JAAS and WebLogic 10.3: Granting specific codebase permissions to a JAR bundled within an EAR

Posted by Jason on Stack Overflow See other posts from Stack Overflow or by Jason
Published on 2010-04-02T14:18:12Z Indexed on 2010/04/02 14:23 UTC
Read the original article Hit count: 397

Filed under:
|
|
|

Here's my scenario:

I have a JAR within the APP-INF/lib of my EAR, to be deployed within WebLogic 10g Release 3 against which I wish to grant specific permissions.

e.g.,

grant codebase "file:/c:/somedir/my.jar" {
  permission java.net.SocketPermission "*:-","accept,connect,listen, resolve";
  permission java.net.SocketPermission "localhost:-","accept,connect,listen,resolve";
  permission java.net.SocketPermission "127.0.0.1:-","accept,connect,listen,resolve";
  permission java.net.SocketPermission "230.0.0.1:-","accept,connect,listen,resolve";
  permission java.util.PropertyPermission "*", "read,write";
  permission java.lang.RuntimePermission "*";
  permission java.io.FilePermission "<<ALL FILES>>","read,write,delete";
  permission javax.security.auth.AuthPermission "*";
  permission java.security.SecurityPermission "*";
};

Questions:

  1. Where is the best place to define this grant - in the java.policy of the JRE, WL server's weblogic.policy, or within a XML packaged within the EAR

  2. How do I define the codebase URL to the JAR? The examples I have seen have an explicit reference to the JAR on the file system, however I am deploying the JAR packaged up within an EAR.

Thanks!

© Stack Overflow or respective owner

Related posts about jaas

Related posts about weblogic