file /web/soft/was61/bnym1/profiles/node3/logs/ffdc/st0rsamf61rs81_0000003a_12.05.08_16.55.14_0.txt
[5/8/12 16:55:14:961 EDT] 0000003a SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to InfoCenter for further information.
Permission:
/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml : Access denied (java.io.FilePermission /web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml read)
Code:
com.rsa.csd.ws.axis2.LogHandler in {file:/web/sites/st0/rsamf61/data/jspwork/rs81Node/st0rsamf61rs81/st0rsamf61/AdaptiveAuthentication.war/_axis2/axis22379958949721437791rsa-logging-module-1.1.0.mar}
Stack Trace:
java.security.AccessControlException: Access denied (java.io.FilePermission /web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml read)
at java.security.AccessController.checkPermission(AccessController.java:103)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:558)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:214)
at com.ibm.ws.classloader.SinglePathClassProvider.check(SinglePathClassProvider.java:571)
at com.ibm.ws.classloader.SinglePathClassProvider.checkURL(SinglePathClassProvider.java:558)
at com.ibm.ws.classloader.SinglePathClassProvider.getResource(SinglePathClassProvider.java:550)
at com.ibm.ws.classloader.SinglePathClassProvider.getResourceAsStream(SinglePathClassProvider.java:585)
The enviroment for the customer was:
AIX 5.3, Web Sphere 6.1 .0.0.39.
You need to add this to the was.ploicy also you need to copy the .mar files to AdaptiveAuthenticaion/WEB_INF/lib.
grant codeBase "file:${webComponent}"{
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "shutdownHooks";
permission com.ibm.oti.shared.SharedClassPermission "*", "read, write";
permission java.util.PropertyPermission "*", "write";
permission java.io.FilePermission "/web/soft/was61/-", "read";
permission java.io.FilePermission "/web/sites/st0/rsamf61/-","read, delete";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.io.FilePermission "/web/sites/st0/rsamf61/-","read, delete";
permission java.io.FilePermission "/AAOP/rsa/configs", "read, write, delete";
permission java.io.FilePermission "/AAOP/rsa/logs/-", "read, write, delete";
permission java.io.FilePermission "/AAOP/rsa/logs";
permission java.io.FilePermission "/AAOP/usr/IBM/java/jre/lib/-", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/lib/-", "read";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war/axis2-web/-", "read";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/_axis2*","read, write";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/lib/cryptoj-4.1.jar", "read, write, delete";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/lib/-", "read, write, delete";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jsafe.fips140initialmode";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml", "read";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.editors";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war/axis2-web/-", "read, write, delete";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war${/}","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/bnym/AdaptiveAuthentication.war/_axis2","read,write,delete";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.io.FilePermission "/AAOP/usr/IBM/properties/version/update/backup","read";
permission java.io.FilePermission "/AAOP/rsa/configs/c-applicationContext.xml","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/bnym/AdaptiveAuthentication.war/_axis2/-", "read,write,delete";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/properties", "read";
permission java.io.FilePermission "/AAOP/rsa/geoip/database", "read";
permission java.io.FilePermission "/AAOP/usr/IBM","read";
permission java.io.FilePermission "/AAOP/usr/IBM/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/properties", "read";
permission java.io.FilePermission "/AAOP/rsa/configs/-","read";
permission java.io.FilePermission "/AAOP/rsa/configs/addPayee.st","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/-","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/staging","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/archive","read";
permission java.io.FilePermission "/AAOP/usr/IBM/properties/version", "read";
permission java.io.FilePermission "/.mime.types","read";
permission java.io.FilePermission "/usr/apps/aa/wurfl-data.zip","read";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.fips140initialmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.fips140initialmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jsafe.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.eventhandler";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.integritycheck";
Permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.kat.fail";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.runtimetest.fail";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.testmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.no.verify.jar";
permission java.security.SecurityPermission "getProperty.com.rsa.crypto.default.random";
permission java.security.SecurityPermission "putProviderProperty.JsafeJCE";
permission java.security.SecurityPermission "insertProvider.JsafeJCE";
permission java.io.FilePermission "/WEB-INF/AdaptiveAuthenticationAdmin.wsdl", "read";
permission java.io.FilePermission "/tmp/-","read,write,delete";
permission java.io.FilePermission "/WEB-INF/AdaptiveAuthenticationAdmin.wsdl","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/spring-beans-2.5.6.SEC01.jar","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/spectjweaver-1.6.8.jar","read,write,delete";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/-", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/-", "read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
};
grant codeBase "file:${jars}" {
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "shutdownHooks";
