Good day friends! I'm experiencing one huge problem here! First, I posted a question last year here regarding how to set a proxy in the JVM, so that an Lotus Notes Agent programmed in java could get through a web service (also in java). I Finally found the problem after a couple of weeks of research, and it now works! So, now it's time for us to move that in a user testing environment... Guess what?!? Doesn't work! But, I'm not facing the same problem. In fact, to set the proxy in the JVM, I need to set the property "http.proxyHost" and "http.proxyPort". So, I got the Domino server's administrator to change the "java.policy" file on the server so that I can access to those properties (I got them copy the development version of the "java.policy" and paste it in the "UAT" version). No luck! The exact same code replicated on another server with the exact same policy file behave two different ways... I get this:
java.security.AccessControlException: access denied (java.util.PropertyPermission http.proxyHost write)
We tried inverting the permission granting, we tried giving the permission to "http.proxyHost" and "proxyHost". Nothing worked... So, I got them to remove all permission in the "grant" section (without codebase) and put only AllPermission. It worked! My guess would be that we have an error in the policy file, so that the permissions are not taken care of. I was wondering if you could give me a hand on this... Here's the policy file:
//
// @(#)src/security/sov/config/java.policy, security, as142, 20070303 1.4.2.2
// ===========================================================================
// Licensed Materials - Property of IBM
// "Restricted Materials of IBM"
//
// IBM SDK, Java(tm) 2 Technology Edition, v1.4.2
// (C) Copyright IBM Corp. 1998, 2002. All Rights Reserved
// ===========================================================================
//
// Standard extensions get all permissions by default
grant codeBase "file:${java.home}/lib/ext/*" {
permission java.security.AllPermission;
};
// default permissions granted to all domains
grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See "http://java.sun.com/notes" for more information.
permission java.lang.RuntimePermission "stopThread";
permission java.lang.RuntimePermission "setContextClassLoader"; // This was added
// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission "localhost:1024-", "listen";
permission java.net.NetPermission "setDefaultAuthenticator";
permission java.util.PropertyPermission "http.proxySet", "write";
permission java.util.PropertyPermission "http.proxyHost", "write";
permission java.util.PropertyPermission "http.proxyPort", "write";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
permission java.util.PropertyPermission "java.assistive", "read";
};
// Notes java code gets all permissions
grant codeBase "file:${notes.binary}/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${notes.binary}/rjext/*" {
permission java.security.AllPermission;
};
Any clue would be greatly appreciated... the client is pretty tired this doesn't work!
For people who might have that same problem and get here googling, I solved this issue with allowing the security of AllProperties get/set. I still don't know why enumerating then didn't work...