I am reading the tutorial on java security by oracle.
(http://download.oracle.com/javase/tutorial/security/toolsign/rstep4.html)
I duplicate all the files and everything from the tutorial basically.
I am able to run the file with security manager using the following approach in unix:
java -Djava.security.manager -Djava.security.policy=recvPolicy -cp sCount.jar Count ../../test
But when I try to specify a new policy.url in the java.security file like this:
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
policy.url.3=file:/home/myhome/SigningTest/recvPolicy
it gives me an exception when I run:
java -Djava.security.manager -cp sCount.jar Count ../../test
The exception is this:
Exception in thread "main" java.security.AccessControlException: access denied (java.io.FilePermission ../../test read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.FileInputStream.<init>(FileInputStream.java:100)
at java.io.FileInputStream.<init>(FileInputStream.java:66)
at Count.main(Count.java:17)
thanks for feedback
Okay, I did a quick test of this and it works for me. So the only thing that could be causing this problem (my guess) is that you have two jdks installed on your unix box. So make sure that the "java" that you are using for the command line execution is the same version whose java.security you have modified.
The default sun java 6 security file (if you are using ubuntu) is located at:
/etc/java-6-sun/security/java.security
So make sure you are editing the correct version of java.security
Related
I am trying to set up On Demand Server in my local machine and when ever I am deploying the application on tomcat server I am getting below error message on browser. I have updated the PATH variable also.
root cause
java.lang.UnsatisfiedLinkError: ars3wapi32 (Not found in java.library.path)
java.lang.ClassLoader.loadLibraryWithPath(ClassLoader.java:1007)
java.lang.ClassLoader.loadLibraryWithClassLoader(ClassLoader.java:971)
java.lang.System.loadLibrary(System.java:470)
com.ibm.edms.od.ArsWWWInterface.<clinit>(ArsWWWInterface.java:15)
java.lang.J9VMInternals.initializeImpl(Native Method)
java.lang.J9VMInternals.initialize(J9VMInternals.java:200)
com.ibm.edms.od.ODServer.<init>(ODServer.java:45)
com.ibm.edms.od.ODServer.<init>(ODServer.java:61)
com.uklife.web.ondemand.utils.DownloadUtils.getAFPDocumentFromOnDemand(DownloadUtils.java:80)
com.uklife.web.ondemand.utils.Utils.getDocument(Utils.java:288)
com.uklife.web.ondemand.servlet.OnDemandDocAccess.doGet(OnDemandDocAccess.java:81)
javax.servlet.http.HttpServlet.s`enter code here`ervice(HttpServlet.java:621)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722
)
Here is a guide the solution (for Windows and OnDemand V9.5).
First of all, you need to install ODWEK on the machine where you want to run your java app. Please install in the default folder, this whole thing is tricky enough as it is...
Set the environment variable "PATH" in Windows, add "C:\Program Files\IBM\OnDemand\V9.5\bin"
Set CLASSPATH in your development environment - point out the ODApi.jar file and ALSO point "Native library..." to the \bin folder above. (You can also call the program and setting the CLASSPATH in the call as a parameter: -Djava.library.path="C:\Program Files\IBM\OnDemand\V9.5\www\api\ODapi.jar"
Copy the file ars3wapi64.dll from C:\Program Files\IBM\V9.5\www to C:\Program Files\IBM\OnDemand\V9.5\bin
Ensure that all of these files are in the bin-catalog above:
**ars3wapi64.dll**
icudt53.dll
icuin53.dll
icuio53.dll
icule53.dll
iculx53.dll
icuuc53.dll
arsgsk64.dll
If you are getting the error "java.lang.UnsatisfiedLinkError: ars3wapi32 (Not found in java.library.path)" one of the above is most likely incorrect.
OR you could be using different versions of ODWEK and OnDemand.
More on how to set CLASSPATH in Eclipse: How to set the java.library.path from Eclipse
When starting for example Elasticsearch 5.5 :
main ERROR Could not register mbeans java.security.AccessControlException: access denied ("javax.management.MBeanTrustPermission" "register")
Workaround with Oracle Java 1.8.0_131 is to open file <jre>/lib/security/java.policy and add this line to grant section (i.e. between curly brackets):
permission javax.management.MBeanTrustPermission "register";
Why workaround? The upright solution would be to specify extra grant section which code exactly should get this permission.
got the same error and the answer is here java.security.AccessControlException when using Ant, but runs ok when invoking java from console
Append the grant section in java.policy file with
permission javax.management.MBeanTrustPermission "register";
I had this same issue when moving from a single instance to two instances locally.
I tried what Alice suggested above. Even re-installed Elasticsearch (5.5.0).
I also updated my Java to the latest one for Linux provided by Oracle.
Nothing was working. Then I discovered, that I couldn't just take the elasticsearch-5.5.0/config directory and rename it to elasticsearch-5.5.0/node1.
So... I had to leave that config directory in place and clone it to node1/node2.
EVEN if I configure path.config in the runtime args, ES still needs that base line config directory.
Hope this helps.
I faced same issue on Ubuntu-16.04 system.
Solution:
ElasticSeearch service is not allowed to run for "ROOT" user. That's why change the ownership of elasticsearch folder with below command:
go to Elasticseach installation directory
$ sudo chown -R user_name:user_Group elasticsearch-5.5.0
$/bin/elasticsearch
this will start elasticsearch service. It is working form me perfectly.
Hey stackoverflow community!
I'm writing a small program. In this program code, written in a Web-Interface, is compiled and run.
Now I want the written code from the web-interface to have just a few permissions, like reading a file in a specific directory, while my own code has all permissions.
I just looked up the SecurityManager and found a way to carry this out by using the codeBase attribute of the Policy-File. My idea was to give my code all permissions so the written code has no permissions.
grant codeBase "file:/PATH/-" {
permission java.security.AllPermission;
};
grant {
};
PATH points to the root directory of my program (with bin/src as subfolder).
It works until i'm invoking javax.tools.JavaCompiler.CompilationTask.call() to compile the given code, although the file has the required permissions:
An exception has occurred in the compiler (1.8.0_05). Please file a bug at the Java Developer Connection (Report a Bug or Request a Feature) after checking the Bug Parade for duplicates. Include your program and the following diagnostic in your report. Thank you.
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "nonBatchMode" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
at java.lang.System.getProperty(System.java:714)
at com.sun.tools.javac.main.Main.compile(Main.java:445)
at com.sun.tools.javac.api.JavacTaskImpl.doCall(JavacTaskImpl.java:129)
at com.sun.tools.javac.api.JavacTaskImpl.call(JavacTaskImpl.java:138)
.
.
.
I don't want to create a .java- and a .class-file for every typed code. For this reasen I used a ClassLoader with the following URI:
URI.create( "string:///" + className + Kind.CLASS.extension )
Trying to avoid the use of the "signedBy"-attriutes is important because it's difficult to sign .jar-files in Eclipse.
These are my questions:
1) Does anyone have an idea why the compiler throws an AccessControlException, although all needed rights are allowed?
2) Does anyone have an idea how to modify the SecurityManager this way?
3) Is it possible to seperate the included code from my own code at all?
4) Is the SecurityManager the right solution to my problem at all?
Thanks for reading and answering!
I'm trying to embed zeroMQ in my app, I followed this guideline to install ZMQ, so till here everything works fine.
I have this line of code in my app:
ZMQ.Context m_context = ZMQ.context(1);
but above line of code raise below exception:
Exception in thread "main" java.lang.UnsatisfiedLinkError: /tmp/libjzmq-812339378390536247.lib: libzmq.so.3: cannot open shared object file: No such file or directory
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1939)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1864)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1825)
at java.lang.Runtime.load0(Runtime.java:792)
at java.lang.System.load(System.java:1059)
at org.zeromq.EmbeddedLibraryTools.loadEmbeddedLibrary(EmbeddedLibraryTools.java:136)
at org.zeromq.EmbeddedLibraryTools.<clinit>(EmbeddedLibraryTools.java:22)
at org.zeromq.ZMQ.<clinit>(ZMQ.java:38)
at com.castaclip.verticals.Messenger.<init>(Messenger.java:125)
at com.castaclip.verticals.PushMessenger.<init>(PushMessenger.java:30)
at com.castaclip.verticals.pushserver.App.setup(App.java:60)
at com.castaclip.verticals.pushserver.App.main(App.java:41)
The error is exactly pointing to this line.
P.S: its a little bit difficult to fully explain this question.. if you have any question plz let me know. thanks.
If you've successfully built libzmq and jzmq in that order, I would run:
$ sudo ldconfig
to update the system library cache. Then I would check to see if LD_LIBRARY_PATH is defined like Raffian mentioned, or set your library path explicitly to something like:
$ java -Djava.library.path=/usr/lib:/usr/local/lib
Finally I tried to figure out the problem.
I was using zeromq-2.1.10 and this was part of the problem.
So I installed zeromq-3.2.3 from the source and problem resolved.
I encountered a mystifying instance of this message when I:
# java -Djava.library.path=/usr/hf/zmq/lib/ -cp '/usr/hf/lib/*:.' com.zmqtest.MA
Exception in thread "main"
java.lang.UnsatisfiedLinkError: /usr/hf/zmq/lib/libjzmq.so:
libzmq.so.3: cannot open shared object file: No such file or directory
which was fixed with a solution that makes no sense at all to me:
# LD_LIBRARY_PATH=/usr/hf/zmq/lib/ java -Djava.library.path=/usr/hf/zmq/lib/ -cp '/usr/hf/lib/*:.' com.zmqtest.MA
wierd.
I tried to run the java version of Nachos on Windows 7 and Redhat Linux, but both failed due to RuntimePermission problem as below.
user\nachos\proj1> java nachos.machine.Machine nachos.conf
nachos 5.0j initializing... config interrupt timer user-check
Lacked permission: (java.lang.RuntimePermission createClassLoader)
Exception in thread "main" nachos.machine.AssertionFailureError
at nachos.machine.Lib.assertTrue(Lib.java:77)
at nachos.machine.Lib.assertNotReached(Lib.java:96)
at nachos.machine.Lib.checkMethod(Lib.java:565)
at nachos.machine.Machine.checkUserClasses(Machine.java:262)
at nachos.machine.Machine.main(Machine.java:57)
Searching on Google using keywords RuntimePermission and createClassLoader, found some solutions that need to modify the file: $(JAVA HOME)\jre\lib\security\java.policy. So I appended following lines to it.
grant {
permission java.security.AllPermission;
};
However, it still can't work. Can anyone provide any clues on this problem? Thanks.