[jboss-user] [Security & JAAS/JBoss] - Problems while configuring server.policy file

jahnviv do-not-reply at jboss.com
Fri Mar 30 06:14:47 EDT 2007 

Hi, 

I want to grant permission to MBeans and MBeanServer of my web application i.e. these MBeans and MBeanServer are application specific, it has nothing to do with JBoss. 

I am assigning this permission in server.policy file. It already has default permission java.security.AllPermission. So it overrides the MBean specific permission given by me. Now I have removed AllPermission and give some minimum permission required from this link : 

http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfiguringAJavaSecurityManager 

Now it gives error regarding deploy folder. The stacktrace is given below: 

15:21:10,350 ERROR [MainDeployer] could not create deployment: file:/C:/Java/jboss-4.0.2/server/all/deploy/jboss-aop.deployer/ 
org.jboss.deployment.DeploymentException: MBeanTrustPermission(register) not implied by protection domain of mbean class: org.jboss.aop.deployment.AspectManagerService, pd: ProtectionDomain (file:/C:/Java/jboss-4.0.2/server/all/tmp/deploy/tmp25826jboss-aspect-library.jar <no certificates>) 
org.jboss.mx.loading.UnifiedClassLoader3 at 1546dbc{ url=file:/C:/Java/jboss-4.0.2/server/all/deploy/jboss-aop.deployer/ ,addedOrder=3} 
<no principals> 
java.security.Permissions at c4d04d ( 
(java.net.SocketPermission localhost:1024- listen,resolve) 
(java.net.SocketPermission * connect,resolve) 
(java.net.SocketPermission * connect,resolve) 
(java.net.SocketPermission localhost:1024- listen,resolve) 
(javax.security.auth.AuthPermission createLoginContext.*) 
(unresolved javax.management.MBeanServerPermission findMBeanServer null) 
(unresolved javax.management.MBeanServerPermission findMBeanServer null) 
(unresolved javax.management.MBeanPermission org.jboss.mx.modelmbean.XMBean#*[JMImplementation:type=MBeanRegistry] *) 
(unresolved javax.management.MBeanPermission org.jboss.mx.modelmbean.XMBean#*[JMImplementation:type=MBeanRegistry] *) 
(java.lang.RuntimePermission accessClassInPackage.*) 
(java.lang.RuntimePermission queuePrintJob) 
(java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getSubject) 
(java.lang.RuntimePermission stopThread) 
(java.util.PropertyPermission java.version read) 
(java.util.PropertyPermission java.vm.name read) 
(java.util.PropertyPermission java.vm.vendor read) 
(java.util.PropertyPermission os.name read) 
(java.util.PropertyPermission java.vendor.url read) 
(java.util.PropertyPermission java.vm.specification.vendor read) 
(java.util.PropertyPermission os.version read) 
(java.util.PropertyPermission java.specification.vendor read) 
(java.util.PropertyPermission java.class.version read) 
(java.util.PropertyPermission java.specification.name read) 
(java.util.PropertyPermission file.separator read) 
(java.util.PropertyPermission os.arch read) 
(java.util.PropertyPermission java.vm.version read) 
(java.util.PropertyPermission java.vendor read) 
(java.util.PropertyPermission java.specification.version read) 
(java.util.PropertyPermission java.vm.specification.version read) 
(java.util.PropertyPermission java.vm.specification.name read) 
(java.util.PropertyPermission * read) 
(java.util.PropertyPermission path.separator read) 
(java.util.PropertyPermission line.separator read) 
(java.io.FilePermission C:/Java/jboss-4.0.2/server/all/- read,write,delete) 
(java.io.FilePermission C:/Java/jboss-4.0.2/- read,write,delete) 
(java.io.FilePermission C:\j2sdk1.4.2_08\jre/- read,write,delete) 
(java.io.FilePermission C:/Java/jboss-4.0.2/server/all/- read,write,delete) 
(java.io.FilePermission C:/Java/jboss-4.0.2/- read,write,delete) 
(java.io.FilePermission C:\j2sdk1.4.2_08\jre/- read,write,delete) 
(java.io.FilePermission C:\Java\jboss-4.0.2\server\all\tmp\deploy\tmp25826jboss-aspect-library.jar read) 
(java.io.FilePermission C:\Java\jboss-4.0.2\server\all\deploy\jboss-aop.deployer read) 
) 

; - nested throwable: (java.lang.SecurityException: MBeanTrustPermission(register) not implied by protection domain of mbean class: org.jboss.aop.deployment.AspectManagerService, pd: ProtectionDomain (file:/C:/Java/jboss-4.0.2/server/all/tmp/deploy/tmp25826jboss-aspect-library.jar <no certificates>) 
org.jboss.mx.loading.UnifiedClassLoader3 at 1546dbc{ url=file:/C:/Java/jboss-4.0.2/server/all/deploy/jboss-aop.deployer/ ,addedOrder=3} 
<no principals> 
java.security.Permissions at c4d04d ( 
(java.net.SocketPermission localhost:1024- listen,resolve) 
(java.net.SocketPermission * connect,resolve) 
(java.net.SocketPermission * connect,resolve) 
(java.net.SocketPermission localhost:1024- listen,resolve) 
(javax.security.auth.AuthPermission createLoginContext.*) 
(unresolved javax.management.MBeanServerPermission findMBeanServer null) 
(unresolved javax.management.MBeanServerPermission findMBeanServer null) 
(unresolved javax.management.MBeanPermission org.jboss.mx.modelmbean.XMBean#*[JMImplementation:type=MBeanRegistry] *) 
(unresolved javax.management.MBeanPermission org.jboss.mx.modelmbean.XMBean#*[JMImplementation:type=MBeanRegistry] *) 
(java.lang.RuntimePermission accessClassInPackage.*) 
(java.lang.RuntimePermission queuePrintJob) 
(java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getSubject) 
(java.lang.RuntimePermission stopThread) 
(java.util.PropertyPermission java.version read) 
..... 

Any clues?? 

Thanks. 

Jahnvi 


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033083#4033083

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033083

More information about the jboss-user mailing list