0 Replies Latest reply on May 10, 2016 5:29 AM by Adrian Boangiu

    JBoss7.1.1 and Java7 Security Manager problem

    Adrian Boangiu Newbie

      Hello,

       

      We have an application that has been developed using Oracle ADF and, over the last 10 years, was deployed successfully for several hundreds of clients on JBoss 4, JBoss 6 and JBoss 7 using Java security manager and policy files. The actual version of JBoss 7 is 7.1.1 Final and uses JDK 1.6.0_38.

      We have migrated the ADF libraries to a more recent version and we were obliged to switch to Java7 (we took the last public release, namely 1.7.0_80). When I try to “migrate” the policy file I am confronted to the following problem:

      • Using -Djava.security.debug=access,failure I can find the domains that failed access checks. On a Windows platform, they are of the form
        • vfs:/D:/somepath/jboss-as-7.1.1.Final/standalone/deployments/somefile.war/WEB-INF/classes or
        • vfs:/D:/somepath/jboss-as-7.1.1.Final/standalone/deployments/somefile.war/WEB-INF/lib/somefile.jar
      • Declaring codebases like:
        1. file:${someapp.home.dir}/deployments/somefile.war/WEB-INF/classes
        2. file:${someapp.home.dir}/deployments/somefile.war/WEB-INF/lib
        3. file:${someapp.home.dir}/deployments/somefile.war

      in the policy file with whatever characters at the end (/, /* or /-) does not help since it seems that they are not considered when checking the access rights

      • The only way to advance was to give the rights to all the codebases

           grant {

                ...

           };

      But this is unacceptable since actually the policy file is very fine grained.

      In the article “JBoss AS7: Security : Running under a Java Security Manager” (https://developer.jboss.org/wiki/JBossAS7SecurityRunningUnderAJavaSecurityManager) I found the beginning of a discussion on the same problem (but no solution).

      Does someone know if the problem is specific to Java7 and what can be done in this case?

       

      Thank you for your help

       

      Adrian Boangiu