users@glassfish.java.net

Re: per-application policy file not working

From: Mathijs Kwik <bluescreen303_at_gmail.com>
Date: Thu, 7 Jan 2010 15:45:34 +0100

Ok, switched to jruby from glassfish's update tool.

Same behaviour.

So probably the new "directory deployment" is not suitable for
per-application policy.

Will check warbler now to deploy inside glassfish itself.
This is a bit of a step backwards, since I will lose stuff like
migrations and local file storage which I will need to work around :(

will keep you informed

2010/1/7 Felipe Gaúcho <fgaucho_at_gmail.com>:
> no, you don't.. but since your application is a ruby application not
> deployied in GF, but running from outside.. this should be the
> problem..
>
> can you try to pack and deploy the application in Glassfish ? using
> the GF ruby instead of an external one ?
>
> - did you used the "update tool" for installing Ruby support in GF ?
> (localhost:4848)
>
> On Thu, Jan 7, 2010 at 2:53 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
>> http://docs.sun.com/app/docs/doc/820-7695/beabz?a=view tells me
>> there's also domains/domain1/generated/policy/application/granted.policy
>> So that is what I'm after.
>> Just trying to figure out why it doesn't work. I guess I need to
>> enable this functionality somehow.
>>
>> 2010/1/7 Felipe Gaúcho <fgaucho_at_gmail.com>:
>>> there are two places you can configure that:
>>>
>>> the main server.policy
>>> in the JVM security policy file..
>>>
>>> in either cases you need to restart the GF ..
>>>
>>> On Thu, Jan 7, 2010 at 2:47 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
>>>> thanks, but I don't quite understand yet.
>>>>
>>>> where should I put this?
>>>> I don't want to put this in the main server.policy file for 2 reasons:
>>>> - I would need to restart the domain for it to take effect, causing
>>>> other apps to be down for a few seconds.
>>>> - I think the codebase "file:..." won't work for jruby apps, since
>>>> (from glassfish's perspective) the running code is in "/opt/jruby"
>>>> (interpreter itself) and not in '/srv/myapp' (where the ruby script
>>>> files are)
>>>>
>>>> So I really want to use the per-application granted.policy solution somehow
>>>>
>>>> Thanks
>>>> Mathijs
>>>>
>>>>
>>>>
>>>> 2010/1/7 Felipe Gaúcho <fgaucho_at_gmail.com>:
>>>>> like
>>>>>
>>>>> grant codeBase "file:~/your/folder/app/-" {
>>>>> ...
>>>>> }
>>>>>
>>>>> 2010/1/7 Felipe Gaúcho <fgaucho_at_gmail.com>:
>>>>>> you can point the rule directly to the application folder, doesn't
>>>>>> matter if it is in a domain folder or not.....
>>>>>>
>>>>>> On Thu, Jan 7, 2010 at 2:33 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I would like to grant some applications more permissions than others.
>>>>>>> As described here
>>>>>>> http://docs.sun.com/app/docs/doc/820-7695/beabz?a=view , this is
>>>>>>> possible without creating a domain per application.
>>>>>>>
>>>>>>> I checked domains/domain1/generated/policy but there's no directory
>>>>>>> for my app there.
>>>>>>> I created it and created a granted.policy file in there containing:
>>>>>>> grant {
>>>>>>>    permission java.security.AllPermission;
>>>>>>> };
>>>>>>> just to check if my app will now be able to access stuff that I made
>>>>>>> inaccessible in server.policy
>>>>>>>
>>>>>>> Nothing happens.
>>>>>>> Not after restarting domain/redeploying either.
>>>>>>>
>>>>>>> Is there anything I need to enable to have per-app policy files?
>>>>>>>
>>>>>>> My app was deployed using directory deployment (jruby container),
>>>>>>> maybe that influences stuff, since there's no directory for it in
>>>>>>> domains/domain1/applications either.
>>>>>>>
>>>>>>> Thanks for any help.
>>>>>>> Mathijs
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> ------------------------------------------
>>>>>>   Felipe Gaúcho
>>>>>>   10+ Java Programmer
>>>>>>   CEJUG Senior Advisor
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> ------------------------------------------
>>>>>   Felipe Gaúcho
>>>>>   10+ Java Programmer
>>>>>   CEJUG Senior Advisor
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> ------------------------------------------
>>>   Felipe Gaúcho
>>>   10+ Java Programmer
>>>   CEJUG Senior Advisor
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>
>
>
> --
> ------------------------------------------
>   Felipe Gaúcho
>   10+ Java Programmer
>   CEJUG Senior Advisor
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>