permission com.ibm.oti.shared.SharedClassPermission "*", "read, write";
permission java.util.PropertyPermission "*", "write";
permission java.io.FilePermission "/web/soft/was61/-", "read";
permission java.io.FilePermission "/web/sites/st0/rsamf61/-","read, delete";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.io.FilePermission "/web/sites/st0/rsamf61/-","read, delete";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/_axis2*","read, write";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/lib/cryptoj-4.1.jar", "read, write, delete";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/lib/-", "read, write, delete";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jsafe.fips140initialmode";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml", "read";
permission java.io.FilePermission "/web/sites/st0/rsamf61/deployed/st0rsamf61.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.io.FilePermission "/AAOP/rsa/configs", "read, write, delete";
permission java.io.FilePermission "/AAOP/rsa/logs/-", "read, write, delete";
permission java.io.FilePermission "/AAOP/rsa/logs";
permission java.io.FilePermission "/AAOP/usr/IBM/java/jre/lib/-", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/lib/-", "read";
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war/axis2-web", "read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.editors";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war/axis2-web/-", "read, write, delete";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/AdaptiveAuthentication/AdaptiveAuthentication.war${/}","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/bnym/AdaptiveAuthentication.war/_axis2","read,write,delete";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.io.FilePermission "/AAOP/usr/IBM/properties/version/update/backup","read";
permission java.io.FilePermission "/AAOP/rsa/configs/c-applicationContext.xml","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/temp/psoqa97Node02/server1/bnym/AdaptiveAuthentication.war/_axis2/-", "read,write,delete";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/properties", "read";
permission java.io.FilePermission "/AAOP/rsa/geoip/database", "read";
permission java.io.FilePermission "/AAOP/usr/IBM","read";
permission java.io.FilePermission "/AAOP/usr/IBM/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/properties", "read";
permission java.io.FilePermission "/AAOP/rsa/configs/-","read";
permission java.io.FilePermission "/AAOP/rsa/configs/addPayee.st","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/-","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/staging","read";
permission java.io.FilePermission "/AAOP/rsa/geoip/archive","read";
permission java.io.FilePermission "/AAOP/usr/IBM/properties/version", "read";
permission java.io.FilePermission "/.mime.types","read";
permission java.io.FilePermission "/usr/apps/aa/wurfl-data.zip","read";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.fips140initialmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.fips140initialmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jsafe.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.kat.strategy";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.eventhandler";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.integritycheck";
Permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.kat.fail";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.testmode";
permission java.security.SecurityPermission "getProperty.com.rsa.cryptoj.jce.no.verify.jar";
permission java.security.SecurityPermission "getProperty.com.rsa.crypto.default.random";
permission java.security.SecurityPermission "putProviderProperty.JsafeJCE";
permission java.security.SecurityPermission "insertProvider.JsafeJCE";
permission java.io.FilePermission "/WEB-INF/AdaptiveAuthenticationAdmin.wsdl", "read";
permission java.io.FilePermission "/tmp/-","read,write,delete";
permission java.io.FilePermission "/WEB-INF/AdaptiveAuthenticationAdmin.wsdl","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/spring-beans-2.5.6.SEC01.jar","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/spectjweaver-1.6.8.jar","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/-","read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/lib/-", "read";
permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/-", "read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
};
grant codeBase "file:${application}" { permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-datasource.xml", "read"; permission java.io.FilePermission "/AAOP/usr/IBM/profiles/AppSrv01/installedApps/psoqa97Node01Cell/bnym.ear/AdaptiveAuthentication.war/WEB-INF/classes/configs/d-config-configService.xml", "read"; };
This step is must as well.
Copy .mar files from AA/WEB-INF/modules to AA/WEB-INF/lib and rename as.jar.
cp /modules/rsa-logging-module-1.1.0.mar -> /lib/rsa-logging-module-1.1.0.jar cp /modules/soapmonitor-1.4.mar -> /lib/soapmonitor-1.4.jar cp /modules/addressing-1.4.mar -> /lib/addressing-1.4.mar
That will load them with the class loader application classes first.
Related Articles
Changes to Forms in Workflow Approval and Activity Nodes require an application restart to take effect in RSA Identity Gov… Number of Views RSA Identity Governance and Lifecycle SAML SSO failing with error "Did not find user with attribute" Number of Views Change Requests missing information in SecurID Governance & Lifecycle Number of Views Change Requests stuck in the AFX Fulfillment Handler Workflow Node and Workflows Stalled in RSA Identity Governance & Life… Number of Views RSA Authentication Manager 8.6 Bulk Administration Utility (AMBA) Guide Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA Authentication Manager Patch Updates How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Artifacts to gather in RSA Identity Governance & Lifecycle
