settings to apply.
Hope this makes sense.
And I have this problem on both 32 & 64 bit windows 7
I don't know if this affects Windows XP because I don't have any Security
Settings for XP set.
Thanks
ScottWell I found this in the ZCM troubleshooting guide with the help of google
[When more than one Windows Group policy is applied to a device, the
security settings of the last applied policy are effective on the device.].
I have all ways had device first user last sense 10.3.3 - 11.2.0 and the
security policy did apply, at lease with WIN7. So on my test machines I
change it to user fist device last and now the security policy now works
with 11.2.3, but I still have to have a bundle to run gpupdate /force at
user login. If I done have the bundle to run the device group policy does
not apply sometime, I don't mine to have the bundle to run just why with
win7 is does not apply with out it and XP does with out it.
Also why does it not copy the gpttmpl.inf to
[C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
directory?
>>> On Friday, March 15, 2013 at 12:34 PM, in message
<[email protected]>, Scott Malugin<[email protected]> wrote:
> This was in another post felt it need its on post and subject.
>
>
> 11.2.3 has help, but now on device that have 11.2.3 the security policy
> is
> not applying. I have 4 device I'm testing on one was a clean instill of
> 11.2.3 the other 3 were upgraded, out of all 4 only one the security
> policy
> is applying right. Where would the security policy be store when it is
> applied to a device. Is their a better way to apply security policy.
>
>
> I found that the gpttmpl.inf file is not being copy to the
> [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
> folder and did confirm that it is in the zcm meachine cache folder
> [C:\Program Files
> (x86)\Novell\ZENworks\bin\handlers\CacheFiles\Work stationCache\GroupPoli
> cy\M
>
> achine\Microsoft\Windows NT\SecEdit]. I manual copy it to the SecEdit
> folder
> logged off back on and then did get the Security Options Settings set
> properly.
>
> So why is it not copying it over, the Registry.pol file is and all other
> group policy are working (so far). And on the one computer that Security
> Options is working right on and running 11.2.3 the gpttmpl.inf is not in
> the
> [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
> folder ether and I have checked computers that are still on 11.2.0 and
> the
> Security Settings are applied but the gpttmpl.inf file in not in the
> [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit].
> Is
> ZEN suppose to copy gpttmpl.inf to the system32 group policy folder and
> if
> so can this be fix? I really need Security Settings to apply.
>
> Hope this makes sense.
>
> And I have this problem on both 32 & 64 bit windows 7
> I don't know if this affects Windows XP because I don't have any
> Security
> Settings for XP set.
>
>
> Thanks
> Scott -
Difficulties loading custom security Policy object.....
I just finished reading the white paper entitled �When java.policy Just Isn�t Good Enough� and I found a lot of good information for creating my own extension of java.security.Policy. I�m having a difficult time figuring out how to (best) load the policy, and I�ll explain why, but first I�d like to make sure that I�m extending the Policy class correctly. Don�t worry, I�ll be as brief as possible. My class looks something like this with a few more permissions than what i've included here (for brevity):
public class MyPolicy extends Policy {
private static MyPolicy INSTANCE = new MyPolicy();
private PermissionCollection perms = new Permissions();
private MyPolicy() {
constructPerms();
public static MyPolicy getInstance() {
return INSTANCE;
public PermissionCollection getPermissions(CodeSource arg0) {
return perms;
public void refresh() {
// permissions won't change, so nothing necessary here!
public void constructPerms() {
// I�m adding other permissions, but here are a few basic ones just for the idea:
perms.add(new PropertyPermission("java.version", "read"));
perms.add(new PropertyPermission("java.vendor", "read"));
perms.add(new PropertyPermission("java.vendor.url", "read"));
}I have this class in a package that will reside inside of a jar on the target machine. The jar will be wrapped in an executable, and we�ll be distributing a JRE directory that will reside in the same (installation) directory as the executable. I�m not sure how to specify this as my Policy implementation on startup of the JVM. For security reasons, I want to rely as little as possible on security stuff outside of my exe-wrapped-jarfile. I can pass whatever parameters I want to the JVM, including �Xbootclasspath, but I�m not sure what I need to get things working this way.
I tried another approach. I don�t really like it, but I just wanted to try it this way to test my Policy implementation. I edited my java.policy file to look like this:
grant {
// Custom permissions to allow app to load
// and then set MyPolicy as Policy object:
permission java.security.SecurityPermission "getPolicy";
permission java.security.SecurityPermission "setPolicy";
permission java.util.PropertyPermission "stuff.*", "read,write";
};And then in my main() method, I loaded it like this:
Policy myPolicy = MyPolicy.getInstance();
Policy.setPolicy(myPolicy);But that doesn�t seem to work because I�m getting an AccessControlException: access denied (java.awt.AWTPermission replaceKeyboardFocusManager)
Even though I have this permission in my implementation:
perms.add(new AWTPermission("replaceKeyboardFocusManager"));Do you have any ideas what I�m doing wrong, or how I could fix them? Any information would be greatly appreciated. Thanks in advance!
SteveHey
I have just finished such a policy implemention - boy could I have done with your help!
I've never seen the java.security.debug property before - not to say it doesn't exist, but don't confuse system properties and security properties. Try setting it programmatically via Security.setProperty() or the Java Admin console [if you can], or even in the JRE WebStart uses via the java.security file.
When you run it locally with security switched on, do you observe the 3-to-1 behaviour also? I'm not sure if this is important - depends on your answer. As for the checks being performed from the same stack frame, the AC iterates over the protection domains as it checks them; the 3-to-1 behaviour is the result of there being 3 extra frames to check, possibly due to the fact your executing from JWS [although I'd expect JWS to be considered system code]. If the execution in AC gets to return null; then Debug.isOn("failure") must evaluate to true [...I'd slump in my chair at this point] but there's no way to figure out accurately what the semantics of this is AS THERE'S NO FRICKIN SRC AVAILABLE [...this really annoys me]. The only thing I can suggest for that is to not try and switch debugging on.
I suspect you are using JAAS [hence the dynamic policy need]? I have an idea if you are.
I totally know what you mean about the sleepless nights mate - I'm glad I done it all now, learnt all about security within Java which I knew nothing about 6 months ago.
Warm regads,
D -
Hi,
Iam implementing the JAAS API for the application security. I am getting the "javax.security.auth.login.LoginException: No LoginModules configured for "example"" exception.
The exception is thrown from the line -
LoginContext lc = new LoginContext("example", cbh);
I tried to debug by getting the config entry -
AppConfigurationEntry[] entries = config.getAppConfigurationEntry("example");
and "entries" is returning null.
the contents of jaas.config are -
example {
login.model.security.RdbmsLoginModule required debug="true" url="jdbc:oracle:thin://ha9-webdbs4:1528/OD40?user=xxx&password=xxx" driver="oracle.jdbc.driver.OracleDriver";
the entry for the jaas.config in the java.security file- (Tried both)
login.config.url.1=file:${java.home}/lib/security/jaas.config
java.security.auth.login.config=file:${java.home}/lib/security/jaas.config
The solutions I tried till now -
1. Hardcoding the value of "java.security.auth.login.config".
2. Starting the app server with the arguments
"-Djava.security.auth.login.config={PATH OF JAAS CONF}"
Nothing is working.
If anyone knows the solution, please share your ideas.
Thanks In Advance.
SR.Hi,
the following worked for me
-Djava.security.auth.login.config=src//oracle//sample//jaastester//jaasTestConfig.txt
where the policy file is located in the SRC folder of the JDeveloper project
Frank -
Why is security user required for Tux Domain?
I have to add a user in Weblogic Security Realm with user name equal to the Tuxedo
Remote Domain name. Otherwise the service request from Tuxedo to WTC is rejected
"Failed to get user identity".
In WTC Local WLS Domain "AIRCORE-WLS"... Security=None
In the Remote Tuxedo Domain "AIRCORE-TUX" DMCONFIG... SECURITY=NONE
So why is Weblogic trying to authenticate the remote TDOM as a user?
####<Feb 18, 2003 6:43:28 PM CST> <Debug> <WTC> <EA-LAWSTUC-W2K> <aircoreserver>
<ExecuteThread: '11' for queue: 'default'> <kernel identity> <> <180046> <]/rdsession(0)/dispatch/15/Failed
to get user identity: javax.security.auth.login.FailedLoginException: Authentication
Failed: User AIRCORE-TUX javax.security.auth.login.LoginException: Identity Assertion
Failed: User AIRCORE-TUX does not exist>
After creating user "AIRCORE-TUX" in Security/Realms/myrealm/users, service request
works.
