Task #1681: Configure security for MN tester - Infrastructure - DataONE Tasks

Task #1681

Configure security for MN tester

Added by Dave Vieglais over 13 years ago. Updated over 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Rob Nahf

Category:

d1_integration

Target version:

Sprint-2011.29-Block.4

Start date:

2011-07-16

Due date:

% Done:

100%

Estimated time:

2.00 h

Milestone:

CCI-0.6.2

Product Version:

Story Points:

Sprint:

Description

The MN tester fails with the defaul installation with a java security error:

java.security.AccessControlException: access denied (java.util.PropertyPermission context.mn.baseurl write)

Adding to /etc/tomcat6/policy.d/04webapps.policy

grant {
...
// d1_integration web testing needs to be able to set context with this property
permission java.util.PropertyPermission "context.mn.baseurl", "read, write, delete";
};

Fails with the same error message.

This solution works:

grant codeBase "file:/var/lib/tomcat6/webapps/d1_integration-0.6.2-SNAPSHOT/-" {
//permission java.io.FilePermission "/var/lib/tomcat6/webapps/d1_integration-0.6.2-SNAPSHOT/-", "read, write, delete";
//permission java.util.PropertyPermission "context.mn.baseurl", "read, write, delete";
permission java.security.AllPermission;
};

though is unsatisfactory as it grants AllPermissions to the app.

What are the permissions required for the application, and how should java security be appropriately configured?

History

#1 Updated by Rob Nahf over 12 years ago

Status changed from New to Closed
% Done changed from 0 to 100

security seems to be OK. I don't recall what we did to make it work, though.

Also available in: Atom PDF

Project

General

Profile

Infrastructure

Issues

Custom queries

Task #1681

Configure security for MN tester

History

#1 Updated by Rob Nahf over 12 years ago