Skip to main content

AccessControlException when using SecurityManager in own application

No replies
tomDuschata
Offline
Joined: 2013-01-16
Points: 0

We are trying to deploy an application, which is using JAAS. So we
enable the securityManager during the service startup

@Startup
@Singleton
public class ServiceInitializer
{

@PostConstruct
public void init()
{
Configuration.setConfiguration(new LoginModuleConfiguration());
Policy.setPolicy(new MyPolicy());
System.setSecurityManager(new SecurityManager());
Logger.getLogger(getClass()).info("SecurityContext initialized....");

}

@PreDestroy
void unsetSecurityManager()
{
System.setSecurityManager(null);
}
}

This is not a problem with a single application in our domain. When we
try to deploy another one we get various exceptions:

Exception during processing of event of type afterSessionAttributeAdded
for web module
StandardEngine[glassfish-web].StandardHost[server].StandardContext[/level5Webgui]
java.lang.RuntimeException: java.security.AccessControlException: access
denied ("java.security.SecurityPermission" "setPolicy")

.....

Cannot start JMX connector JmxConnector config: { name = system,
Protocol = rmi_jrmp, Address = 0.0.0.0, Port = 8686, AcceptAll = false,
AuthRealmName = admin-realm, SecurityEnabled = false} having exception
java.lang.SecurityException: attempt to add a Permission to a readonly
Permissions object
SCHWERWIEGEND: java.lang.SecurityException: attempt to add a Permission
to a readonly Permissions object

Any ideas?

Tom