I moved to warble-based deployment.
took some time to get policies working again.
Now the generated/policy/appname/granted.policy exists.
Adding app-specific permissions work.
Only problem is... I have to restart the domain for them to become effective.
Is it possible to do this without restarting?
Is it possible to put those permissions in web.xml (or other file
embedded in the .war)?
Thanks
Mathijs
On Thu, Jan 7, 2010 at 3:45 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
> Ok, switched to jruby from glassfish's update tool.
>
> Same behaviour.
>
> So probably the new "directory deployment" is not suitable for
> per-application policy.
>
> Will check warbler now to deploy inside glassfish itself.
> This is a bit of a step backwards, since I will lose stuff like
> migrations and local file storage which I will need to work around :(
>
> will keep you informed
>
> 2010/1/7 Felipe Gaúcho <fgaucho_at_gmail.com>:
>> no, you don't.. but since your application is a ruby application not
>> deployied in GF, but running from outside.. this should be the
>> problem..
>>
>> can you try to pack and deploy the application in Glassfish ? using
>> the GF ruby instead of an external one ?
>>
>> - did you used the "update tool" for installing Ruby support in GF ?
>> (localhost:4848)
>>
>> On Thu, Jan 7, 2010 at 2:53 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
>>> http://docs.sun.com/app/docs/doc/820-7695/beabz?a=view tells me
>>> there's also domains/domain1/generated/policy/application/granted.policy
>>> So that is what I'm after.
>>> Just trying to figure out why it doesn't work. I guess I need to
>>> enable this functionality somehow.
>>>
>>> 2010/1/7 Felipe Gaúcho <fgaucho_at_gmail.com>:
>>>> there are two places you can configure that:
>>>>
>>>> the main server.policy
>>>> in the JVM security policy file..
>>>>
>>>> in either cases you need to restart the GF ..
>>>>
>>>> On Thu, Jan 7, 2010 at 2:47 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
>>>>> thanks, but I don't quite understand yet.
>>>>>
>>>>> where should I put this?
>>>>> I don't want to put this in the main server.policy file for 2 reasons:
>>>>> - I would need to restart the domain for it to take effect, causing
>>>>> other apps to be down for a few seconds.
>>>>> - I think the codebase "file:..." won't work for jruby apps, since
>>>>> (from glassfish's perspective) the running code is in "/opt/jruby"
>>>>> (interpreter itself) and not in '/srv/myapp' (where the ruby script
>>>>> files are)
>>>>>
>>>>> So I really want to use the per-application granted.policy solution somehow
>>>>>
>>>>> Thanks
>>>>> Mathijs
>>>>>
>>>>>
>>>>>
>>>>> 2010/1/7 Felipe Gaúcho <fgaucho_at_gmail.com>:
>>>>>> like
>>>>>>
>>>>>> grant codeBase "file:~/your/folder/app/-" {
>>>>>> ...
>>>>>> }
>>>>>>
>>>>>> 2010/1/7 Felipe Gaúcho <fgaucho_at_gmail.com>:
>>>>>>> you can point the rule directly to the application folder, doesn't
>>>>>>> matter if it is in a domain folder or not.....
>>>>>>>
>>>>>>> On Thu, Jan 7, 2010 at 2:33 PM, Mathijs Kwik <bluescreen303_at_gmail.com> wrote:
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> I would like to grant some applications more permissions than others.
>>>>>>>> As described here
>>>>>>>> http://docs.sun.com/app/docs/doc/820-7695/beabz?a=view , this is
>>>>>>>> possible without creating a domain per application.
>>>>>>>>
>>>>>>>> I checked domains/domain1/generated/policy but there's no directory
>>>>>>>> for my app there.
>>>>>>>> I created it and created a granted.policy file in there containing:
>>>>>>>> grant {
>>>>>>>> permission java.security.AllPermission;
>>>>>>>> };
>>>>>>>> just to check if my app will now be able to access stuff that I made
>>>>>>>> inaccessible in server.policy
>>>>>>>>
>>>>>>>> Nothing happens.
>>>>>>>> Not after restarting domain/redeploying either.
>>>>>>>>
>>>>>>>> Is there anything I need to enable to have per-app policy files?
>>>>>>>>
>>>>>>>> My app was deployed using directory deployment (jruby container),
>>>>>>>> maybe that influences stuff, since there's no directory for it in
>>>>>>>> domains/domain1/applications either.
>>>>>>>>
>>>>>>>> Thanks for any help.
>>>>>>>> Mathijs
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> ------------------------------------------
>>>>>>> Felipe Gaúcho
>>>>>>> 10+ Java Programmer
>>>>>>> CEJUG Senior Advisor
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> ------------------------------------------
>>>>>> Felipe Gaúcho
>>>>>> 10+ Java Programmer
>>>>>> CEJUG Senior Advisor
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> ------------------------------------------
>>>> Felipe Gaúcho
>>>> 10+ Java Programmer
>>>> CEJUG Senior Advisor
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>
>>
>>
>>
>> --
>> ------------------------------------------
>> Felipe Gaúcho
>> 10+ Java Programmer
>> CEJUG Senior Advisor
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>