file /web/soft/was61/bnym1/profiles/node3/logs/ffdc/st0rsamf61rs81_0000003a_12.05.08_16.55.14_0.txt
[5/8/12 16:55:14:961 EDT] 0000003a SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to InfoCenter for further information.
Permission:
/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml : Access denied (java.io.FilePermission /web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml read)
Code:
com.rsa.csd.ws.axis2.LogHandler in {file:/web/sites/st0/rsamf61/data/jspwork/rs81Node/st0rsamf61rs81/st0rsamf61/AdaptiveAuthentication.war/_axis2/axis22379958949721437791rsa-logging-module-1.1.0.mar}
Stack Trace:
java.security.AccessControlException: Access denied (java.io.FilePermission /web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml read)
at java.security.AccessController.checkPermission(AccessController.java:103)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:558)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:214)
at com.ibm.ws.classloader.SinglePathClassProvider.check(SinglePathClassProvider.java:571)
at com.ibm.ws.classloader.SinglePathClassProvider.checkURL(SinglePathClassProvider.java:558)
at com.ibm.ws.classloader.SinglePathClassProvider.getResource(SinglePathClassProvider.java:550)
at com.ibm.ws.classloader.SinglePathClassProvider.getResourceAsStream(SinglePathClassProvider.java:585)
The enviroment for the customer was:
AIX 5.3, Web Sphere 6.1 .0.0.39.
You need to add this to the was.ploicy also you need to copy the .mar files to AdaptiveAuthenticaion/WEB_INF/lib.
grant codeBase "file:${webComponent}"{
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "shutdownHooks";
permission com.ibm.oti.shared.SharedClassPermission "*", "read, write";
permission java.util.PropertyPermission "*", "write";
permission java.io.FilePermission "/web/soft/was61/-", "read";
permission java.io.FilePermission "/web/sites/st0/rsamf61/-","read, delete";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.io.FilePermission "/web/sites/st0/rsamf61/-","read, delete";
permission java.io.FilePermission "/AAOP/rsa/configs", "read, write, delete";
permission java.io.FilePermission "/AAOP/rsa/logs/-", "read, write, delete";
permission java.io.FilePermission "/AAOP/rsa/logs";
permission java.io.FilePermission "/AAOP/usr/IBM/java/jre/lib/-", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/lib/-", "read";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war/axis2-web/-", "read";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/_axis2*","read, write";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/lib/cryptoj-4.1.jar", "read, write, delete";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/lib/-", "read, write, delete";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jsafe.fips140initialmode";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml", "read";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.editors";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war/axis2-web/-", "read, write, delete";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war${/}","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/bnym/AdaptiveAuthentication.war/_axis2","read,write,delete";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.io.FilePermission "/AAOP/usr/IBM/properties/version/update/backup","read";
permission java.io.FilePermission "/AAOP/rsa/configs/c-applicationContext.xml","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/bnym/AdaptiveAuthentication.war/_axis2/-", "read,write,delete";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/properties", "read";
permission java.io.FilePermission "/AAOP/rsa/geoip/database", "read";
permission java.io.FilePermission "/AAOP/usr/IBM","read";
permission java.io.FilePermission "/AAOP/usr/IBM/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/properties", "read";
permission java.io.FilePermission "/AAOP/rsa/configs/-","read";
permission java.io.FilePermission "/AAOP/rsa/configs/addPayee.st","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/-","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/staging","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/archive","read";
permission java.io.FilePermission "/AAOP/usr/IBM/properties/version", "read";
permission java.io.FilePermission "/.mime.types","read";
permission java.io.FilePermission "/usr/apps/aa/wurfl-data.zip","read";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.fips140initialmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.fips140initialmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jsafe.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.eventhandler";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.integritycheck";
Permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.kat.fail";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.runtimetest.fail";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.testmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.no.verify.jar";
permission java.security.SecurityPermission "getProperty.com.rsa.crypto.default.random";
permission java.security.SecurityPermission "putProviderProperty.JsafeJCE";
permission java.security.SecurityPermission "insertProvider.JsafeJCE";
permission java.io.FilePermission "/WEB-INF/AdaptiveAuthenticationAdmin.wsdl", "read";
permission java.io.FilePermission "/tmp/-","read,write,delete";