####<Feb 18, 2003 6:49:11 PM CST> <Debug> <WTC> <EA-LAWSTUC-W2K> <aircoreserver>
<ExecuteThread: '1' for queue: 'default'> <kernel identity> <> <180046> <[InvokeInfo/setTargetSubject/(principals=[AIRCORE-TUX])>Carl,
Carl Lawstuen wrote:
>
I have to add a user in Weblogic Security Realm with user name equal to the Tuxedo
Remote Domain name. Otherwise the service request from Tuxedo to WTC is rejected
"Failed to get user identity".This is WTC need to get correct user credential to access WLS EJB. You
either add users to WLS or you add remote domain id (access point id) as
user to WLS depends on your configuration and release of Tuxedo the
request came from.
>
In WTC Local WLS Domain "AIRCORE-WLS"... Security=None
In the Remote Tuxedo Domain "AIRCORE-TUX" DMCONFIG... SECURITY=NONEThis SECURITY is not for ACL or user credential, this is for
authenticating the TDOMAIN session. It is done at session
negotiation/establishing time. This has something to do with connection
principal but has nothing to do with ordinary user. Since you set it to
NONE then there is no session authentication being done.
>
So why is Weblogic trying to authenticate the remote TDOM as a user?As I mentioned before WTC needs user credential to access WLS properly.
>
####<Feb 18, 2003 6:43:28 PM CST> <Debug> <WTC> <EA-LAWSTUC-W2K> <aircoreserver>
<ExecuteThread: '11' for queue: 'default'> <kernel identity> <> <180046> <]/rdsession(0)/dispatch/15/Failed
to get user identity: javax.security.auth.login.FailedLoginException: Authentication
Failed: User AIRCORE-TUX javax.security.auth.login.LoginException: Identity Assertion
Failed: User AIRCORE-TUX does not exist>
After creating user "AIRCORE-TUX" in Security/Realms/myrealm/users, service request
works.As I mentioned before depends on your configuration and Tuxedo releases
you have to use access point id (domain id/connection principal) or real
user. Once you have this in place it should work fine.
>
####<Feb 18, 2003 6:49:11 PM CST> <Debug> <WTC> <EA-LAWSTUC-W2K> <aircoreserver>
<ExecuteThread: '1' for queue: 'default'> <kernel identity> <> <180046> <[InvokeInfo/setTargetSubject/(principals=[AIRCORE-TUX])>Regards,
Honghsi -
WebStart, custom security policy and debugging
Hi,
Please forgive the long post, it's an obscure problem.
A year ago I implemented a custom instance-centric security policy that uses a database for storing permission data. It has served our needs very well on the server side. Now, however, I need to reuse it in a client application deployed to about 50 users via WebStart (there are more similar applications coming which will take the user base to about 200).
For some reason, the permissions are not being properly evaluated under WebStart. Tracing through my policy code, I can see that calls to imply() return with expected true/false values, however, when the internals of Java's underlying security API aggregate the results, calls to AccessController.checkPermission() don't raise exceptions when and where they are expected to.
This is really a hard problem to debug/trace. When I run the application locally, I have no problems with security checks even if I run it under a security manager (via -D.java.security.manager). Tracing to standard helps to a point and I can see that there is a difference: during the local runs, calls to MyCustomPolicy.implies(Permission, Domain) are made once per every AccessController.checkPermission() call made from the business layer. Under WebStart, there are three calls to MyCustomPolicy.implies() per every call to AccessController.checkPermission(). All three calls seem to come from the same stack frame. All three return 'false', yet AccessController.checkPermission() doesn't raise an exception.
Analyzing stack's state at the point MyCustomPolicy.implies() is been called, I think the answer to my problem may lie in the following code snippet of AccessControlContext.checkPermission(Permission):
for (int i=0; i< context.length; i++) {
if (context[i] != null && !context.implies(perm)) {
if (debug != null) {
debug.println("access denied "+perm);
if (Debug.isOn("failure")) {
Thread.currentThread().dumpStack();
final ProtectionDomain pd = context[i];
final Debug db = debug;
AccessController.doPrivileged (new PrivilegedAction() {
public Object run() {
db.println("domain that failed "+pd);
return null;
throw new AccessControlException("access denied "+perm, perm);
I believe that somehow one of the iterations gets to "return null" line, but at the moment I have no way of verifying this.
