JeanFrancois,
many of the grants in server.policy are made to codesources that are
defind using system properties.
for example,
grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {
grant codeBase "file:${com.sun.aas.jdmkHome}/lib/-" {
grant codeBase "file:${com.sun.aas.mfwkHome}/lib/mfwk_instrum_tk.jar" {
grant codeBase "file:${com.sun.aas.webconsoleLib}/cc.jar" {
grant codeBase "file:${com.sun.aas.jatoRoot}/jato.jar" {
grant codeBase "file:${com.sun.aas.instanceRoot}/jbi/-" {
grant codeBase "file:${com.sun.aas.imqLib}/-" {
grant codeBase "file:${com.sun.aas.antLib}/-" {
grant codeBase "file:${com.sun.aas.derbyRoot}/lib/-" {
grant codeBase "file:${com.sun.aas.pointbaseRoot}/lib/-" {
grant codeBase "file:${com.sun.aas.webServicesLib}/-" {
grant codeBase "file:${j2ee.appverification.home}/lib/-" {
grant codeBase "file:${com.sun.aas.hadbRoot}/lib/-" {
grant codeBase "file:${com.sun.aas.javaRoot}/lib/tools.jar" {
these system properties must be defined at the time the policy file is
read, in order for the grants to be made to the proper code.
in your case, I think that would mean that these properties would need
to be defined on the command line. I am not sure, but it would likely be
sufficient to define the following properties
-Dcom.sun.aas.installRoot=
-Dcom.sun.aas.instanceRoot=
Ron
ps: the servr.policy will be read again later in the startup, at which
time hopefully all of the properties will b defined. fwiw, an altrnative
would be to rewrite server.policy, substituting the installation spcific
values for the system properties.
Jeanfrancois Arcand wrote:
>
>
> Ron Monzillo wrote:
>
>> the access check is occuring before the server.policy file has been
>> internalized. Iow, using -Djava.security.manager activates the
>> security manager before the location of the server.policy file has
>> been established for use by the policy subsysterm. Try adding
>>
>> -Djava.security.policy=<policy file url> to the command line.
>>
>> java -Djava.security.manager -Djava.security.policy=<url for
>> server.policy> -jar /v3/modules/glassfish.jar
>
>
> Thanks. I did try and got:
>
>> java -jar -Djava.security.manager
>> -Djava.security.policy=domains/domain1/config/server.policy -jar
>> modules/glassfish.jar Exception in thread "main"
>> java.security.AccessControlException: access denied
>> (java.lang.RuntimePermission getenv.GlassFish_Platform)
>> at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>
>> at
>> java.security.AccessController.checkPermission(AccessController.java:546)
>> at
>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>> at java.lang.System.getenv(System.java:846)
>> at
>> com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:59)
>
>
> A+
>
> -- Jeanfrancois
>
>>
>> (for more details) see Specifying an Additional Policy File at Runtime
>> in http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html
>>
>> Ron
>> Jeanfrancois Arcand wrote:
>>
>>> Salut,
>>>
>>> it this expected:
>>>
>>>> java -Djava.security.manager -jar /v3/modules/glassfish.jar
>>>> Exception in thread "main" java.security.AccessControlException:
>>>> access denied (java.util.PropertyPermission java.class.path read)
>>>> at
>>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>>>
>>>> at
>>>> java.security.AccessController.checkPermission(AccessController.java:546)
>>>>
>>>> at
>>>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>>> at
>>>> java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
>>>>
>>>> at java.lang.System.getProperty(System.java:669)
>>>> at
>>>> com.sun.enterprise.glassfish.bootstrap.ASMain.addRawStartupInfo(ASMain.java:143)
>>>>
>>>> at
>>>> com.sun.enterprise.glassfish.bootstrap.ASMain.setStartupContextProperties(ASMain.java:110)
>>>>
>>>> at
>>>> com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:52)
>>>
>>>
>>>
>>> I would think not but maybe starting using -jar + security manager is
>>> not supported?
>>>
>>> A+
>>>
>>> -- Jeanfrancois
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>