loom
  1. loom
  2. LOOM-81

Policy in environment.xml is... ignored?!?

    Details

    • Type: Bug Bug
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 1.0-rc3
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Loom 1.0-rc3
    • Number of attachments :
      0

      Description

      I have been testing to enable security manager by application in Apache James (with Phoenix 4.2 & Loom 1.0-rc3), have seen that there was the option to add to policies in the file environment.xml, but it does not work, seems simply that ignores the policies of "apps" and it treats like a AllPermission, stranger.

      In Phoenix 4.0.1 if no policy is configured, phoenix.log says:
      [Phoenix.] (): No policy specified in server.xml, giving full permissions to ServerApplication.
      In Phoenix 4.2 / Loom 1.0-rc3 no message show...

      I have used a policy Like this, and... never throws exception!?!...
      <policy>
      <grant code-base="file:$

      {app.home}${/}lib${/}*">
      <permission class="java.io.FilePermission"
      target="${app.home}

      $

      {/}

      *"
      action="read,write" />
      </grant>
      </policy>

      I have even proven to make a FileInputStream of /etc/passwd and... has eaten it, not security exception

      At the moment my workarround is modifying directly the policy of the command line (-Djava.security.policy) and restrict it at global level of the JVM.

      I inform, in case somebody can make some thing.

        Activity

        No changes have yet been made on this issue.

          People

          • Assignee:
            peter royal
            Reporter:
            Guillermo Grandes
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: