文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Websphere 7中使用Axis2 1.4的Java2安全性

Websphere 7中使用Axis2 1.4的Java2安全性
EN

Stack Overflow用户
提问于 2012-03-08 16:59:08
回答 1查看 1.8K关注 0票数 0

我在Websphere 7中部署了一个非常复杂的应用程序(例如企业应用程序)(带有父类加载器策略),其中包含多个依赖项。我正在部署的.ear包含4个.war文件。其中之一是轴心2.战争。

在我打开管理安全性和Java 2安全性之前,一切都很好。在调试了所有的..\profiles\was70profile1\config\cells\AMSCNT0009Node01Cell\applications\app.ear\deployments\app\META-INF\was.policy..\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\META-INF\was.policy并添加了必要的权限之后,我得到了一个似乎没有消失的AccessControlException (java.io.FilePermission C:\ProgramFiles\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell)\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices读)。

我的was.policy文件:

代码语言:javascript
复制
    /* AUTOMATICALLY GENERATED ON Mon Mar 05 13:40:14 CET 2012*/
/* DO NOT EDIT */

grant codeBase "file:${application}" {
  permission java.util.PropertyPermission "*", "read, write";
  permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory", "read, write";
  permission java.util.PropertyPermission "Axis2.prohibitDebugLogging" , "read,write";

  permission java.lang.RuntimePermission "modifyThreadGroup";
  permission java.lang.RuntimePermission "modifyThread";
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "setContextClassLoader";
  permission java.lang.RuntimePermission "checkPropertiesAccess";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.lang.RuntimePermission "loadLibrary.*";
  permission java.lang.RuntimePermission "getProtectionDomain";
  permission java.lang.RuntimePermission "shutdownHooks";
  permission java.lang.RuntimePermission "accessDeclaredMembers";

  permission java.security.SecurityPermission "getPolicy";
  permission javax.management.MBeanServerPermission "createMBeanServer";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

  permission com.ibm.oti.shared.SharedClassPermission "java.net.URLClassLoader", "read, write";
  permission com.ibm.oti.shared.SharedClassPermission "org.apache.axis2.deployment.DeploymentClassLoader", "read, write";

  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\attachments", "read, write";
  permission java.io.FilePermission "alerts.log", "read, write";
  permission java.io.FilePermission "jmxPerformance.log", "read, write";
  permission java.io.FilePermission "AppLog.txt", "read, write";
  permission java.io.FilePermission "hibernateStatsLogger.log", "read, write";

  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\plugins\\-", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\plugins", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\lib\\-", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\deploytool\\-", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\java\\-", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\java\\jre\\lib\\-", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\properties\\-", "read, write";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\properties\\*", "read, write";

  permission java.io.FilePermission "${app.installed.path}", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\*", "read, write";

  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\logs\\_axis2", "read, write, delete";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\logs\\_axis2\\*", "read, write, delete";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\logs\\_axis2\\-", "read, write, delete";

  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\temp\\AMSCNT0009Node01\\server1\\app", "read, write, delete";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\temp\\AMSCNT0009Node01\\server1\\app\\*", "read, write, delete";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\temp\\AMSCNT0009Node01\\server1\\app\\-", "read, write, delete";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\classes\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\conf\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\java\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\java\\*", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\java\\conf\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\scriptServices", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\scriptServices\\*", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\modules\\*", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\services\\*", "read, write";

  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\scriptServices", "read, write";  
  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\scriptServices\\*", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\modules\\-", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\services\\-", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF", "read";

  permission java.io.FilePermission "${app.installed.path}\\appEFDSimulator-3.5.2.war\\WEB-INF\\*", "read, write";

  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1", "read, write";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\properties", "read, write";
};

痕迹:

代码语言:javascript
复制
    [3/8/12 16:41:24:320 CET] 00000018 SecurityManag W   SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Refer to the InfoCenter for further information.

Permission:

      C:\Program Files\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices : Access denied (java.io.FilePermission C:\Program Files\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices read)

Code:

     org.apache.axis2.scripting.ScriptRepositoryListener$1  in  {file:/C:/Program Files/IBM/SDP/runtimes/base_v7/profiles/was70profile1/temp/AMSCNT0009Node01/server1/app/appAxis2-3.5.2.war/_axis2/axis23638axis2-scripting-1.4.mar}


Stack Trace:

java.security.AccessControlException: Access denied (java.io.FilePermission C:\Program Files\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices read)
    at java.lang.Throwable.<init>(Throwable.java:67)
    at java.security.AccessControlException.<init>(Unknown Source)
    at java.security.AccessController.checkPermission(AccessController.java:108)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:210)
    at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
    at java.io.File.list(File.java:982)
    at java.io.File.listFiles(File.java:1062)
    at org.apache.axis2.scripting.ScriptRepositoryListener$1.run(ScriptRepositoryListener.java:47)
    at java.security.AccessController.doPrivileged(AccessController.java:202)
    at org.apache.axis2.java.security.AccessController.doPrivileged(AccessController.java:78)
    at org.apache.axis2.scripting.ScriptRepositoryListener.findServicesInDirectory(ScriptRepositoryListener.java:45)
    at org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:225)
    at org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngine.java:131)

我已经尝试过修改axis2 1.4源代码,用下面的补丁替换axis2-kernel.jar和axis2-cripting-1.4.mar:

https://issues.apache.org/jira/browse/AXIS2-3816

我还尝试过更改axis2源代码,方法是选择一个与WEB\scriptServices不同的文件夹,但是AccessControlException仍然保留在新文件夹中。

如果有人对如何解决这个问题有一个提示,那将是非常感谢的。提前感谢!

security
websphere
axis
policyfiles
java
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2012-03-13 15:30:52

我发现唯一的解决方案是从模块文件夹中删除脚本-xxx.mar。Axis2 1.5附带了ScriptRepositoryListener类中的doPrivileged()方法,但它也不起作用。

票数 1
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/9621634

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档