[PATCH] Changed java.policy file to give all permissions to jolokia agent
229 views
Skip to first unread message
Waldemar Kozaczuk
Feb 16, 2017, 8:07:23 AM2/16/17
to osv...@googlegroups.com, Waldemar Kozaczuk
Some java applications like apache derby or elasticsearch 2.4.* enable java security manager. Java security
manager uses /.java.policy that would only grant necessary permissions to runjava.jar but not jolokia-agent.jar.
This would result in following exception when trying to use OSv dasboard:
Exception in thread "Thread-43" java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "setContextClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.Thread.setContextClassLoader(Thread.java:1503)
at io.osv.jolokia.Dispatcher.runWithContextClassLoader(Dispatcher.java:96)
at io.osv.jolokia.Dispatcher.dispatch(Dispatcher.java:42)
exception was caught for /jolokia/read/java.lang:type=Memory/HeapMemoryUsage/used: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "setContextClassLoader")
This change appends necessary statement to java.policy file that grant necessary permissions to jolokia-agent.jar
Signed-off-by: Waldemar Kozaczuk <jwkoz...@gmail.com>
---
modules/java-isolated/.java.policy | 3 +++
modules/java-non-isolated/.java.policy | 3 +++
2 files changed, 6 insertions(+)
diff --git a/modules/java-isolated/.java.policy b/modules/java-isolated/.java.policy
index fb6aae4..b76674b 100644
--- a/modules/java-isolated/.java.policy
+++ b/modules/java-isolated/.java.policy
@@ -1,3 +1,6 @@
grant codeBase "file:/java/runjava-isolated.jar" {
permission java.security.AllPermission;
};
+grant codeBase "file:/usr/mgmt/jolokia-agent.jar" {
+ permission java.security.AllPermission;
+};
diff --git a/modules/java-non-isolated/.java.policy b/modules/java-non-isolated/.java.policy
index 30a4cf3..6f9e075 100644
--- a/modules/java-non-isolated/.java.policy
+++ b/modules/java-non-isolated/.java.policy
@@ -1,3 +1,6 @@
grant codeBase "file:/java/runjava-non-isolated.jar" {
permission java.security.AllPermission;
};
+grant codeBase "file:/usr/mgmt/jolokia-agent.jar" {
+ permission java.security.AllPermission;
+};
--
2.7.4
manager uses /.java.policy that would only grant necessary permissions to runjava.jar but not jolokia-agent.jar.
This would result in following exception when trying to use OSv dasboard:
Exception in thread "Thread-43" java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "setContextClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.Thread.setContextClassLoader(Thread.java:1503)
at io.osv.jolokia.Dispatcher.runWithContextClassLoader(Dispatcher.java:96)
at io.osv.jolokia.Dispatcher.dispatch(Dispatcher.java:42)
exception was caught for /jolokia/read/java.lang:type=Memory/HeapMemoryUsage/used: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "setContextClassLoader")
This change appends necessary statement to java.policy file that grant necessary permissions to jolokia-agent.jar
Signed-off-by: Waldemar Kozaczuk <jwkoz...@gmail.com>
---
modules/java-isolated/.java.policy | 3 +++
modules/java-non-isolated/.java.policy | 3 +++
2 files changed, 6 insertions(+)
diff --git a/modules/java-isolated/.java.policy b/modules/java-isolated/.java.policy
index fb6aae4..b76674b 100644
--- a/modules/java-isolated/.java.policy
+++ b/modules/java-isolated/.java.policy
@@ -1,3 +1,6 @@
grant codeBase "file:/java/runjava-isolated.jar" {
permission java.security.AllPermission;
};
+grant codeBase "file:/usr/mgmt/jolokia-agent.jar" {
+ permission java.security.AllPermission;
+};
diff --git a/modules/java-non-isolated/.java.policy b/modules/java-non-isolated/.java.policy
index 30a4cf3..6f9e075 100644
--- a/modules/java-non-isolated/.java.policy
+++ b/modules/java-non-isolated/.java.policy
@@ -1,3 +1,6 @@
grant codeBase "file:/java/runjava-non-isolated.jar" {
permission java.security.AllPermission;
};
+grant codeBase "file:/usr/mgmt/jolokia-agent.jar" {
+ permission java.security.AllPermission;
+};
--
2.7.4
Commit Bot
Feb 16, 2017, 8:10:18 AM2/16/17
to osv...@googlegroups.com, Waldemar Kozaczuk
From: Waldemar Kozaczuk <jwkoz...@gmail.com>
Committer: Nadav Har'El <n...@scylladb.com>
Branch: master
Changed java.policy file to give all permissions to jolokia agent
Some java applications like apache derby or elasticsearch 2.4.* enable java
security manager. Java security
manager uses /.java.policy that would only grant necessary permissions to
runjava.jar but not jolokia-agent.jar.
