Security Manager Help
alininja Sep 17, 2013 7:55 PMHi,
Hopefully, I've found the right place for this. I wasn't able to find another discussion that talked about the same thing.
I'm stuck trying to enable the Java Security Manager. I'm trying to run JBoss 7.2.0 through TorqueBox 3.0.0.
I've removed all the deploy/knob YML files in the standalone/deployments folder so the stack trace should only show errors relating to booting up JBoss/Torquebox.
I've turned on the Security Manager and have been adding permissions to the policy file to get to the next access denied error when Torquebox/JBoss is booting up. But I'm finally stuck on the following access denied message:
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "jar:file:\Z:\myfolder\torquebox-3.0.0\jboss\modules\system\layers\base\org\jboss\jts\main\jbossjta-4.16.6.Final.jar!\default-jbossts-properties.xml" "read")
Here's the snippet of the log when I have Security Manager on and grant all permissions:
12:40:35,466 INFO [org.jboss.as.naming] (MSC service thread 1-2) JBAS011802: Starting Naming Service
12:40:35,497 INFO [org.jboss.as.connector.logging] (MSC service thread 1-7) JBAS010408: Starting JCA Subsystem (JBoss IronJacamar 1.0.15.Final)
12:40:35,591 INFO [org.torquebox.core.runtime] (pool-1-thread-1) Creating ruby runtime (ruby_version: RUBY1_9, compile_mode: JIT, context: global)
12:40:35,809 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-1) JBAS015012: Started FileSystemDeploymentService for directory Z:\myfolder\torquebox-3.0.0\jboss\standalone\deployments
12:40:35,950 INFO [org.jboss.as.remoting] (MSC service thread 1-4) JBAS017100: Listening on 127.0.0.1:4447
12:40:35,950 INFO [org.apache.coyote.http11] (MSC service thread 1-3) JBWEB003001: Coyote HTTP/1.1 initializing on : http-/127.0.0.1:8080
12:40:35,950 INFO [org.jboss.as.remoting] (MSC service thread 1-8) JBAS017100: Listening on 127.0.0.1:9999
12:40:35,981 WARN [org.jboss.as.messaging] (MSC service thread 1-1) JBAS011600: AIO wasn't located on this platform, it will fall back to using pure Java NIO. If your platform is Linux, install LibAIO to enable the AIO journal
12:40:35,996 INFO [org.apache.coyote.http11] (MSC service thread 1-3) JBWEB003000: Coyote HTTP/1.1 starting on: http-/127.0.0.1:8080
12:40:36,074 INFO [org.hornetq.core.server] (MSC service thread 1-1) HQ221001: live server is starting with configuration HornetQ Configuration (clustered=false,backup=false,sharedStore=true,journalDirectory=Z:\myfolder\torquebox-3.0.0\jboss\standalone\data\messagingjournal,bindingsDirectory=Z:\myfolder\torquebox-3.0.0\jboss\standalone\data\messagingbindings,largeMessagesDirectory=Z:\myfolder\torquebox-3.0.0\jboss\standalone\data\messaginglargemessages,pagingDirectory=Z:\myfolder\torquebox-3.0.0\jboss\standalone\data\messagingpaging)
12:40:36,090 INFO [org.hornetq.core.server] (MSC service thread 1-1) HQ221008: Waiting to obtain live lock
12:40:36,090 INFO [org.infinispan.factories.GlobalComponentRegistry] (ServerService Thread Pool -- 46) ISPN000128: Infinispan version: Infinispan 'Tactical Nuclear Penguin' 5.3.0.Final
12:40:36,121 INFO [org.hornetq.core.server] (MSC service thread 1-1) HQ221017: Using NIO Journal
12:40:36,216 INFO [org.hornetq.core.server] (MSC service thread 1-1) HQ221039: Waiting to obtain live lock
12:40:36,216 INFO [org.hornetq.core.server] (MSC service thread 1-1) HQ221040: Live Server Obtained live lock
Here's the snippet of the log when I have Security Manager on and only granted the required permissions:
11:53:26,010 INFO [org.jboss.as.naming] (MSC service thread 1-4) JBAS011802: Starting Naming Service
11:53:26,120 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 34) JBAS014612: Operation ("add") failed - address: ([("subsystem" => "transactions")]): java.lang.RuntimeException: java.lang.RuntimeException: unable to load properties from jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml
at com.arjuna.common.internal.util.propertyservice.BeanPopulator.getNamedInstance(BeanPopulator.java:81)
at com.arjuna.common.internal.util.propertyservice.BeanPopulator.getDefaultInstance(BeanPopulator.java:49)
at com.arjuna.ats.arjuna.common.arjPropertyManager.getCoreEnvironmentBean(arjPropertyManager.java:45)
at org.jboss.as.txn.service.CoreEnvironmentService.getValue(CoreEnvironmentService.java:59)
at org.jboss.as.txn.service.CoreEnvironmentService.setProcessImplementation(CoreEnvironmentService.java:107)
at org.jboss.as.txn.subsystem.TransactionSubsystemAdd.performCoreEnvironmentBootTime(TransactionSubsystemAdd.java:330)
at org.jboss.as.txn.subsystem.TransactionSubsystemAdd.performBoottime(TransactionSubsystemAdd.java:175)
at org.jboss.as.controller.AbstractBoottimeAddStepHandler.performRuntime(AbstractBoottimeAddStepHandler.java:57) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]
at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:50) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:440) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:322) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]
at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:229) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]
at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:224) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]
at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:322) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [:1.7.0_25]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [:1.7.0_25]