permission java.io.FilePermission "/WEB-INF/AdaptiveAuthenticationAdmin.wsdl","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/spring-beans-2.5.6.SEC01.jar","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/spectjweaver-1.6.8.jar","read,write,delete";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/-", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/-", "read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
};
grant codeBase "file:${jars}" {
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "shutdownHooks";
permission com.ibm.oti.shared.SharedClassPermission "*", "read, write";
permission java.util.PropertyPermission "*", "write";
permission java.io.FilePermission "/web/soft/was61/-", "read";
permission java.io.FilePermission "/web/sites/st0/rsamf61/-","read, delete";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.io.FilePermission "/web/sites/st0/rsamf61/-","read, delete";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/_axis2*","read, write";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/lib/cryptoj-4.1.jar", "read, write, delete";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/lib/-", "read, write, delete";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jsafe.fips140initialmode";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml", "read";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.io.FilePermission "/AAOP/rsa/configs", "read, write, delete";
permission java.io.FilePermission "/AAOP/rsa/logs/-", "read, write, delete";
permission java.io.FilePermission "/AAOP/rsa/logs";
permission java.io.FilePermission "/AAOP/usr/IBM/java/jre/lib/-", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/lib/-", "read";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war/axis2-web", "read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.editors";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war/axis2-web/-", "read, write, delete";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war${/}","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/bnym/AdaptiveAuthentication.war/_axis2","read,write,delete";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.io.FilePermission "/AAOP/usr/IBM/properties/version/update/backup","read";
permission java.io.FilePermission "/AAOP/rsa/configs/c-applicationContext.xml","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/bnym/AdaptiveAuthentication.war/_axis2/-", "read,write,delete";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/properties", "read";
permission java.io.FilePermission "/AAOP/rsa/geoip/database", "read";
permission java.io.FilePermission "/AAOP/usr/IBM","read";
permission java.io.FilePermission "/AAOP/usr/IBM/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/properties", "read";
permission java.io.FilePermission "/AAOP/rsa/configs/-","read";
permission java.io.FilePermission "/AAOP/rsa/configs/addPayee.st","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/-","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/staging","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/archive","read";
permission java.io.FilePermission "/AAOP/usr/IBM/properties/version", "read";
permission java.io.FilePermission "/.mime.types","read";
permission java.io.FilePermission "/usr/apps/aa/wurfl-data.zip","read";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.fips140initialmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.fips140initialmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jsafe.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.eventhandler";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.integritycheck";
Permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.kat.fail";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.testmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.no.verify.jar";
permission java.security.SecurityPermission "getProperty.com.rsa.crypto.default.random";
permission java.security.SecurityPermission "putProviderProperty.JsafeJCE";
permission java.security.SecurityPermission "insertProvider.JsafeJCE";
permission java.io.FilePermission "/WEB-INF/AdaptiveAuthenticationAdmin.wsdl", "read";
permission java.io.FilePermission "/tmp/-","read,write,delete";
permission java.io.FilePermission "/WEB-INF/AdaptiveAuthenticationAdmin.wsdl","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/spring-beans-2.5.6.SEC01.jar","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/spectjweaver-1.6.8.jar","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/-", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/-", "read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
};
grant codeBase "file:${application}" { permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml", "read"; permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-configService.xml", "read"; };
This step is must as well.
Copy .mar files from AA/WEB-INF/modules to AA/WEB-INF/lib and rename as.jar.
cp /modules/rsa-logging-module-1.1.0.mar -> /lib/rsa-logging-module-1.1.0.jar cp /modules/soapmonitor-1.4.mar -> /lib/soapmonitor-1.4.jar cp /modules/addressing-1.4.mar -> /lib/addressing-1.4.mar
That will load them with the class loader application classes first.
Related Articles
Entitlement Relationships are getting rejected in MAEDCs in RSA Governance & Lifecycle Number of Views Managing Cloud Access Service Connection Number of Views RSA Authentication Manager Help - Table of Contents Number of Views Cloud Access Service Help - Table of Contents Number of Views How to check for available SSL/TLS protocols and ciphers for a specific port in RSA Authentication Manager 8.x Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