I'm finally getting to my question. In order for me to understand what's going on, I need to enable debugging of AccessControlContext. I can do this by setting java.security.debug system property. Again, I have no problem enabling debugging on a local system, but not under WebStart.
Here's what the relevant markup in the .jnlp file looks like:
<resources>
<j2se version="1.5" max-heap-size="128m" initial-heap-size="32m" java-vm-args="-Djava.security.debug=all">
</j2se>
<!-- a bunch of jar declarations -->
<property name="java.security.auth.login.config" value="jar:swing-app-SNAPSHOT.jar!/jaas_login.properties">
</property>
<property name="java.security.debug" value="all">
</property>
</resources>
this seems to have no effect and no debugging output appears. Any ideas why? Is there anything else I can do to enable debugging of AccessControlContext under WebStart?
I don't expect too many replies to my post (unless 3 sleepless weeks made me miss something really obvious), but if anyone can offer a hit/hit/insightful comment :), that would be great.
DmitryHey
I have just finished such a policy implemention - boy could I have done with your help!
I've never seen the java.security.debug property before - not to say it doesn't exist, but don't confuse system properties and security properties. Try setting it programmatically via Security.setProperty() or the Java Admin console [if you can], or even in the JRE WebStart uses via the java.security file.
When you run it locally with security switched on, do you observe the 3-to-1 behaviour also? I'm not sure if this is important - depends on your answer. As for the checks being performed from the same stack frame, the AC iterates over the protection domains as it checks them; the 3-to-1 behaviour is the result of there being 3 extra frames to check, possibly due to the fact your executing from JWS [although I'd expect JWS to be considered system code]. If the execution in AC gets to return null; then Debug.isOn("failure") must evaluate to true [...I'd slump in my chair at this point] but there's no way to figure out accurately what the semantics of this is AS THERE'S NO FRICKIN SRC AVAILABLE [...this really annoys me]. The only thing I can suggest for that is to not try and switch debugging on.
I suspect you are using JAAS [hence the dynamic policy need]? I have an idea if you are.
I totally know what you mean about the sleepless nights mate - I'm glad I done it all now, learnt all about security within Java which I knew nothing about 6 months ago.
Warm regads,
D -
When i change policy (by default it stays on High, and i put on Medium) and then run a web application on a site, the policy returns on high, so the application cant run (because the certificates are not trusted, but i know the application is sure)
Why it has this strange behaviour?Hi,
Do you mean that this issue happens over time? I wonder whether someone manually changed the UAC settings via local security policy or via control panel\user accounts\change user account control settings, I recommend you confirm this with the user (admin)
who used to use the system.
Regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Cisco Security Policy Builder, does it still exist?
I'm going through the Cisco CCNA Security Lab manual and in Chapter 9 I need to use the security policy builder. The link has since been deprecated (www.ciscowebtools.com/spb). Does anyone know where I can still find this tool or if maybe it has been updated and named something else?
Thanks for the help!
-MarkHi Mark,
Did you find it or any other tool similar to it ? It seems to be a very nice tool to start a Security Policy for a company.
If any one know anything about it let us know.
