Skip to main content

AccessControlException when using SecurityManager in own application

1 reply [Last post]
Anonymous

We are trying to deploy an application, which is using JAAS. So we
enable the securityManager during the service startup

@Startup
@Singleton
public class ServiceInitializer
{

@PostConstruct
public void init()
{
Configuration.setConfiguration(new LoginModuleConfiguration());
Policy.setPolicy(new MyPolicy());
System.setSecurityManager(new SecurityManager());
Logger.getLogger(getClass()).info("SecurityContext initialized....");

}

@PreDestroy
void unsetSecurityManager()
{
System.setSecurityManager(null);
}
}

This is not a problem with a single application in our domain. When we
try to deploy another one we get various exceptions:

Exception during processing of event of type afterSessionAttributeAdded
for web module
StandardEngine[glassfish-web].StandardHost[server].StandardContext[/level5Webgui]
java.lang.RuntimeException: java.security.AccessControlException: access
denied ("java.security.SecurityPermission" "setPolicy")

.....

Cannot start JMX connector JmxConnector config: { name = system,
Protocol = rmi_jrmp, Address = 0.0.0.0, Port = 8686, AcceptAll = false,
AuthRealmName = admin-realm, SecurityEnabled = false} having exception
java.lang.SecurityException: attempt to add a Permission to a readonly
Permissions object
SCHWERWIEGEND: java.lang.SecurityException: attempt to add a Permission
to a readonly Permissions object

Any ideas?

Tom

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Thomas Grabietz

sorry, OT, wrong list....

Am 23.01.2013 10:26, schrieb Thomas Grabietz:
> We are trying to deploy an application, which is using JAAS. So we
> enable the securityManager during the service startup
>
> @Startup
> @Singleton
> public class ServiceInitializer
> {
>
> @PostConstruct
> public void init()
> {
> Configuration.setConfiguration(new LoginModuleConfiguration());
> Policy.setPolicy(new MyPolicy());
> System.setSecurityManager(new SecurityManager());
> Logger.getLogger(getClass()).info("SecurityContext initialized....");
>
> }
>
> @PreDestroy
> void unsetSecurityManager()
> {
> System.setSecurityManager(null);
> }
> }
>
> This is not a problem with a single application in our domain. When we
> try to deploy another one we get various exceptions:
>
> Exception during processing of event of type afterSessionAttributeAdded
> for web module
> StandardEngine[glassfish-web].StandardHost[server].StandardContext[/level5Webgui]
> java.lang.RuntimeException: java.security.AccessControlException: access
> denied ("java.security.SecurityPermission" "setPolicy")
>
> .....
>
> Cannot start JMX connector JmxConnector config: { name = system,
> Protocol = rmi_jrmp, Address = 0.0.0.0, Port = 8686, AcceptAll = false,
> AuthRealmName = admin-realm, SecurityEnabled = false} having exception
> java.lang.SecurityException: attempt to add a Permission to a readonly
> Permissions object
> SCHWERWIEGEND: java.lang.SecurityException: attempt to add a Permission
> to a readonly Permissions object
>
> Any ideas?
>
>
> Tom
>
>
>
>
>