2 Replies Latest reply on Dec 1, 2005 9:40 PM by rmerry72

SecurityExcetion deploying AS 3.2 app in AS 4.0.2

rmerry72 Oct 14, 2005 12:28 AM

Hi,

I've been working on moving from JBoss AS 3.2.5 to 4.0.2. I have three apps , all with a web tier and EJB tier. All are secured with JAAS requiring a user to login in order to access. No problems running under 3.2.5.

Depoying these apps under 4.0.2 yields the following expcetion:
java.lang.SecurityException: MBeanTrustPermission(register) not implied by protection domain of mbean
at org.jboss.mx.server.MBeanServerImpl.registerMBean(MBeanServerImpl.java:1383)
at org.jboss.mx.server.MBeanServerImpl.registerMBean(MBeanServerImpl.java:361)
at org.apache.commons.modeler.Registry.registerComponent(Registry.java:871)

I can't find any reference in the doco or forums on this, though MBeanServerImpl clearly has a check.

I'm figuring this has something to do with the new JACC spec used in 4.0.2. I'm not familiar with policy files or such low-level permissions in general.

Any ideas please?
Rick

1. Re: SecurityExcetion deploying AS 3.2 app in AS 4.0.2

starksm64 Oct 14, 2005 2:20 AM (in response to rmerry72)

This has nothing to do with JACC. You have to be running with a security manager to see this type of error. If you not comfortable configuration the jvm security policy, don't run with a security manager. If you need to run with a security manager you should understand how to configure the security policy or else its doubtful that your securing what your supposed to.
Actions
2. Re: SecurityExcetion deploying AS 3.2 app in AS 4.0.2

rmerry72 Dec 1, 2005 9:40 PM (in response to rmerry72)

Quite right Scott.

I was inadvertantly setting a "grant all" security manager in one of my common libraries so that my app could be downloaded with webstart as a secure application.

Removing that fixed the problem. I now only invoke the security manager with WebStart and RMI apps.

Ta,
Rick
Actions

Go to original post