0

I don't seem to get my RMI server running when using server.policy running as a Tomcat7 Servlet.

My policy file and codebase is running on my server.

My server.policy is located in /home/foo/policyfiles/server.policy.

I'm still getting some exceptions, complaining about my java.rmi.server.hostname property.

I'm using these lines of code to check if an SecurityManager is running:

if (System.getSecurityManager() == null) {
        System.setSecurityManager(new RMISecurityManager());
}

Right after i do that, i set my policy file for the JVM, loaded from a property file using inputstream.

System.setProperty("java.security.policyfile", serverProperties.getProperty("foo.server.rmi.security.policy", null));

The line in my property file looks like this: 

foo.server.rmi.security.policy = /home/foo/policyfiles/server.policy

My server.policy looks like this:

grant codeBase "/home/foo/lib/*" signedBy "foo" {
permission java.net.SocketPermission "*" "accept, connect, resolve, listen";
permission java.lang.RuntimePermission "*";
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.util.PropertyPermission "*", "read, write";
permission java.util.logging.LoggingPermission "control";
};

Despite all this, i get this exception:

java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.rmi.server.hostname" "write")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
        at java.security.AccessController.checkPermission(AccessController.java:559)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at java.lang.System.setProperty(System.java:782)
        at com.foo.bl.server.Server.loadConfig(Server.java:114)
        at com.foo.bl.server.Server.start(Server.java:44)
        at com.foo.bl.servlet.ServletHandler.run(ServletHandler.java:187)
        at java.lang.Thread.run(Thread.java:724)

It seems that this little property is doing the mess in my RMI server class:

System.setProperty("java.rmi.server.hostname",
                    serverProperties.getProperty("foo.server.rmi.hostname", null));

I don't get it, i set my policy file, creates a security manager, adds the path to the policy file, and sets the property making the exception.

Is it catalina doing this? It's like the policy file is never read or something..

Please help me!

Thank you!

Gustav Cajander
  • 85
  • 2
  • 12

1 Answers1

0

You need to set the policy file first, otherwise it has no effect. But I don't believe it's kosher to install security managers in a servlet container.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • Ok, you mean that i should grant the permissions for catalina.policy and webbapps.policy in policy.d/ and not creating a new RMISecManager? Will i still be needing the server.policy property to be set? – Gustav Cajander Dec 05 '13 at 08:03
  • Solved it through using tomcat policy instead of server.policy. – Gustav Cajander Dec 06 '13 at 07:40