loom

Policy in environment.xml is... ignored?!?

Details

  • Type: Bug Bug
  • Status: Open Open
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 1.0-rc3
  • Fix Version/s: None
  • Component/s: None
  • Labels:
    None
  • Environment:
    Loom 1.0-rc3
  • Number of attachments :
    0

Description

I have been testing to enable security manager by application in Apache James (with Phoenix 4.2 & Loom 1.0-rc3), have seen that there was the option to add to policies in the file environment.xml, but it does not work, seems simply that ignores the policies of "apps" and it treats like a AllPermission, stranger.

In Phoenix 4.0.1 if no policy is configured, phoenix.log says:
[Phoenix.] (): No policy specified in server.xml, giving full permissions to ServerApplication.
In Phoenix 4.2 / Loom 1.0-rc3 no message show...

I have used a policy Like this, and... never throws exception!?!...
<policy>
<grant code-base="file:$

{app.home}${/}lib${/}*">
<permission class="java.io.FilePermission"
target="${app.home}

$

{/}

*"
action="read,write" />
</grant>
</policy>

I have even proven to make a FileInputStream of /etc/passwd and... has eaten it, not security exception

At the moment my workarround is modifying directly the policy of the command line (-Djava.security.policy) and restrict it at global level of the JVM.

I inform, in case somebody can make some thing.

Activity

Hide
Permalink
Johan Sjoberg added a comment -

Hi!

We'll have to take a look and see how it is implemented. Thanks for the report.

Show
Johan Sjoberg added a comment - Hi! We'll have to take a look and see how it is implemented. Thanks for the report.

People

  • Assignee:
    peter royal
    Reporter:
    Guillermo Grandes
Vote (0)
Watch (0)

Dates

  • Created:
    Updated: