users@glassfish.java.net

Re: per-application policy file not working

From: Felipe Gaścho <fgaucho_at_gmail.com>
Date: Thu, 7 Jan 2010 14:56:16 +0100

no, you don't.. but since your application is a ruby application not
deployied in GF, but running from outside.. this should be the
problem..

can you try to pack and deploy the application in Glassfish ? using
the GF ruby instead of an external one ?

- did you used the "update tool" for installing Ruby support in GF ?
(localhost:4848)

On Thu, Jan 7, 2010 at 2:53 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
> http://docs.sun.com/app/docs/doc/820-7695/beabz?a=view tells me
> there's also domains/domain1/generated/policy/application/granted.policy
> So that is what I'm after.
> Just trying to figure out why it doesn't work. I guess I need to
> enable this functionality somehow.
>
> 2010/1/7 Felipe Gaścho <fgaucho_at_gmail.com>:
>> there are two places you can configure that:
>>
>> the main server.policy
>> in the JVM security policy file..
>>
>> in either cases you need to restart the GF ..
>>
>> On Thu, Jan 7, 2010 at 2:47 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
>>> thanks, but I don't quite understand yet.
>>>
>>> where should I put this?
>>> I don't want to put this in the main server.policy file for 2 reasons:
>>> - I would need to restart the domain for it to take effect, causing
>>> other apps to be down for a few seconds.
>>> - I think the codebase "file:..." won't work for jruby apps, since
>>> (from glassfish's perspective) the running code is in "/opt/jruby"
>>> (interpreter itself) and not in '/srv/myapp' (where the ruby script
>>> files are)
>>>
>>> So I really want to use the per-application granted.policy solution somehow
>>>
>>> Thanks
>>> Mathijs
>>>
>>>
>>>
>>> 2010/1/7 Felipe Gaścho <fgaucho_at_gmail.com>:
>>>> like
>>>>
>>>> grant codeBase "file:~/your/folder/app/-" {
>>>> ...
>>>> }
>>>>
>>>> 2010/1/7 Felipe Gaścho <fgaucho_at_gmail.com>:
>>>>> you can point the rule directly to the application folder, doesn't
>>>>> matter if it is in a domain folder or not.....
>>>>>
>>>>> On Thu, Jan 7, 2010 at 2:33 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> I would like to grant some applications more permissions than others.
>>>>>> As described here
>>>>>> http://docs.sun.com/app/docs/doc/820-7695/beabz?a=view , this is
>>>>>> possible without creating a domain per application.
>>>>>>
>>>>>> I checked domains/domain1/generated/policy but there's no directory
>>>>>> for my app there.
>>>>>> I created it and created a granted.policy file in there containing:
>>>>>> grant {
>>>>>>    permission java.security.AllPermission;
>>>>>> };
>>>>>> just to check if my app will now be able to access stuff that I made
>>>>>> inaccessible in server.policy
>>>>>>
>>>>>> Nothing happens.
>>>>>> Not after restarting domain/redeploying either.
>>>>>>
>>>>>> Is there anything I need to enable to have per-app policy files?
>>>>>>
>>>>>> My app was deployed using directory deployment (jruby container),
>>>>>> maybe that influences stuff, since there's no directory for it in
>>>>>> domains/domain1/applications either.
>>>>>>
>>>>>> Thanks for any help.
>>>>>> Mathijs
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> ------------------------------------------
>>>>>   Felipe Gaścho
>>>>>   10+ Java Programmer
>>>>>   CEJUG Senior Advisor
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> ------------------------------------------
>>>>   Felipe Gaścho
>>>>   10+ Java Programmer
>>>>   CEJUG Senior Advisor
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>
>>
>>
>>
>> --
>> ------------------------------------------
>>   Felipe Gaścho
>>   10+ Java Programmer
>>   CEJUG Senior Advisor
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>



-- 
------------------------------------------
   Felipe Gaścho
   10+ Java Programmer
   CEJUG Senior Advisor