I wrote an Web Application MyApp for WAS 6.1. For configuration purpose it uses a .property file from the root directory
MyApp/myconfig.properties.
Although I added the was.policy file, if Java 2 security is enabled, I am getting the AccessControlException (stack trace follows)
java.security.AccessControlException: Access denied (java.io.FilePermission C:\IBM\WAS6.1\profiles\AppSrv01\installedApps\WDFD00220692ANode01Cell\MyAppEAR.ear\MyApp.war\myconfig.properties read)
at java.security.AccessController.checkPermission(AccessController.java:104)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
at java.lang.SecurityManager.checkRead(SecurityManager.java:886)
at java.io.File.exists(File.java:726)
at com.ibm.ws.webcontainer.webapp.WebApp.getResource(WebApp.java:2000)
at com.ibm.ws.webcontainer.webapp.WebApp.getResourceAsStream(WebApp.java:1936)
at com.ibm.ws.webcontainer.facade.ServletContextFacade.getResourceAsStream(ServletContextFacade.java:108)
...
The content of my was.policy file, located in the folder:
// Required to access the wssldProvider.properties file
grant codeBase "file:${application}" {
permission java.io.FilePermission "${app.installed.path}${/}MyApp.war${/}myconfig.properties",
"read,write";
permission java.io.FilePermission " ", "read";
permission java.util.PropertyPermission "*", "read";
};
grant codeBase "file:${webComponent}" {
permission java.io.FilePermission "${was.module.path}${/}-", "read, write";
permission java.io.FilePermission "${was.module.path}${/}myconfig.properties", "read, write";
permission java.io.FilePermission " ", "read";
permission java.util.PropertyPermission "*", "read";
};
I tried to grant access to the .properties file through different ways. But event FilePermission did'nt help. WAS seems to ignore my was.policy file completely. I checked after deployment the was.policy file is located in the both
C:\IBM\WAS6.1\profiles\AppSrv01\installedApps\WDFD00220692ANode01Cell\MyApp.ear\META-INF
and
C:\IBM\WAS6.1\profiles\AppSrv01\config\cells\WDFD00220692ANode01Cell\applications\MyAppEAR.ear\deployments\MyAppEAR\META-INF
folders.
I used RAD 7.5, but created and added the was.policy to the META-INF folder file manually.
Any ideas?
Thank you,
Mihail
I believe, my was.policy file contained an error. I don’t really know what happens, but WAS seems to ignore the complete was.policy file if it contains an error. I was really confused by this. After I noticed that a “permit all”
grant codeBase "file:${application}" {
permission java.security.AllPermission;
};
policy file works, I could successfully transform my was.policy file into a working one.