在JBoss 6.x EAP上启用Java安全管理器后,无法部署应用程序
[英]Unable to deploy application when Java Security Manager is enabled on JBoss 6.x EAP
问题描述
我已经在JBoss 6.x EAP上部署了我的应用程序。 启用安全管理器后,部署失败,但出现以下异常。
Caused by: java.security.AccessControlException: access denied ("org.jboss.vfs.VirtualFilePermission" "/E:/Servers/jboss-eap-6.4.0/jboss-eap-6.4/standalone/deployments/eQubeMI.war/WEB-INF/lib/spring-web-4.1.9.RELEASE.jar/org/springframework/web/context/ContextLoader.properties" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) [rt.jar:1.8.0_101]
at java.security.AccessController.checkPermission(AccessController.java:884) [rt.jar:1.8.0_101]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.8.0_101]
at org.jboss.vfs.VirtualFile.openStream(VirtualFile.java:248) [jboss-vfs-3.2.9.Final-redhat-1.jar:3.2.9.Final-redhat-1]
at org.jboss.as.server.deployment.module.VFSResourceLoader$VFSEntryResource.openStream(VFSResourceLoader.java:329)
at org.jboss.modules.Module.getResourceAsStream(Module.java:637) [jboss-modules.jar:1.3.6.Final-redhat-1]
at org.jboss.modules.ModuleClassLoader.findResourceAsStream(ModuleClassLoader.java:587) [jboss-modules.jar:1.3.6.Final-redhat-1]
at org.jboss.modules.ConcurrentClassLoader.getResourceAsStream(ConcurrentClassLoader.java:362) [jboss-modules.jar:1.3.6.Final-redhat-1]
at java.lang.Class.getResourceAsStream(Class.java:2223) [rt.jar:1.8.0_101]
at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:163) [spring-core-4.1.9.RELEASE.jar:4.1.9.RELEASE]
at org.springframework.core.io.support.PropertiesLoaderUtils.fillProperties(PropertiesLoaderUtils.java:132) [spring-core-4.1.9.RELEASE.jar:4.1.9.RELEASE]
at org.springframework.core.io.support.PropertiesLoaderUtils.loadProperties(PropertiesLoaderUtils.java:121) [spring-core-4.1.9.RELEASE.jar:4.1.9.RELEASE]
at org.springframework.web.context.ContextLoader.<clinit>(ContextLoader.java:176) [spring-web-4.1.9.RELEASE.jar:4.1.9.RELEASE]
我已遵循安全指南中提到的步骤: https : //access.redhat.com/documentation/zh-CN/JBoss_Enterprise_Application_Platform/6.4/html/Security_Guide/Run_JBoss_Enterprise_Application_Platform_Within_the_Java_Security_Manager.html
我已附上standalone.conf.bat和server.policy文件以供参考。
Standalone.conf.bat
if not "x%JAVA_OPTS%" == "x" (
echo "JAVA_OPTS already set in environment; overriding default settings with values: %JAVA_OPTS%"
goto JAVA_OPTS_SET
)
rem # JVM memory allocation pool parameters - modify as appropriate.
set "JAVA_OPTS=%JAVA_OPTS% -Xms1G -Xmx3G -XX:MaxPermSize=512M"
rem # Prefer IPv4
set "JAVA_OPTS=%JAVA_OPTS% -Djava.net.preferIPv4Stack=true"
rem # Set the jboss.modules.policy-permissions property to true by default.
set "JAVA_OPTS=%JAVA_OPTS% -Djboss.modules.policy-permissions=true "
rem # Make Byteman classes visible in all module loaders
rem # This is necessary to inject Byteman rules into AS7 deployments
set "JAVA_OPTS=%JAVA_OPTS% -Djboss.modules.system.pkgs=org.jboss.byteman"
rem # Sample JPDA settings for remote socket debugging
set "JAVA_OPTS=%JAVA_OPTS% -agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"
rem # Sample JPDA settings for shared memory debugging
rem set "JAVA_OPTS=%JAVA_OPTS% -agentlib:jdwp=transport=dt_shmem,address=jboss,server=y,suspend=n"
rem # Use JBoss Modules lockless mode
rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.modules.lockless=true"
rem # Uncomment this to run with a security manager enabled
set "SECMGR=true"
set "JAVA_OPTS=%JAVA_OPTS% -Djboss.home.dir=%JBOSS_HOME% -Djava.security.policy==%JBOSS_HOME%/bin/server.policy -Djava.security.debug=failure"
echo %JAVA_OPTS%
:JAVA_OPTS_SET
的server.policy
/* AUTOMATICALLY GENERATED ON Mon Jul 17 18:54:06 IST 2017*/
/* DO NOT EDIT */
grant codeBase "file:E:/Servers/jboss-eap-6.4.0/jboss-eap-6.4/standalone/deployments/eQubeMI.war/lib/-" {
permission java.security.AllPermission;
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission org.jboss.vfs.VirtualFilePermission "*", "read";
permission org.jboss.vfs.VirtualFilePermission "*", "write";
};
grant codeBase "file:E:/Servers/jboss-eap-6.4.0/jboss-eap-6.4/standalone/deployments/eQubeMI.war/-" {
permission java.security.AllPermission;
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "<<ALL FILES>>", "write";
permission org.jboss.vfs.VirtualFilePermission "*", "read";
permission org.jboss.vfs.VirtualFilePermission "*", "write";
};
如果我错过任何步骤,或者是服务器问题,请告诉我。
提前致谢..
1 个解决方案
解决方案1
0 2017-08-11 04:14:42
您需要将server.policy中的两个代码库授予其他代码库,请使用“ -Djava.security.debug = access,failure,policy”查找其他代码库,并在日志文件中搜索“ Active CodeSource”。 参见例如https://developer.jboss.org/wiki/JBossAS7SecurityRunningUnderAJavaSecurityManager
Jboss EAP 6.x上的org.springframework.ws和Xalan问题
[英]org.springframework.ws and Xalan problem on Jboss EAP 6.x
无法使用 JBOSS EAP 7 将 EAR 文件部署到 Azure 应用服务
[英]Unable to deploy EAR file to Azure App Service using JBOSS EAP 7
无法在JBOSS服务器上部署基于Maven的Java Web应用程序
[英]Unable to deploy maven based java web application on JBOSS server
如何在JBoss 6.3 EAP上部署Spring托管的JPA应用程序
[英]How to Deploy a Spring managed JPA application on JBoss 6.3 EAP
在JBoss EAP 7 / JVM8中部署旧的Struts / Spring WAR应用程序
[英]deploy old Struts / Spring WAR application in JBoss EAP 7 / JVM8
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Java 8上的JBoss EAP 6.x
无法在JBOSS EAP 6.3中部署应用程序
Jboss EAP 6.x上的org.springframework.ws和Xalan问题
在persistence.xml Jboss 6.x + jpa 上部署错误
无法在 Jboss-eap-6.4 中部署 Springboot 应用程序
无法使用 JBOSS EAP 7 将 EAR 文件部署到 Azure 应用服务
无法在JBOSS服务器上部署基于Maven的Java Web应用程序
如何在JBoss 6.3 EAP上部署Spring托管的JPA应用程序
在JBoss EAP 7 / JVM8中部署旧的Struts / Spring WAR应用程序
在jboss 7上部署Java EE应用程序
相关标签