0 Replies Latest reply on Sep 17, 2013 7:55 PM by A L

    Security Manager Help

    A L Newbie

      Hi,

       

      Hopefully, I've found the right place for this.  I wasn't able to find another discussion that talked about the same thing.

       

      I'm stuck trying to enable the Java Security Manager.  I'm trying to run JBoss 7.2.0 through TorqueBox 3.0.0.

       

      I've removed all the deploy/knob YML files in the standalone/deployments folder so the stack trace should only show errors relating to booting up JBoss/Torquebox.

       

      I've turned on the Security Manager and have been adding permissions to the policy file to get to the next access denied error when Torquebox/JBoss is booting up.  But I'm finally stuck on the following access denied message:

      Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "jar:file:\Z:\myfolder\torquebox-3.0.0\jboss\modules\system\layers\base\org\jboss\jts\main\jbossjta-4.16.6.Final.jar!\default-jbossts-properties.xml" "read")

       

      Here's the snippet of the log when I have Security Manager on and grant all permissions:

      12:40:35,466 INFO  [org.jboss.as.naming] (MSC service thread 1-2) JBAS011802: Starting Naming Service

      12:40:35,497 INFO  [org.jboss.as.connector.logging] (MSC service thread 1-7) JBAS010408: Starting JCA Subsystem (JBoss IronJacamar 1.0.15.Final)

      12:40:35,591 INFO  [org.torquebox.core.runtime] (pool-1-thread-1) Creating ruby runtime (ruby_version: RUBY1_9, compile_mode: JIT, context: global)

      12:40:35,809 INFO  [org.jboss.as.server.deployment.scanner] (MSC service thread 1-1) JBAS015012: Started FileSystemDeploymentService for directory Z:\myfolder\torquebox-3.0.0\jboss\standalone\deployments

      12:40:35,950 INFO  [org.jboss.as.remoting] (MSC service thread 1-4) JBAS017100: Listening on 127.0.0.1:4447

      12:40:35,950 INFO  [org.apache.coyote.http11] (MSC service thread 1-3) JBWEB003001: Coyote HTTP/1.1 initializing on : http-/127.0.0.1:8080

      12:40:35,950 INFO  [org.jboss.as.remoting] (MSC service thread 1-8) JBAS017100: Listening on 127.0.0.1:9999

      12:40:35,981 WARN  [org.jboss.as.messaging] (MSC service thread 1-1) JBAS011600: AIO wasn't located on this platform, it will fall back to using pure Java NIO. If your platform is Linux, install LibAIO to enable the AIO journal

      12:40:35,996 INFO  [org.apache.coyote.http11] (MSC service thread 1-3) JBWEB003000: Coyote HTTP/1.1 starting on: http-/127.0.0.1:8080

      12:40:36,074 INFO  [org.hornetq.core.server] (MSC service thread 1-1) HQ221001: live server is starting with configuration HornetQ Configuration (clustered=false,backup=false,sharedStore=true,journalDirectory=Z:\myfolder\torquebox-3.0.0\jboss\standalone\data\messagingjournal,bindingsDirectory=Z:\myfolder\torquebox-3.0.0\jboss\standalone\data\messagingbindings,largeMessagesDirectory=Z:\myfolder\torquebox-3.0.0\jboss\standalone\data\messaginglargemessages,pagingDirectory=Z:\myfolder\torquebox-3.0.0\jboss\standalone\data\messagingpaging)

      12:40:36,090 INFO  [org.hornetq.core.server] (MSC service thread 1-1) HQ221008: Waiting to obtain live lock

      12:40:36,090 INFO  [org.infinispan.factories.GlobalComponentRegistry] (ServerService Thread Pool -- 46) ISPN000128: Infinispan version: Infinispan 'Tactical Nuclear Penguin' 5.3.0.Final

      12:40:36,121 INFO  [org.hornetq.core.server] (MSC service thread 1-1) HQ221017: Using NIO Journal

      12:40:36,216 INFO  [org.hornetq.core.server] (MSC service thread 1-1) HQ221039: Waiting to obtain live lock

      12:40:36,216 INFO  [org.hornetq.core.server] (MSC service thread 1-1) HQ221040: Live Server Obtained live lock

       

      Here's the snippet of the log when I have Security Manager on and only granted the required permissions:

      11:53:26,010 INFO  [org.jboss.as.naming] (MSC service thread 1-4) JBAS011802: Starting Naming Service

      11:53:26,120 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 34) JBAS014612: Operation ("add") failed - address: ([("subsystem" => "transactions")]): java.lang.RuntimeException: java.lang.RuntimeException: unable to load properties from jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml

          at com.arjuna.common.internal.util.propertyservice.BeanPopulator.getNamedInstance(BeanPopulator.java:81)

          at com.arjuna.common.internal.util.propertyservice.BeanPopulator.getDefaultInstance(BeanPopulator.java:49)

          at com.arjuna.ats.arjuna.common.arjPropertyManager.getCoreEnvironmentBean(arjPropertyManager.java:45)

          at org.jboss.as.txn.service.CoreEnvironmentService.getValue(CoreEnvironmentService.java:59)

          at org.jboss.as.txn.service.CoreEnvironmentService.setProcessImplementation(CoreEnvironmentService.java:107)

          at org.jboss.as.txn.subsystem.TransactionSubsystemAdd.performCoreEnvironmentBootTime(TransactionSubsystemAdd.java:330)

          at org.jboss.as.txn.subsystem.TransactionSubsystemAdd.performBoottime(TransactionSubsystemAdd.java:175)

          at org.jboss.as.controller.AbstractBoottimeAddStepHandler.performRuntime(AbstractBoottimeAddStepHandler.java:57) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]

          at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:50) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]

          at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:440) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]

          at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:322) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]

          at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:229) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]

          at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:224) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]

          at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:322) [jboss-as-controller-7.2.x.slim.incremental.9.jar:7.2.x.slim.incremental.9]

