4 Replies Latest reply on May 14, 2010 1:42 PM by munimanjunath

    MBeanTrustPermission Error

    dinosaur_jr
    dinosaur_jr May 6, 2005 6:00 AM

      I tried to add the bea weblogic jndi namespace to the jndi namespace of my JBoss 4.0.2 server as external context for latter access of bea's jms queues. according to the documentation I tried this by deploying the following extjndi-service.xml within JBoss.

      <server>
<classpath codebase="../" archives="wlclient.jar"/>
<mbean code="org.jboss.naming.ExternalContext"
 name="jboss.jndi:service=ExternalContext,jndiName=external/Bea">
 <attribute name="JndiName">external/Bea</attribute>
 <attribute name="CacheContext">true</attribute>
 <attribute name="Properties">
 java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
 java.naming.provider.url=t3://localhost:7001
 java.naming.factory.url.pkgs=org.jnp.interfaces
 </attribute>
 <attribute name="InitialContext">javax.naming.InitialContext</attribute>
 <attribute name="RemoteAccess">true</attribute>
</mbean>
</server>


      but when I try to even start the jmx console on localhost to test the deployment with JNDIView I get the following error output: 

      2005-05-06 10:41:17,240 ERROR [org.apache.commons.modeler.Registry] Error registering jboss.web:name=HttpRequest1,type=RequestProcessor,worker=http-0.0.0.0-8080
java.lang.SecurityException: MBeanTrustPermission(register) not implied by protection domain of mbean class: org.apache.commons.modeler.BaseModelMBean, pd: ProtectionDomain (file:/C:/work/jboss4_02/server/default/tmp/deploy/tmp21882commons-modeler.jar <no certificates>)
 org.jboss.mx.loading.UnifiedClassLoader3@16504fa{ url=file:/C:/work/jboss4_02/server/default/deploy/jbossweb-tomcat55.sar/ ,addedOrder=10}
 <no principals>
 java.security.Permissions@1767553 (
 (java.io.FilePermission C:\work\jboss4_02\server\default\tmp\deploy\tmp21882commons-modeler.jar read)
 (java.io.FilePermission C:\work\jboss4_02\server\default\deploy\jbossweb-tomcat55.sar read)
...


      Any idea how I can get rid of that error and to federate the remote jndi namespace into jboss's jndi namespace? any information pointing me in the right direction is welcomed.

      regards,
      chris

      • 13413 Views
      • Tags:
        • 1. Re: MBeanTrustPermission Error
          starksm64
          starksm64 May 6, 2005 11:19 AM (in response to dinosaur_jr)

          You need to fix your security policy. If your not explicitly setting up a security manager, I have heard that some weblogic components do this under the covers so find out how to disable it from weblogic.

            • Actions
          • 2. Re: MBeanTrustPermission Error
            dinosaur_jr
            dinosaur_jr May 9, 2005 11:20 AM (in response to dinosaur_jr)

            as far as I can see a security manager is running. also when I try to explicit activate the security manager according to the server guide within the run.bat I get an exception which means that there's already one running. the server.policy file grants permission to everything.

            ...
2005-05-09 16:53:55,791 DEBUG [org.jboss.system.ServiceController] starting service jboss.security:service=JaasSecurityManager
2005-05-09 16:53:55,791 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Starting jboss.security:service=JaasSecurityManager
2005-05-09 16:53:56,191 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] securityMgrCtxPath=java:/jaas
2005-05-09 16:53:56,211 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] cachePolicyCtxPath=java:/timedCacheFactory
2005-05-09 16:53:56,221 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] SecurityProxyFactory=org.jboss.security.SubjectSecurityProxyFactory@6a3960
2005-05-09 16:53:56,251 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Started jboss.security:service=JaasSecurityManager
...


            nevertheless I'm going to check my bea weblogic environment.
            ... any other ideas what could have went wrong?

            is there anything I have to add to the descriptors of the jmx-console xmbean?

            in the meantime I made the following changes to the login-config.xml 
            ...
<application-policy name = "jmx-console">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag = "required">
 <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
 <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
 <module-option name="unauthenticatedIdentity">nobody</module-option>
 </login-module>
 </authentication>
 </application-policy>
...
<application-policy name = "other">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag = "required" >
 <module-option name="unauthenticatedIdentity">nobody</module-option>
 </login-module>
 </authentication>
 </application-policy>
...


            and within extjndi-service.xml I changed the "attributes" into: 
            ...
<attribute name="Properties">
 java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
 java.naming.provider.url=t3://localhost:7001
 java.naming.security.principal=nobody
 java.naming.security.authentication=simple
 java.naming.security.credentials=weblogic
 </attribute>
...

            I also changed the jmx-console-roles.properties to 
            admin=JBossAdmin,HttpInvoker,nobody

            and jmx-console-users.properties to 
            admin=admin,nobody

            to be sure, that "everthing" has permission granted,
            but without success. the errormessage is still the same.

            regards,
            chris



              • Actions
            • 3. Re: MBeanTrustPermission Error
              starksm64
              starksm64 Oct 15, 2005 8:35 AM (in response to dinosaur_jr)

              The log messages are for the jboss j2ee security service. This is not a java2 security manager, and the configuration files you show have nothing to do with configuration a java2 security manager. Most likely you are running into the problem of the weblogic client libraries installing a java2 security manager. Either figure out how to disable this behavior or look into configuring a java2 security manager policy. Chapter 8.6 of the admin guide is a starting point.

              http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html

                • Actions
              • 4. Re: MBeanTrustPermission Error
                munimanjunath
                munimanjunath May 14, 2010 1:42 PM (in response to dinosaur_jr)

                I solved this issue by adding the below permission in the  java security policy file

                 

                \jre\lib\security\java.policy  file

                 

                 

                grant {
                permission javax.management.MBeanTrustPermission "register";
                };

                  • Actions