[opencms-dev] Newbie Install Help : Permissions
Sam Batschelet
sam at westbranchresort.com
Sat Oct 7 17:32:59 CEST 2006
On 10/7/06 10:52 AM, "Jonathan Woods" <jonathan.woods at scintillance.com>
wrote:
> From a bit of Googling on the exception trace (the BeanUtils carp about not
> being able to access something or other) it does look like restrictive
> security permissions are the problem. Security perms may be set on the Java
> invocation which fires up the Sun app server (i.e. on the command line or in
> properties files which it refers to) or else they're buried deep in app
> server config.
>
> Is this any help?:
> http://docs.sun.com/app/docs/doc/819-3659/6n5s6m58n?a=view
>
> Jon
Jon,
Yes that doc is helpful as it does outline the guidelines to what I have
been hacking around from google examples. But the problem is that I have
set these permissions for the files that are being complained about
opencms-vfs.xml . It seems more involved than actually reading the XML
config file. Here is my server file <below>. Now this is very random and
messy because I am adding these from things I have read. Some have unlocked
problems but I still have a few. Is there a document which highlights the
necessary security perms for opencms? I know some of this is very
promiscuous and possibly very wrong but it seems like these perms should be
outlined in the docs which I haven't found. Thanks again Jon for your time.
grant {
permission java.lang.RuntimePermission
"setIO";
permission java.lang.RuntimePermission
"createClassLoader";
permission java.lang.RuntimePermission
"getClassLoader";
permission java.lang.RuntimePermission
"exitVM";
permission java.lang.RuntimePermission
"setFactory";
permission java.lang.RuntimePermission
"modifyThread";
permission java.lang.RuntimePermission
"modifyThreadGroup";
permission java.lang.RuntimePermission
"getProtectionDomain";
permission java.lang.RuntimePermission
"setProtectionDomain";
permission java.lang.RuntimePermission
"readFileDescriptor";
permission java.lang.RuntimePermission
"writeFileDescriptor";
};
grant {
permission java.util.PropertyPermission "java.vm.info", "read";
};
// Core server classes get all permissions by default
grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {
permission java.security.AllPermission;
};
// Basic set of required permissions granted to all remaining code
grant {
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.net.SocketPermission "*", "connect";
permission java.io.FilePermission "<<ALL FILES>>",
"read,write,delete";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms" ,
"read,write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/applications/j2ee-modules/o
pencms/-", "read";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/export
", "write, delete";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/pics/s
ystem", "write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/pics/"
, "write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/logs/opencms.log", "read, write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/-", "read,write,delete";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/generated/xml/j2ee-modules/opencms/-",
"read,write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/generated/xml/j2ee-modules/opencms/WEB-I
NF/-", "read,write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/config/-", "read,write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/occlasses/-", "read,write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/oclib", "read,write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/web.xml", "read, write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/export", "read, write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/export/-", "read, write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/config/-", "read, write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/packages/modules/-", "read, write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/autodeploy/-", "read,write,delete";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/autodeploy/opencms", "read,write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms",
"read,write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/-",
"read,write";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/-",
"read,write,delete";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/lib/leadtracker.jar", "read";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/lib/mm.mysql-2.0.4-bin.jar", "read";
permission java.io.FilePermission
"/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/opencms/WEB-IN
F/lib/opencmsboot.jar", "read";
//permission java.io.FilePermission "/usr/java/jdk1.5.0_09/lib/tools.jar",
"read";
//permission java.io.FilePermission "/usr/java/jdk1.5.0_09/jre/lib/rt.jar",
"read";
//permission java.io.FilePermission
"/usr/java/jdk1.5.0_09/jre/lib/jsse.jar", "read";
//permission java.io.FilePermission
"/usr/java/jdk1.5.0_09/jre/lib/charsets.jar", "read";
//permission java.io.FilePermission
"/usr/java/jdk1.5.0_09/jre/lib/ext/localedata.jar", "read";
//permission java.io.FilePermission
"/usr/java/jdk1.5.0_09/jre/lib/plugin.jar", "read";
//permission java.io.FilePermission
"/usr/java/jdk1.5.0_09/jre/lib/javaws.jar", "read";
//permission java.io.FilePermission
"/usr/java/jdk1.5.0_09/jre/lib/deploy.jar", "read";
// work-around for pointbase bug 4864405
permission java.io.FilePermission
"${com.sun.aas.instanceRoot}${/}lib${/}databases${/}-", "delete";
permission java.io.FilePermission "${java.io.tmpdir}${/}-",
"delete";
permission java.util.PropertyPermission "*", "read, write, delete";
permission java.lang.RuntimePermission "modifyThreadGroup";
};
// Following grant block is only required by Connectors. If Connectors
// are not in use the recommendation is to remove this grant.
grant {
permission javax.security.auth.PrivateCredentialPermission
"javax.resource.spi.security.PasswordCredential * \"*\"","read,write";
};
// Following grant block is only required for Reflection. If Reflection
// is not in use the recommendation is to remove this section.
grant {
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
More information about the opencms-dev
mailing list