Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WAS 6.1 Access denied security exception accessing local file in web module

22 views
Skip to first unread message

mihail.f...@sap.com

unread,
Mar 3, 2009, 8:26:51 AM3/3/09
to
Hello all,

I wrote an Web Application MyApp for WAS 6.1. For configuration purpose it uses a .property file from the root directory
MyApp/myconfig.properties.

Although I added the was.policy file, if Java 2 security is enabled, I am getting the AccessControlException (stack trace follows)

java.security.AccessControlException: Access denied (java.io.FilePermission C:\IBM\WAS6.1\profiles\AppSrv01\installedApps\WDFD00220692ANode01Cell\MyAppEAR.ear\MyApp.war\myconfig.properties read)
at java.security.AccessController.checkPermission(AccessController.java:104)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
at java.lang.SecurityManager.checkRead(SecurityManager.java:886)
at java.io.File.exists(File.java:726)
at com.ibm.ws.webcontainer.webapp.WebApp.getResource(WebApp.java:2000)
at com.ibm.ws.webcontainer.webapp.WebApp.getResourceAsStream(WebApp.java:1936)
at com.ibm.ws.webcontainer.facade.ServletContextFacade.getResourceAsStream(ServletContextFacade.java:108)
...

The content of my was.policy file, located in the folder:
// Required to access the wssldProvider.properties file
grant codeBase "file:${application}" {
permission java.io.FilePermission "${app.installed.path}${/}MyApp.war${/}myconfig.properties",
"read,write";
permission java.io.FilePermission " ", "read";
permission java.util.PropertyPermission "*", "read";
};

grant codeBase "file:${webComponent}" {
permission java.io.FilePermission "${was.module.path}${/}-", "read, write";
permission java.io.FilePermission "${was.module.path}${/}myconfig.properties", "read, write";
permission java.io.FilePermission " ", "read";
permission java.util.PropertyPermission "*", "read";
};

I tried to grant access to the .properties file through different ways. But event FilePermission did'nt help. WAS seems to ignore my was.policy file completely. I checked after deployment the was.policy file is located in the both
C:\IBM\WAS6.1\profiles\AppSrv01\installedApps\WDFD00220692ANode01Cell\MyApp.ear\META-INF
and
C:\IBM\WAS6.1\profiles\AppSrv01\config\cells\WDFD00220692ANode01Cell\applications\MyAppEAR.ear\deployments\MyAppEAR\META-INF
folders.

I used RAD 7.5, but created and added the was.policy to the META-INF folder file manually.

Any ideas?

Thank you,
Mihail

mihail.f...@sap.com

unread,
Mar 4, 2009, 2:59:25 AM3/4/09
to
The string
permission java.io.FilePermission " ", "read";
means of course the ALL FILES permission. It is just displayed as " ".
permission java.io.FilePermission "", "read";

mihail.f...@sap.com

unread,
Mar 6, 2009, 2:35:24 PM3/6/09
to
I could fix this problem.

I believe, my was.policy file contained an error. I don’t really know what happens, but WAS seems to ignore the complete was.policy file if it contains an error. I was really confused by this. After I noticed that a “permit all”

grant codeBase "file:${application}" {

permission java.security.AllPermission;
};
policy file works, I could successfully transform my was.policy file into a working one.

0 new messages