          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [:1.7.0_25]

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [:1.7.0_25]

          at java.lang.Thread.run(Thread.java:724) [:1.7.0_25]

          at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.0.Final.jar:2.1.0.Final]

      Caused by: java.lang.RuntimeException: unable to load properties from jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml

          at com.arjuna.common.util.propertyservice.PropertiesFactory.getPropertiesFromFile(PropertiesFactory.java:110)

          at com.arjuna.common.util.propertyservice.PropertiesFactory.initDefaultProperties(PropertiesFactory.java:236)

          at com.arjuna.common.util.propertyservice.PropertiesFactory.getDefaultProperties(PropertiesFactory.java:66)

          at com.arjuna.common.internal.util.propertyservice.BeanPopulator.getNamedInstance(BeanPopulator.java:77)

          ... 17 more

      Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "jar:file:\Z:\myfolder\torquebox-3.0.0\jboss\modules\system\layers\base\org\jboss\jts\main\jbossjta-4.16.6.Final.jar!\default-jbossts-properties.xml" "read")

          at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) [:1.7.0_25]

          at java.security.AccessController.checkPermission(AccessController.java:559) [:1.7.0_25]

          at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [:1.7.0_25]

          at java.lang.SecurityManager.checkRead(SecurityManager.java:888) [:1.7.0_25]

          at java.io.File.exists(File.java:770) [:1.7.0_25]

          at com.arjuna.common.util.propertyservice.PropertiesFactory.loadFromFile(PropertiesFactory.java:137)

          at com.arjuna.common.util.propertyservice.PropertiesFactory.getPropertiesFromFile(PropertiesFactory.java:106)

          ... 20 more

       

      11:53:26,307 INFO  [org.apache.coyote.http11] (MSC service thread 1-3) JBWEB003001: Coyote HTTP/1.1 initializing on : http-/127.0.0.1:8080

      11:53:26,244 INFO  [org.torquebox.core.runtime] (pool-1-thread-1) Creating ruby runtime (ruby_version: RUBY1_9, compile_mode: JIT, context: global)

       

      I've tried adding the following variations to the policy file, but have not been able to get past this file access permission issue:

      grant {

           ...

          //permission java.io.FilePermission "jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read";

       

          //permission java.io.FilePermission  "file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/*", "read";

          //permission java.io.FilePermission  "Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/-", "read";

          //permission java.io.FilePermission  "Z:\\myfolder\\torquebox-3.0.0\\jboss\\modules\\system\\layers\\base\\org\\jboss\\jts\\main\\-", "read";

          //permission java.io.FilePermission  "Z:\\myfolder\\torquebox-3.0.0\\jboss\\-", "read";

       

          //permission java.io.FilePermission "jar:file:Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";

          //permission java.io.FilePermission "jar:file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";

          //permission java.io.FilePermission "jar:file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";

          //permission java.io.FilePermission "jar:file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";

       

       

          //permission java.io.FilePermission "jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";

          //permission java.io.FilePermission "jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";

          //permission java.io.FilePermission "jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";

          //permission java.io.FilePermission "jar:file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";

          //permission java.io.FilePermission "jar:file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";

          //permission java.io.FilePermission "jar:file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";

          //permission java.io.FilePermission "jar:file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";

       

          //permission java.io.FilePermission "jar:file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";

          //permission java.io.FilePermission "Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";

          //permission java.io.FilePermission "Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";

          //permission java.io.FilePermission "Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";

          //permission java.io.FilePermission "Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";

          //permission java.io.FilePermission "file:Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";

          //permission java.io.FilePermission "file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";

          //permission java.io.FilePermission "file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";

          //permission java.io.FilePermission "file:Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";

          //permission java.io.FilePermission "file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";

          //permission java.io.FilePermission "file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";

          //permission java.io.FilePermission "file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";

          //permission java.io.FilePermission "file:/Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";    

          //permission java.io.FilePermission "file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/-", "read, execute";

          //permission java.io.FilePermission "file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/*", "read, execute";

          //permission java.io.FilePermission "file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/-", "read, execute";

          //permission java.io.FilePermission "file:\Z:/myfolder/torquebox-3.0.0/jboss/modules/system/layers/base/org/jboss/jts/main/jbossjta-4.16.6.Final.jar!/default-jbossts-properties.xml", "read, execute";

      };

       

      Any ideas on what else I could try?  Or if there's any other information I can supply to help with the debugging?

       

      Thank you for your time!