users@glassfish.java.net

Re: manipulating server.policy after deployment

From: Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Wed, 15 Sep 2010 11:33:22 +0530

glassfish_at_javadesktop.org wrote:
> I have a question about server.policy and its permissions.
>
> We have deployed our EJB application in glassfish and after that we require to add a .class file that itself require a new permission to operate. When we add this new permission in granted.policy which is located in ${com.sun.aas.instanceRoot}/generated/policy/our-application/module1 it works perfectly. But because our application has about 14 module, we do not want to copy the same granted.polcy in each folder.
> One another solution as mentioned in http://docs.sun.com/app/docs/doc/820-4496/beabx?l=en&a=view is to change ${com.sun.aas.instanceRoot}/config/server.policy file to have that permission. It's also allowable to use wildcard character (-) to address a sepcial directory and all its files and subdirectories in security.policy.
> After doing that, it's expected to work after restarting our domain.
> But, I've tried every path with its wildcard characters, but it didn't work.
> Although it looks very simple method, I still have no idea either any other action is required or any security problem in reading security.policy file? (I set permission as 777)
> Please give any idea you think can be helpful,
>
It should work. Not sure why you are seeing a problem. Infact by
putting permissions such as AllPermission in server.policy you can
override what is present in granted.policy (which is ofcourse dangerous).

The following might be useful to you :
http://blogs.sun.com/monzillo/entry/policy_files_the_securitymanager_and
> Thanks in advance,
> Nasser Fard
> [Message sent by forum member 'nasseria']
>
> http://forums.java.net/jive/thread.jspa?messageID=482789
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>