velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shinobu Kawai <shinobu.ka...@gmail.com>
Subject Re: Problem with J2EE security using Velocity in WebSphere
Date Thu, 10 Mar 2005 02:37:48 GMT
Hi Steve,

> I trying to run an application under WebSphere Application Server (WAS
> 5.0.2.8), and I'm encountering the following error:
> 
> [3/8/05 15:31:54:846 PST]  98ee681 SecurityManag W SECJ0314W: Current Java
> 2 Security policy reported a potential violation of Java 2 Security
> Permission. Please refer to Problem Determination Guide for further
> information.
> 
> Permission:
>      <all permissions> : access denied (java.security.AllPermission <all
> permissions> <all actions>)
> 
> Code:
>     org.apache.velocity.runtime.RuntimeInstance  in
> {file:/opt/WebSphere/AppServer/installedApps/margeNetwork/CommEnable.J2EE.ear/CommEnable.Web.war/WEB-INF/lib/velocity-dep.jar}
> 
> Stack Trace:
> java.security.AccessControlException: access denied
> (java.security.AllPermission <all permissions> <all actions>)

## snip

>        at
> com.ibm.ws.classloader.CompoundClassLoader.getResourceAsStream(CompoundClassLoader.java:564)
>        at
> org.apache.velocity.runtime.RuntimeInstance.setDefaultProperties(RuntimeInstance.java:295)

## snip

You might want to ask the IBM folks what permission needs to be
granted to call Class#getResourceAsStream from your webapp, because
that's what Velocity is calling.

> I can't grant AllPermissions for the entire application, and I've tried a
> variety of grants similar to the following:
> 
> grant codeBase "jar:file:
> ${app.installed.path}/CommEnable.Web.war/WEB-INF/lib/velocity-dep.jar!/" {
>  permission java.security.AllPermission;
> };
> 
> grant codeBase "file:
> ${app.installed.path}/CommEnable.Web.war/WEB-INF/lib/velocity-dep.jar" {
>  permission java.security.AllPermission;
> };
> 
> grant codeBase "file:${jars}" {
>  permission java.security.AllPermission;
> };
> 
> and none resolve the problem.
> 
> Anybody have an explanation for this?

Have you tried granting AllPermission?  Did it work?  If it didn't,
the problem must be elsewhere.  (Like, you're placing the policy file
in the wrong place.)

Best regards,
-- Shinobu

--
Shinobu Kawai <shinobu.kawai@gmail.com>

---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org


Mime
View raw message