Back to bug 1036872
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Brian Stansberry | 2013-12-02 19:36:38 UTC | Status | NEW | POST |
| Target Release | --- | EAP 6.2.CP0a | ||
| Assignee | jason.greene | kkhan | ||
| Brian Stansberry | 2013-12-02 20:37:23 UTC | Doc Text | Cause: When the Host Controller parses the value system properties passed into it via the Process Controller, it discards any data in the value beginning with any "=" character. Consequence: When setting the name of a policy file to use with a security manager, if the user wishes to not also use the policies specified in the JVM installation's java.security file, the name of the policy file to use should be prefixed with a "=". For example -Djava.security.policy==$PWD/server.policy If this approach is used, when the Host Controller starts a server it will provide null as the value of the java.security.policy setting, leading to the use of the policy files specified in the java.security file. This will likely lead to permission failures prevent boot of the server. Workaround (if any): 1) Edit the JVM's java.security file (typically at $JAVA_HOME/lib/security/java.security) and comment out any "policy.url" settings. For example #policy.url.1=file:${java.home}/lib/security/java.policy #policy.url.2=file:${user.home}/.java.policy Note that this will disable use of these policy files by any users of the JVM installation. If this is a concern, it is best to set up a separate JVM installation for EAP use and alter its configuration. 2) Remove the leading "=" from java.security.policy value; e.g. -Djava.security.policy=$PWD/server.policy Result: Only the settings in the specified policy file will be used. | |
| Doc Type | Bug Fix | Known Issue | ||
| Brian Stansberry | 2013-12-02 20:40:32 UTC | Blocks | 1027004 | |
| Russell Dickenson | 2013-12-03 14:04:35 UTC | CC | rdickens | |
| Doc Text | Cause: When the Host Controller parses the value system properties passed into it via the Process Controller, it discards any data in the value beginning with any "=" character. Consequence: When setting the name of a policy file to use with a security manager, if the user wishes to not also use the policies specified in the JVM installation's java.security file, the name of the policy file to use should be prefixed with a "=". For example -Djava.security.policy==$PWD/server.policy If this approach is used, when the Host Controller starts a server it will provide null as the value of the java.security.policy setting, leading to the use of the policy files specified in the java.security file. This will likely lead to permission failures prevent boot of the server. Workaround (if any): 1) Edit the JVM's java.security file (typically at $JAVA_HOME/lib/security/java.security) and comment out any "policy.url" settings. For example #policy.url.1=file:${java.home}/lib/security/java.policy #policy.url.2=file:${user.home}/.java.policy Note that this will disable use of these policy files by any users of the JVM installation. If this is a concern, it is best to set up a separate JVM installation for EAP use and alter its configuration. 2) Remove the leading "=" from java.security.policy value; e.g. -Djava.security.policy=$PWD/server.policy Result: Only the settings in the specified policy file will be used. | An issue has been identified in using the special prefix of `=` to disable the default policy files. The underlying cause is that when the Host Controller started a server, it provided `null` as the value of the java.security.policy setting, leading to the use of the policy files specified in the java.security file and possibly permission failures preventing server booting. Several workarounds are available: 1) Edit the JVM's java.security file (typically at $JAVA_HOME/lib/security/java.security) and comment out any "policy.url" settings. For example #policy.url.1=file:${java.home}/lib/security/java.policy #policy.url.2=file:${user.home}/.java.policy Note that this will disable use of these policy files by any users of the JVM installation. If this is a concern, it is best to set up a separate JVM installation for EAP use and alter its configuration. 2) Remove the leading "=" from java.security.policy value; e.g. -Djava.security.policy=$PWD/server.policy With these steps taken, only the settings in the specified policy file will be used. |
||
| Brian Stansberry | 2013-12-11 14:57:28 UTC | Blocks | 1040480 | |
| Brian Stansberry | 2013-12-13 20:11:47 UTC | Target Release | EAP 6.2.CP0a | EAP 6.2.1 |
| Carlo de Wolf | 2013-12-18 09:14:04 UTC | Blocks | 1044394 | |
| Carlo de Wolf | 2013-12-18 09:15:08 UTC | Blocks | 1040480 | |
| Carlo de Wolf | 2013-12-18 09:21:47 UTC | Target Release | EAP 6.2.1 | EAP 6.3.0 |
| CC | cdewolf | |||
| Blocks | 1027004 | |||
| Rostislav Svoboda | 2013-12-18 13:10:02 UTC | CC | rsvoboda | |
| Kabir Khan | 2014-01-07 09:21:56 UTC | Status | POST | MODIFIED |
| Target Milestone | --- | DR1 | ||
| Kabir Khan | 2014-01-08 12:02:33 UTC | Target Milestone | DR1 | DR0 |
| mark yarborough | 2014-01-14 13:50:38 UTC | CC | myarboro | |
| Summary | Cannot configure a security policy file setting that disables policy files specifies in JRE's java.security file | [CCC] (6.3) Cannot configure a security policy file setting that disables policy files specifies in JRE's java.security file | ||
| Paul Gier | 2014-02-11 23:53:48 UTC | Status | MODIFIED | ON_QA |
| Michal Karm Babacek | 2014-02-28 15:38:30 UTC | CC | mbabacek | |
| QA Contact | mbabacek | |||
| Michal Karm Babacek | 2014-02-28 17:47:27 UTC | Status | ON_QA | VERIFIED |
| Lucas Costi | 2014-05-13 05:48:28 UTC | CC | lcosti | |
| Doc Text | An issue has been identified in using the special prefix of `=` to disable the default policy files. The underlying cause is that when the Host Controller started a server, it provided `null` as the value of the java.security.policy setting, leading to the use of the policy files specified in the java.security file and possibly permission failures preventing server booting. Several workarounds are available: 1) Edit the JVM's java.security file (typically at $JAVA_HOME/lib/security/java.security) and comment out any "policy.url" settings. For example #policy.url.1=file:${java.home}/lib/security/java.policy #policy.url.2=file:${user.home}/.java.policy Note that this will disable use of these policy files by any users of the JVM installation. If this is a concern, it is best to set up a separate JVM installation for EAP use and alter its configuration. 2) Remove the leading "=" from java.security.policy value; e.g. -Djava.security.policy=$PWD/server.policy With these steps taken, only the settings in the specified policy file will be used. | An issue was identified in using the special prefix of `=` to disable the default policy files. The underlying cause was that when the Host Controller started a server, it provided `null` as the value of the `java.security.policy` setting, leading to the use of the policy files specified in the java.security file and possibly permission failures preventing server booting. This issue was fixed by modifying parsing of system properties so that the value of a system property whose value begins with "=" is no longer reset to `null` by the Host Controller when starting a server. | ||
| Doc Type | Known Issue | Bug Fix | ||
| mark yarborough | 2014-06-28 15:43:29 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2014-06-28 11:43:29 UTC |
Back to bug 1036872