[opencms-dev] Newbie Install Help : Permissions

Jonathan Woods jonathan.woods at scintillance.com
Sun Oct 8 09:17:52 CEST 2006 

It must be very frustrating.  Been there!

I notice in your original security config file that "core server classes are
granted all permissions".  Can you not do this for your code?  I.e.

grant {
  permission java.security.AllPermission;
} 

You may have to qualify the first line - I don't know what it means not to
specify what you're granting permissions to - but some research on Java
security should get you up to speed there.

Jon

-----Original Message-----
From: opencms-dev-bounces at opencms.org
[mailto:opencms-dev-bounces at opencms.org] On Behalf Of Sam Batschelet
Sent: 07 October 2006 21:12
To: OpenCMS
Subject: Re: [opencms-dev] Newbie Install Help : Permissions




On 10/7/06 12:39 PM, "Jonathan Woods" <jonathan.woods at scintillance.com>
wrote:


> 
>>> From a bit of Googling on the exception trace (the BeanUtils carp 
>>> about not being able to access something or other) it does look like 
>>> restrictive security permissions are the problem.  Security perms 
>>> may be set on the Java invocation which fires up the Sun app server
(i.e.
>>> on the command line or in properties files which it refers to) or 
>>> else they're buried deep in app server config.
>>> 
>>> Is this any help?:
>>> http://docs.sun.com/app/docs/doc/819-3659/6n5s6m58n?a=view
>>> 
>>> Jon
>> 
>> Jon,
>>   Yes that doc is helpful as it does outline the guidelines to what I 
>> have been hacking around from google examples.  But the problem is 
>> that I have set these permissions for the files that are being 
>> complained about opencms-vfs.xml .  It seems more involved than 
>> actually reading the XML config file.  Here is my server file 
>> <below>.  Now this is very random and messy because I am adding these 
>> from things I have read.  Some have unlocked problems but I still 
>> have a few.  Is there a document which highlights the necessary 
>> security perms for opencms?  I know some of this is very promiscuous 
>> and possibly very wrong but it seems like these perms should be outlined
in the docs which I haven't found.  Thanks again Jon for your time.
> 
> 
> Well, you know a lot more about this than I do!  I confess that I have 
> been known to grant all permissions to Java (i.e. I don't run with a 
> security manager), and I rely instead on Unix security.  The Java 
> process runs as a severely limited user, and therefore it can attempt 
> what it likes without much compromising anything else.  So I guess 
> what I'm saying is... would that be enough for you?  You could then 
> turn off JVM-level security altogether, though I agree it's better to be
as complete as possible.
> 
> Or more palatably, you could turn off JVM security while developing, 
> at least making some visible progress, and hopefully keep your 
> fledgling OpenCms installation closed to the world at large.  Maybe 
> the JVM security answer would come in time for opening things up.
> 
> Jon

When I read your post I got very excited that I could remove the permission
issue all together but I think that I have found that it is already off.
>From reading the docs and the config file domain.xml the security is 
>off by
default.  Now I could be off but I read how to turn it on and it doesn't
seem to show how to turn it off so I assume its off by default.  What a mess
I wish I could use tomcat5.



_______________________________________________
This mail is sent to you from the opencms-dev mailing list To change your
list options, or to unsubscribe from the list, please visit
http://lists.opencms.org/mailman/listinfo/opencms-dev

More information about the opencms-dev mailing list