This would result in following exception when trying to use OSv dasboard:
Exception in thread "Thread-43" java.security.AccessControlException:
access denied ("java.lang.RuntimePermission" "setContextClassLoader")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at
java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.Thread.setContextClassLoader(Thread.java:1503)
at io.osv.jolokia.Dispatcher.runWithContextClassLoader(Dispatcher.java:96)
at io.osv.jolokia.Dispatcher.dispatch(Dispatcher.java:42)
exception was caught for
/jolokia/read/java.lang:type=Memory/HeapMemoryUsage/used:
java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "setContextClassLoader")
This change appends necessary statement to java.policy file that grant
necessary permissions to jolokia-agent.jar
Signed-off-by: Waldemar Kozaczuk <jwkoz...@gmail.com>
Message-Id: <1487250426-4703-1-git...@gmail.com>
---
diff --git a/modules/java-isolated/.java.policy
b/modules/java-isolated/.java.policy
Committer: Nadav Har'El <n...@scylladb.com>
Branch: master
Changed java.policy file to give all permissions to jolokia agent
Some java applications like apache derby or elasticsearch 2.4.* enable java
security manager. Java security
manager uses /.java.policy that would only grant necessary permissions to
runjava.jar but not jolokia-agent.jar.
This would result in following exception when trying to use OSv dasboard:
Exception in thread "Thread-43" java.security.AccessControlException:
access denied ("java.lang.RuntimePermission" "setContextClassLoader")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at
java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.Thread.setContextClassLoader(Thread.java:1503)
at io.osv.jolokia.Dispatcher.runWithContextClassLoader(Dispatcher.java:96)
at io.osv.jolokia.Dispatcher.dispatch(Dispatcher.java:42)
exception was caught for
/jolokia/read/java.lang:type=Memory/HeapMemoryUsage/used:
java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "setContextClassLoader")
This change appends necessary statement to java.policy file that grant
necessary permissions to jolokia-agent.jar
Signed-off-by: Waldemar Kozaczuk <jwkoz...@gmail.com>
---
diff --git a/modules/java-isolated/.java.policy
b/modules/java-isolated/.java.policy
--- a/modules/java-isolated/.java.policy
+++ b/modules/java-isolated/.java.policy
@@ -1,3 +1,6 @@
grant codeBase "file:/java/runjava-isolated.jar" {
permission java.security.AllPermission;
};
+grant codeBase "file:/usr/mgmt/jolokia-agent.jar" {
+ permission java.security.AllPermission;
+};
diff --git a/modules/java-non-isolated/.java.policy
b/modules/java-non-isolated/.java.policy
+++ b/modules/java-isolated/.java.policy
@@ -1,3 +1,6 @@
grant codeBase "file:/java/runjava-isolated.jar" {
permission java.security.AllPermission;
};
+grant codeBase "file:/usr/mgmt/jolokia-agent.jar" {
+ permission java.security.AllPermission;
+};
diff --git a/modules/java-non-isolated/.java.policy
b/modules/java-non-isolated/.java.policy
Reply all
Reply to author
Forward
0 new messages