grant permission entry in was.policy for utility jar underWEB-NIF/lib - Websphere

This is a discussion on grant permission entry in was.policy for utility jar underWEB-NIF/lib - Websphere ; Hi everybody, we're using Java2 security permissions to grant certain permissions only to parts of the application. This works pretty find for ejb-jar components, utility jars and while web applications. But I didn't accomplish to grant a permission to a ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: grant permission entry in was.policy for utility jar underWEB-NIF/lib

  1. grant permission entry in was.policy for utility jar underWEB-NIF/lib

    Hi everybody,

    we're using Java2 security permissions to grant certain permissions only to parts of the application.
    This works pretty find for ejb-jar components, utility jars and while web applications.

    But I didn't accomplish to grant a permission to a jar file that is contained in a web application and not to the whole web app.

    I've already tried things like
    grant codebase "file:MyWebApp.war/WEB-INF/lib/MyJar.jar" {
    ...
    };

    or
    grant codebase "file:${app.installed.path}/MyWebApp.war/WEB-INF/lib/MyJar.jar { .... };
    or
    grant codebase "${app.installed.path}/MyWebApp.war/WEB-INF/lib/MyJar.jar { .... };

    Even giving the complete absolute path to the jar file in the installedApps directory didn't work.

    Does anyone have a clue how to configure that?

    Thanks and kind regards,
    Robert Panzer

  2. Re: grant permission entry in was.policy for utility jar underWEB-NIF/lib

    Hi, I usually just use the jar name itself without the path. What type of errors are you receiving? Maybe you have the wrong permissions.

    Regards,
    Brian

  3. Re: grant permission entry in was.policy for utility jar underWEB-NIF/lib

    Hi, I just re-read what you wrote. The utility jar file belongs to either the Web or EJB containers. You should use those containers to control the permissions.

    Regards,
    brian

  4. Re: grant permission entry in was.policy for utility jar underWEB-NIF/lib

    Hi,

    I already achieved to give permissions to the whole web-app.
    But this isn't what we want.
    Our web application contains many modules, i.e. utility jars beneath WEB-INF/lib, providing different functionalities.
    We want to ensure that only some of them are allowed to access some sensitive data.
    For instance if we have an ear like this:
    MyApp.ear
    +-- MyEJB.jar
    +-- MyWebApp.war
    +-- WEB-INF
    +-- lib
    +-- ModuleA.jar
    +-- ModuleB.jar
    +-- ModuleC.jar

    and we define only MyWebApp.war/WEB-INF/lib/ModuleB.jar to have PermissionX granted, we can ignore ModuleA.jar and ModuleC.jar in a security audit.
    The number of modules that require the permission is much less than the number of modules that don't.

    So granting the permission to the whole web-app would generate additional effort for us.

    I hope my description isn't too weird.

    Thanks & kind regards,
    Robert

+ Reply to Thread