Affects Version/s: 1.0-rc3
Fix Version/s: None
Number of attachments :
I have been testing to enable security manager by application in Apache James (with Phoenix 4.2 & Loom 1.0-rc3), have seen that there was the option to add to policies in the file environment.xml, but it does not work, seems simply that ignores the policies of "apps" and it treats like a AllPermission, stranger.
In Phoenix 4.0.1 if no policy is configured, phoenix.log says:
[Phoenix.] (): No policy specified in server.xml, giving full permissions to ServerApplication.
In Phoenix 4.2 / Loom 1.0-rc3 no message show...
I have used a policy Like this, and... never throws exception!?!...
I have even proven to make a FileInputStream of /etc/passwd and... has eaten it, not security exception
At the moment my workarround is modifying directly the policy of the command line (-Djava.security.policy) and restrict it at global level of the JVM.
I inform, in case somebody can make some thing.