Websphere 7 中 Axis2 1.4 的 Java 2 安全性

标签 java security websphere axis policyfiles

我有一个非常复杂的应用程序(比方说企业应用程序)部署在 Websphere 7 中(使用父级最后一个类加载器策略),其中包含多个依赖项。我正在部署的 .ear 内部包含 4 个 .war 文件。其中之一是 axis2.war。

一切工作正常,直到我打开管理安全性和 Java 2 安全性。 调试所有 AccessControlException 并向 ..\profiles\was70profile1\config\cells\AMSCNT0009Node01Cell\applications\app.ear\deployments\app\META-INF\was.policy 添加必要的权限后, ..\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\META-INF\was.policy 我最终得到一个 AccessControlException ,它似乎并没有以任何方式消失(java.io. FilePermission C:\Program Files\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices 读取)。

我的 was.policy 文件:

    /* AUTOMATICALLY GENERATED ON Mon Mar 05 13:40:14 CET 2012*/
/* DO NOT EDIT */

grant codeBase "file:${application}" {
  permission java.util.PropertyPermission "*", "read, write";
  permission java.util.PropertyPermission "org.apache.commons.logging.LogFactory", "read, write";
  permission java.util.PropertyPermission "Axis2.prohibitDebugLogging" , "read,write";

  permission java.lang.RuntimePermission "modifyThreadGroup";
  permission java.lang.RuntimePermission "modifyThread";
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "setContextClassLoader";
  permission java.lang.RuntimePermission "checkPropertiesAccess";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.lang.RuntimePermission "loadLibrary.*";
  permission java.lang.RuntimePermission "getProtectionDomain";
  permission java.lang.RuntimePermission "shutdownHooks";
  permission java.lang.RuntimePermission "accessDeclaredMembers";

  permission java.security.SecurityPermission "getPolicy";
  permission javax.management.MBeanServerPermission "createMBeanServer";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

  permission com.ibm.oti.shared.SharedClassPermission "java.net.URLClassLoader", "read, write";
  permission com.ibm.oti.shared.SharedClassPermission "org.apache.axis2.deployment.DeploymentClassLoader", "read, write";

  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\attachments", "read, write";
  permission java.io.FilePermission "alerts.log", "read, write";
  permission java.io.FilePermission "jmxPerformance.log", "read, write";
  permission java.io.FilePermission "AppLog.txt", "read, write";
  permission java.io.FilePermission "hibernateStatsLogger.log", "read, write";

  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\plugins\\-", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\plugins", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\lib\\-", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\deploytool\\-", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\java\\-", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\java\\jre\\lib\\-", "read";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\properties\\-", "read, write";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\properties\\*", "read, write";

  permission java.io.FilePermission "${app.installed.path}", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\*", "read, write";

  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\logs\\_axis2", "read, write, delete";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\logs\\_axis2\\*", "read, write, delete";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\logs\\_axis2\\-", "read, write, delete";

  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\temp\\AMSCNT0009Node01\\server1\\app", "read, write, delete";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\temp\\AMSCNT0009Node01\\server1\\app\\*", "read, write, delete";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\temp\\AMSCNT0009Node01\\server1\\app\\-", "read, write, delete";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\classes\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\conf\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\java\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\java\\*", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\java\\conf\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\scriptServices", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\scriptServices\\*", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\modules\\*", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appAxis2-3.5.2.war\\WEB-INF\\services\\*", "read, write";

  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\scriptServices", "read, write";  
  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\scriptServices\\*", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\modules\\-", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\services\\-", "read, write";
  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF\\-", "read";
  permission java.io.FilePermission "${app.installed.path}\\appModelSvcs-1.4.2.war\\WEB-INF", "read";

  permission java.io.FilePermission "${app.installed.path}\\appEFDSimulator-3.5.2.war\\WEB-INF\\*", "read, write";

  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1", "read, write";
  permission java.io.FilePermission "C:\\Program Files\\IBM\\SDP\\runtimes\\base_v7\\profiles\\was70profile1\\properties", "read, write";
};

痕迹:

    [3/8/12 16:41:24:320 CET] 00000018 SecurityManag W   SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Refer to the InfoCenter for further information.

Permission:

      C:\Program Files\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices : Access denied (java.io.FilePermission C:\Program Files\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices read)

Code:

     org.apache.axis2.scripting.ScriptRepositoryListener$1  in  {file:/C:/Program Files/IBM/SDP/runtimes/base_v7/profiles/was70profile1/temp/AMSCNT0009Node01/server1/app/appAxis2-3.5.2.war/_axis2/axis23638axis2-scripting-1.4.mar}


Stack Trace:

java.security.AccessControlException: Access denied (java.io.FilePermission C:\Program Files\IBM\SDP\runtimes\base_v7\profiles\was70profile1\installedApps\AMSCNT0009Node01Cell\app.ear\appAxis2-3.5.2.war\WEB-INF\scriptServices read)
    at java.lang.Throwable.<init>(Throwable.java:67)
    at java.security.AccessControlException.<init>(Unknown Source)
    at java.security.AccessController.checkPermission(AccessController.java:108)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:210)
    at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
    at java.io.File.list(File.java:982)
    at java.io.File.listFiles(File.java:1062)
    at org.apache.axis2.scripting.ScriptRepositoryListener$1.run(ScriptRepositoryListener.java:47)
    at java.security.AccessController.doPrivileged(AccessController.java:202)
    at org.apache.axis2.java.security.AccessController.doPrivileged(AccessController.java:78)
    at org.apache.axis2.scripting.ScriptRepositoryListener.findServicesInDirectory(ScriptRepositoryListener.java:45)
    at org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:225)
    at org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngine.java:131)

我也已经尝试更改 axis2 1.4 源代码,将 axis2-kernel.jar 和 axis2-scripting-1.4.mar 替换为自定义代码,并进行以下修复:

https://issues.apache.org/jira/browse/AXIS2-3816

我还尝试通过选择与 WEB-INF\scriptServices 不同的文件夹来更改 axis2 源代码,但 AccessControlException 仍然存在,现在位于新文件夹中。

如果有人提示如何解决此问题,我们将非常感激。 提前致谢!

最佳答案

我发现唯一的解决方案是从模块文件夹中删除 scripting-xxx.mar。 Axis2 1.5 在 ScriptRepositoryListener 类中提供了 doPrivileged() 方法,但它不起作用。

关于Websphere 7 中 Axis2 1.4 的 Java 2 安全性,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9621634/

上一篇:java - 在随机猜数游戏中使用数组

下一篇:Java解析器重命名变量

相关文章:

java - 设置 STRUCT 类型的默认值时 Kafka Connect API 错误

java - Spring看不到我导入的类

spring - 让 Spring 计划任务与任务执行器线程一起运行

java - looseconfig.xmi 文件的用途是什么?

java - Spring boot/Application.java 如何获取另一个包中的 Mongo AbstractMongoConfiguration ?

.net - 有人真正使用代码访问安全性来保护他们的程序集和/或方法吗?

用于过滤用户输入内容的Java库?

php - 如何修复 suhosin.so 错误

singleton - 单例启动 EJB 中的本地无状态 EJB 注入(inject)

java - 您好,我创建了一个 javafx 应用程序,其中特定图像应裁剪为特定大小

©2024 IT工具网  联系我们