java.policy中的一些更改未由JVM处理

时间:2012-05-09 19:51:15

标签: java policy lotus-domino

好日子朋友们! 我在这里遇到一个大问题!首先,我在去年发布了一个关于如何在JVM中设置代理的问题,以便用java编程的Lotus Notes代理可以通过Web服务(也在java中)。经过几周的研究,我终于找到了问题,现在它可以了!那么,现在是时候让我们在用户测试环境中移动它......猜猜是什么?!?不行!但是,我没有遇到同样的问题。实际上,要在JVM中设置代理,我需要设置属性“http.proxyHost”和“http.proxyPort”。所以,我让Domino服务器的管理员更改服务器上的“java.policy”文件,以便我可以访问这些属性(我让他们复制“java.policy”的开发版本并将其粘贴到“UAT”中“版本)。没运气!使用完全相同的策略文件在另一台服务器上复制的完全相同的代码表现出两种不同的方式......我得到了这个:

java.security.AccessControlException: access denied (java.util.PropertyPermission http.proxyHost write)

我们尝试反转权限授予,我们尝试授予“http.proxyHost”和“proxyHost”权限。没有任何工作......所以,我让他们删除“grant”部分中的所有权限(没有代码库)并且只放入AllPermission。有效!我的猜测是我们在策略文件中有错误,因此权限不会被处理。我想知道你是否可以帮我解决这个问题......这是政策文件:

// 
// @(#)src/security/sov/config/java.policy, security, as142, 20070303 1.4.2.2 
// =========================================================================== 
// Licensed Materials - Property of IBM 
// "Restricted Materials of IBM" 
// 
// IBM SDK, Java(tm) 2 Technology Edition, v1.4.2 
// (C) Copyright IBM Corp. 1998, 2002. All Rights Reserved 
// =========================================================================== 
// 


// Standard extensions get all permissions by default 

grant codeBase "file:${java.home}/lib/ext/*" { 
        permission java.security.AllPermission; 
}; 

// default permissions granted to all domains 

grant { 
        // Allows any thread to stop itself using the java.lang.Thread.stop() 
        // method that takes no argument. 
        // Note that this permission is granted by default only to remain 
        // backwards compatible. 
        // It is strongly recommended that you either remove this permission 
        // from this policy file or further restrict it to code sources 
        // that you specify, because Thread.stop() is potentially unsafe. 
        // See "http://java.sun.com/notes" for more information. 
        permission java.lang.RuntimePermission "stopThread"; 
        permission java.lang.RuntimePermission "setContextClassLoader";    // This was added 

        // allows anyone to listen on un-privileged ports 
        permission java.net.SocketPermission "localhost:1024-", "listen"; 

        permission java.net.NetPermission "setDefaultAuthenticator";
        permission java.util.PropertyPermission "http.proxySet", "write"; 
        permission java.util.PropertyPermission "http.proxyHost", "write"; 
        permission java.util.PropertyPermission "http.proxyPort", "write"; 


        // "standard" properies that can be read by anyone 

        permission java.util.PropertyPermission "java.version", "read"; 
        permission java.util.PropertyPermission "java.vendor", "read"; 
        permission java.util.PropertyPermission "java.vendor.url", "read"; 
        permission java.util.PropertyPermission "java.class.version", "read"; 
        permission java.util.PropertyPermission "os.name", "read"; 
        permission java.util.PropertyPermission "os.version", "read"; 
        permission java.util.PropertyPermission "os.arch", "read"; 
        permission java.util.PropertyPermission "file.separator", "read"; 
        permission java.util.PropertyPermission "path.separator", "read"; 
        permission java.util.PropertyPermission "line.separator", "read"; 

        permission java.util.PropertyPermission "java.specification.version", "read"; 
        permission java.util.PropertyPermission "java.specification.vendor", "read"; 
        permission java.util.PropertyPermission "java.specification.name", "read"; 

        permission java.util.PropertyPermission "java.vm.specification.version", "read"; 
        permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; 
        permission java.util.PropertyPermission "java.vm.specification.name", "read"; 
        permission java.util.PropertyPermission "java.vm.version", "read"; 
        permission java.util.PropertyPermission "java.vm.vendor", "read"; 
        permission java.util.PropertyPermission "java.vm.name", "read"; 


        permission java.util.PropertyPermission "java.assistive", "read"; 

}; 

// Notes java code gets all permissions 

grant codeBase "file:${notes.binary}/*" { 
        permission java.security.AllPermission; 
}; 

grant codeBase "file:${notes.binary}/rjext/*" { 
        permission java.security.AllPermission; 
}; 

任何线索都会非常感激......客户很累,这不起作用!

2 个答案:

答案 0 :(得分:0)

对于那些可能遇到同样问题并且在谷歌上搜索的人,我通过允许AllProperties获取/设置的安全性解决了这个问题。我仍然不知道为什么要列举然后没有工作......

答案 1 :(得分:0)

文件Domino\jvm\lib\security\java.security定义3个策略文件

# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${java.home}/lib/security/java.pol
policy.url.3=file:///${user.home}/.java.policy

您可以使用create file java.pol自定义策略。 此外,domino服务器重新初始化java.policy。

查看更多https://www-304.ibm.com/support/docview.wss?uid=swg21679242