Thanks,
Paulo -
Application error while using security.policy feature
I am learning Java by reading http://java.sun.com/docs/books/tutorial/
While studying the "Security/Quick Tour of Controlling Applications" part I compile GetProps.java example:
import java.lang.*;
import java.security.*;
class GetProps {
public static void main(String[] args) {
String s;
try {
System.out.println("About to get os.name property value");
s = System.getProperty("os.name", "not specified");
System.out.println(" The name of your operating system is: " + s);
System.out.println("About to get java.version property value");
s = System.getProperty("java.version", "not specified");
System.out.println(" The version of the JVM you are running is: " + s);
System.out.println("About to get user.home property value");
s = System.getProperty("user.home", "not specified");
System.out.println(" Your user home directory is: " + s);
System.out.println("About to get java.home property value");
s = System.getProperty("java.home", "not specified");
System.out.println(" Your JRE installation directory is: " + s);
} catch (Exception e) {
System.err.println("Caught exception " + e.toString());
When I run it without security manger it prints all the property as it has to:
E:\Test>java -jar GetProps.jar
About to get os.name property value
The name of your operating system is: Windows XP
About to get java.version property value
The version of the JVM you are running is: 1.6.0_03
About to get user.home property value
Your user home directory is: C:\Documents and Settings\mikhail
About to get java.home property value
Your JRE installation directory is: C:\Program Files\Java\jdk1.6.0_03\jre
When I run it with security manager it prints the first two properties only and throws AccessControlException on user.home property as it has to either:
E:\Test>java -Djava.security.manager -jar GetProps.jar
About to get os.name property value
The name of your operating system is: Windows XP
About to get java.version property value
The version of the JVM you are running is: 1.6.0_03
About to get user.home property value
Caught exception java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
But when I run it with security manager and security policy allowing access to user.home and java.home properties it nevertheless throws AccessControlException, in spite of that mypolicy file grants access to these properties:
E:\Test>java -Djava.security.manager -Djava.security.policy=mypolicy -jar GetProps.jar
About to get os.name property value
The name of your operating system is: Windows XP
About to get java.version property value
The version of the JVM you are running is: 1.6.0_03
About to get user.home property value
Caught exception java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
Here is content of mypolicy file which I created by using policytool utility:
grant codeBase "file:/E:/Test/" {
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "user.home", "read";
My system:
MS WindowsXP Professional, Servis Pack 2
Sun SE JDK 1.6.0_03
What am I doing wrong?
Thank you, Mikhail.The last two days have been frustrating. The error above also appeared when I was trying to view one of the relationships in one of my entities.
What seems to have been happening is Designer showed a relationship existing after it had been deleted. This seems to be a bug in Designer. These rouge links can be deleted in the RON (although if you try to look at their details the RON will crash with the error in original query). After this cleanup everything worked like clockwork.
Hannah Fraser -
ERROR,11 Feb 2009 15:39:42,453,[XELLERATE.JBOSSLOGINHANDLER],Error in creating l
ogin context
javax.security.auth.login.LoginException: java.lang.NoSuchFieldError: TRACE
at org.jboss.logging.Log4jLoggerPlugin.isTraceEnabled(Log4jLoggerPlugin.
java:85)
at org.jboss.logging.Logger.isTraceEnabled(Logger.java:122)
at org.jboss.security.ClientLoginModule.initialize(ClientLoginModule.jav
a:96)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
86)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:6
80)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at Thor.API.Security.LoginHandler.jbossLoginHandler.login(Unknown Source
at Thor.API.Security.ClientLoginUtility.login(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.internalLogin(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.login(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.<init>(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.main(Unknown Source)Backup the original file log4j-1.2.8.jar in oimclient/xlclient/ext
copy the log4j.jar from JBOSS folder - JBOSS/server/default
Paste the file in client folder with original log4j-1.2.8.jar
Rename log4j.jar file to log4j-1.2.8.jar
start ur JBOSS.. this shd work.
AKSHAY
Edited by: user640639 on Feb 11, 2009 12:20 PM
Maybe you are looking for
-
Communication between Java and C++, IDL/CORBA
I have not been working with CORBA before.... but as far as I know the server and client has to be prepared for CORBA during the developpenent. Am I wrong? Or is this only the case for IDL? Is it possible to add CORBA/IDL to an already developped c++
-
Hi chaps, I am having a real problem here and really don't know what more I can do I have a video ts folder built in DVDSP, I've tried several versions of Toast I've tried burning to my iMac internal ... drive and an external Sony writer, three diffe
-
When I am trying to delete the obsolete backups I get this error . RMAN-00571: =========================================================== RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS =============== RMAN-00571: ===========================
-
Can I create an action that will print to a specific printer?
Hi all, Simple question. I want to create two buttons. One that will print a form to printer 1 (a work printer) and one button that will print to printer 2 (OneNote printer, aka Send to OneNote). Is that possible? No extra options needed, just a quic
-
Function Module required to convert the date coming from external system
Hi Friends, I need a Function Module that would convert the incoming date from external sytem in format YYYYMMDD to the SAP system in DDMMYYYY. The External system data type for the date is Numberic. Please suggest any FM if you know.I found out m