Issue granting library load to Java code

Question

I'm using the Java security Manager with my app. I'm going through granting permissions, and I came across one which I can't seem the grant. It's permission to load a library. It's a java *.jar library in the $JAVA_HOME/lib/ext directory.

at com.theatsgroup.startup.startup_managers.startup(startup_managers.jav
a:98)
at com.theatsgroup.startup.app_startup.main(app_startup.java:357)
Caused by: java.security.AccessControlException: access denied ("java.lang.Runti
mePermission" "loadLibrary.sunec")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkLink(Unknown Source)
at java.lang.Runtime.loadLibrary0(Unknown Source)
at java.lang.System.loadLibrary(Unknown Source)

My grant file is as follows:

grant codeBase "file:../bin/atsapp.jar" {
permission java.lang.RuntimePermission "loadLibrary.sunec";
};

Below is how I am invoking my Java app:

java -Djava.security.manager -Djava.security.policy==..\cfg\atsapp.security.poli
cy -jar atsapp.jar

Any ideas?

Thanks,

--Justin

Answer 1

Since you are using "==", you are overriding the "default" permissions for the jvm. there is one important default grant which you most likely will need to replicate in your policy file in order to get the jvm to work. this permission grants all the extension libraries installed as part of the jvm the permissions they need to do all the "internal" stuff. not sure why this isn't builtin, cause the jvm can't do much without this.

grant codeBase "file:${{java.ext.dirs}}/*" {
  permission java.security.AllPermission;
};

this is from the beginning of the "lib/security/java.policy" file installed with the jre. you might want to investigate the rest of this file to see if there are other important, basic permissions you might need.