at java.lang.Thread.run(Thread.java:724) [:1.7.0_25]
at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.0.Final.jar:2.1.0.Final]
Caused by: java.lang.RuntimeException: unable to load properties from jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml
at com.arjuna.common.util.propertyservice.PropertiesFactory.getPropertiesFromFile(PropertiesFactory.java:110)
at com.arjuna.common.util.propertyservice.PropertiesFactory.initDefaultProperties(PropertiesFactory.java:236)
at com.arjuna.common.util.propertyservice.PropertiesFactory.getDefaultProperties(PropertiesFactory.java:66)
at com.arjuna.common.internal.util.propertyservice.BeanPopulator.getNamedInstance(BeanPopulator.java:77)
... 17 more
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "jar:file:\Z:\myfolder\torquebox-3.0.0\jboss\modules\system\layers\base\org\jboss\jts\main\jbossjta-4.16.6.Final.jar!\default-jbossts-properties.xml" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) [:1.7.0_25]
at java.security.AccessController.checkPermission(AccessController.java:559) [:1.7.0_25]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [:1.7.0_25]
at java.lang.SecurityManager.checkRead(SecurityManager.java:888) [:1.7.0_25]
at java.io.File.exists(File.java:770) [:1.7.0_25]
at com.arjuna.common.util.propertyservice.PropertiesFactory.loadFromFile(PropertiesFactory.java:137)
at com.arjuna.common.util.propertyservice.PropertiesFactory.getPropertiesFromFile(PropertiesFactory.java:106)
... 20 more
11:53:26,307 INFO [org.apache.coyote.http11] (MSC service thread 1-3) JBWEB003001: Coyote HTTP/1.1 initializing on : http-/127.0.0.1:8080
11:53:26,244 INFO [org.torquebox.core.runtime] (pool-1-thread-1) Creating ruby runtime (ruby_version: RUBY1_9, compile_mode: JIT, context: global)
I've tried adding the following variations to the policy file, but have not been able to get past this file access permission issue:
grant {
...
//permission java.io.FilePermission "jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read";
//permission java.io.FilePermission "file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/*", "read";
//permission java.io.FilePermission "Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/-", "read";
//permission java.io.FilePermission "Z:\\myfolder\\torquebox-3.0.0\\jboss\\modules\\system\\layers\\base\\org\\jboss\\jts\\main\\-", "read";
//permission java.io.FilePermission "Z:\\myfolder\\torquebox-3.0.0\\jboss\\-", "read";
//permission java.io.FilePermission "jar:file:Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";
//permission java.io.FilePermission "jar:file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";
//permission java.io.FilePermission "jar:file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";
//permission java.io.FilePermission "jar:file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";
//permission java.io.FilePermission "jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";
//permission java.io.FilePermission "jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";
//permission java.io.FilePermission "jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";
//permission java.io.FilePermission "jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";
//permission java.io.FilePermission "jar:file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";
//permission java.io.FilePermission "jar:file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";
//permission java.io.FilePermission "jar:file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";
//permission java.io.FilePermission "jar:file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";
//permission java.io.FilePermission "Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";
//permission java.io.FilePermission "Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";
//permission java.io.FilePermission "Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";
//permission java.io.FilePermission "Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";
//permission java.io.FilePermission "file:Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";
//permission java.io.FilePermission "file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";
//permission java.io.FilePermission "file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";
//permission java.io.FilePermission "file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";
//permission java.io.FilePermission "file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";
//permission java.io.FilePermission "file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";
//permission java.io.FilePermission "file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";
//permission java.io.FilePermission "file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";
//permission java.io.FilePermission "file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";
//permission java.io.FilePermission "file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";
//permission java.io.FilePermission "file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";
//permission java.io.FilePermission "file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";
};
Any ideas on what else I could try? Or if there's any other information I can supply to help with the debugging?
Thank you for your time!