glassfish
  1. glassfish
  2. GLASSFISH-6720

[BLOCKING] policy file missing after redeploy

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 9.1.1
    • Fix Version/s: 9.1.1_dev
    • Component/s: security
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: Sun

    • Issuezilla Id:
      6,720
    • Status Whiteboard:
      Hide

      911Approved

      Show
      911Approved

      Description

      I am getting the following exeption on AIX with the latest b58 promoted 9.1.1
      build.
      Looks like issue is with missing policy file during redeploy

      permission((javax.security.jacc.WebUserDataPermission /SFSBRefFO GET)) domain
      that failed(ProtectionDomain (file:/SFSB/SFSBWar_war <no signer certificates>)
      null

      I dont see any entry in
      ./domains/sqe-domain/generated/policy/SFSB/SFSBWar_war/granted.policy

      it is supposed to have

      grant {
      permission javax.security.jacc.WebUserDataPermission "/";
      permission javax.security.jacc.WebResourcePermission "/";
      };

      thanks
      -vivek

      [#|2008-11-04T14:20:07.732-0800|FINE|sun-appserver9.1|com.sun.enterprise.ee.web.sessmgmt.pipe|_ThreadID=45;_ThreadName=RMI
      TCP
      Connection(45)-10.4.118.242;ClassName=com.sun.enterprise.ee.web.sessmgmt.JxtaReplicationReceiver;MethodName=doPipeInitialization;_RequestID=258bbc69-f793-4460-b2b2-9af0422491d7;|JxtaReplicationReceiver>>doPipeInitialization:previously
      called = true|#]

      [#|2008-11-04T14:20:36.226-0800|INFO|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=30;_ThreadName=httpSSLWorkerThread-38080-0;|JACC
      Policy Provider: PolicyWrapper.implies, context(SFSB/SFSBWar_war)-
      permission((javax.security.jacc.WebUserDataPermission /SFSBRefFO GET)) domain
      that failed(ProtectionDomain (file:/SFSB/SFSBWar_war <no signer certificates>)
      null
      <no principals>
      java.security.Permissions@4ea44ea4 (
      (java.lang.RuntimePermission queuePrintJob)
      (java.lang.RuntimePermission stopThread)
      (java.lang.RuntimePermission setContextClassLoader)
      (java.lang.RuntimePermission modifyThreadGroup)
      (java.lang.RuntimePermission getProtectionDomain)
      (java.lang.RuntimePermission accessDeclaredMembers)
      (java.lang.RuntimePermission getClassLoader)
      (java.lang.RuntimePermission loadLibrary.*)
      (java.util.PropertyPermission java.specification.vendor read)
      (java.util.PropertyPermission java.specification.version read)
      (java.util.PropertyPermission java.vm.specification.name read)
      (java.util.PropertyPermission file.separator read)
      (java.util.PropertyPermission java.vendor read)
      (java.util.PropertyPermission java.class.version read)
      (java.util.PropertyPermission java.version read)
      (java.util.PropertyPermission os.arch read)
      (java.util.PropertyPermission java.specification.name read)
      (java.util.PropertyPermission os.version read)
      (java.util.PropertyPermission path.separator read)
      (java.util.PropertyPermission java.vm.vendor read)
      (java.util.PropertyPermission os.name read)
      (java.util.PropertyPermission * read,write)
      (java.util.PropertyPermission java.vm.name read)
      (java.util.PropertyPermission java.vm.specification.vendor read)
      (java.util.PropertyPermission java.vendor.url read)
      (java.util.PropertyPermission java.vm.version read)
      (java.util.PropertyPermission java.vm.specification.version read)
      (java.util.PropertyPermission line.separator read)
      (javax.security.auth.PrivateCredentialPermission
      javax.resource.spi.security.PasswordCredential * "*" read)
      (java.io.FilePermission /tmp//- delete)
      (java.io.FilePermission
      /export/ha/as/nodeagents/sqe-agent1/instance1/lib/databases/- delete)
      (java.io.FilePermission <<ALL FILES>> read,write)
      (java.net.SocketPermission localhost:1024- listen,resolve)
      (java.net.SocketPermission * connect,resolve)
      (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
      (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission
      access null)
      (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
      (javax.management.MBeanTrustPermission register)

        Activity

        Hide
        venu added a comment -

        looking into this

        Show
        venu added a comment - looking into this
        Hide
        Tim Quinn added a comment -

        Vivek,

        Thanks to your instructions I can reproduce the problem.

        Using build 59, after redeployment the granted.policy file is there but it
        contains only the header comments and no grant clause, which is I think what you
        described in your original post.

        Venu, thanks for looking into this.

        Show
        Tim Quinn added a comment - Vivek, Thanks to your instructions I can reproduce the problem. Using build 59, after redeployment the granted.policy file is there but it contains only the header comments and no grant clause, which is I think what you described in your original post. Venu, thanks for looking into this.
        Hide
        venu added a comment -

        this problem does not occur in sailfin and occurs only in glassfish. The problem
        is in DAS WebSecuritymanager is not removed during undeployment in ear case ,
        fixing this issue. Kumar will be checking in the fix.

        Show
        venu added a comment - this problem does not occur in sailfin and occurs only in glassfish. The problem is in DAS WebSecuritymanager is not removed during undeployment in ear case , fixing this issue. Kumar will be checking in the fix.
        Hide
        Tim Quinn added a comment -

        In light of Venu's latest note I am reassigning this to the security component
        and then Kumar can close up the issue after he checks in the fix. I have also
        changed the target milestone to b60 with the understanding that Kumar will
        correct that if necessary.

        Show
        Tim Quinn added a comment - In light of Venu's latest note I am reassigning this to the security component and then Kumar can close up the issue after he checks in the fix. I have also changed the target milestone to b60 with the understanding that Kumar will correct that if necessary.
        Hide
        kumarjayanti added a comment -

        Fixed

        Show
        kumarjayanti added a comment - Fixed

          People

          • Assignee:
            kumarjayanti
            Reporter:
            sviveka
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: