diff --git a/appserver/admin/admin-core/src/test/resources/UpgradeTest.xml b/appserver/admin/admin-core/src/test/resources/UpgradeTest.xml index 032daebfa82..408d6ec2357 100644 --- a/appserver/admin/admin-core/src/test/resources/UpgradeTest.xml +++ b/appserver/admin/admin-core/src/test/resources/UpgradeTest.xml @@ -198,7 +198,6 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Xmx512m -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/appserver/admin/template/src/main/resources/config/domain.xml b/appserver/admin/template/src/main/resources/config/domain.xml index c30fa534715..67217ee6580 100644 --- a/appserver/admin/template/src/main/resources/config/domain.xml +++ b/appserver/admin/template/src/main/resources/config/domain.xml @@ -166,7 +166,6 @@ -Djavax.xml.accessExternalSchema=all -Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -368,7 +367,6 @@ -Djdk.tls.rejectClientInitiatedRenegotiation=true -Djdk.xml.totalEntitySizeLimit=50000000 -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/appserver/admingui/common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java b/appserver/admingui/common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java index 97e152256ee..f6f760acc11 100644 --- a/appserver/admingui/common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java +++ b/appserver/admingui/common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java @@ -736,84 +736,4 @@ else if (providerMap.get("providerType").equals("client-server")) { } } - - @Handler(id="saveSecurityManagerValue", - input={ - @HandlerInput(name="configName", type=String.class), - @HandlerInput(name="value", type=String.class, required=true) - }) - public static void saveSecurityManagerValue(HandlerContext handlerCtx){ - try { - String configName = (String) handlerCtx.getInputValue("configName"); - if (GuiUtil.isEmpty(configName)) - configName = "server-config"; - String endpoint = GuiUtil.getSessionValue("REST_URL") + - "/configs/config/" + configName + "/java-config/jvm-options.json"; - ArrayList list; - Map result = (HashMap) RestUtil.restRequest(endpoint, null, "GET", null, false).get("data"); - list = (ArrayList) ((Map) result.get("extraProperties")).get("leafList"); - if (list == null) - list = new ArrayList(); - Boolean status = isSecurityManagerEnabled(list); - String value= (String) handlerCtx.getInputValue("value"); - Boolean userValue = Boolean.valueOf(value); - if (status.equals(userValue)){ - //no need to change - return; - } - - ArrayList newOptions = new ArrayList(); - Object [] origOptions = list.toArray(); - if (userValue){ - for(int i=0; i payload = new HashMap(); - payload.put("target", configName); - for (String option : newOptions) { - String option1 = UtilHandlers.escapePropertyValue(option); - ArrayList kv = InstanceHandler.getKeyValuePair(option1); - payload.put((String)kv.get(0), kv.get(1)); - } - RestUtil.restRequest(endpoint, payload, "POST", handlerCtx, false); - }catch(Exception ex){ - GuiUtil.handleException(handlerCtx, ex); - } - } - - @Handler(id="getSecurityManagerValue", - input={ - @HandlerInput(name="endpoint", type=String.class), - @HandlerInput(name="attrs", type=Map.class, required=false)}, - output={ - @HandlerOutput(name="value", type=String.class)} - ) - public static void getSecurityManagerValue(HandlerContext handlerCtx){ - ArrayList list = InstanceHandler.getJvmOptions(handlerCtx); - handlerCtx.setOutputValue("value", isSecurityManagerEnabled(list).toString()); - } - - private static Boolean isSecurityManagerEnabled(List jvmOptions){ - for(String jvmOption : jvmOptions){ - if (jvmOption.trim().equals(JVM_OPTION_SECURITY_MANAGER) || - jvmOption.trim().startsWith(JVM_OPTION_SECURITY_MANAGER_WITH_EQUAL)){ - return Boolean.TRUE; - } - } - return Boolean.FALSE; - } - - private static final String JVM_OPTION_SECURITY_MANAGER = "-Djava.security.manager"; - private static final String JVM_OPTION_SECURITY_MANAGER_WITH_EQUAL = "-Djava.security.manager="; - } diff --git a/appserver/appclient/client/acc-standalone/src/main/java/org/glassfish/appclient/client/acc/agent/CLIBootstrap.java b/appserver/appclient/client/acc-standalone/src/main/java/org/glassfish/appclient/client/acc/agent/CLIBootstrap.java index bf280f2713d..ba7169f1c75 100644 --- a/appserver/appclient/client/acc-standalone/src/main/java/org/glassfish/appclient/client/acc/agent/CLIBootstrap.java +++ b/appserver/appclient/client/acc-standalone/src/main/java/org/glassfish/appclient/client/acc/agent/CLIBootstrap.java @@ -77,8 +77,6 @@ public class CLIBootstrap { static final String ENV_VAR_PROP_PREFIX = "acc."; - - private final static String SECURITY_POLICY_PROPERTY_EXPR = "-Djava.security.policy="; private final static String SECURITY_AUTH_LOGIN_CONFIG_PROPERTY_EXPR = "-Djava.security.auth.login.config="; private final static String SYSPROP_SYSTEM_CLASS_LOADER = "-Djava.system.class.loader="; @@ -293,7 +291,6 @@ private void addProperties(final StringBuilder command) { command.append(' ').append(SYSPROP_SYSTEM_CLASS_LOADER).append("org.glassfish.appclient.client.acc.agent.ACCAgentClassLoader"); command.append(' ').append("-D").append(INSTALL_ROOT.getSystemPropertyName()).append('=').append(quote(gfInfo.home().getAbsolutePath())); command.append(' ').append("-Dorg.glassfish.gmbal.no.multipleUpperBoundsException=true"); - command.append(' ').append(SECURITY_POLICY_PROPERTY_EXPR).append(quote(gfInfo.securityPolicy().getAbsolutePath())); command.append(' ').append(SECURITY_AUTH_LOGIN_CONFIG_PROPERTY_EXPR).append(quote(gfInfo.loginConfig().toExternalForm())); } diff --git a/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/JWSAppClientContainerMain.java b/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/JWSAppClientContainerMain.java index 154a27978a2..4aca769467b 100644 --- a/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/JWSAppClientContainerMain.java +++ b/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/JWSAppClientContainerMain.java @@ -93,8 +93,6 @@ public static void main(String[] args) { processJWSArgs(); final String agentArgsText = System.getProperty("agent.args"); - LaunchSecurityHelper.setPermissions(); - // Prevent the Java Web Start class loader from delegating to its parent when resolving // classes and resources that should come from the GlassFish-provided endorsed JARs. insertMaskingLoader(); diff --git a/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/jws/boot/JWSACCMain.java b/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/jws/boot/JWSACCMain.java index e5ee12509cb..a254f1dbe95 100644 --- a/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/jws/boot/JWSACCMain.java +++ b/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/jws/boot/JWSACCMain.java @@ -29,17 +29,13 @@ import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; import java.net.MalformedURLException; -import java.net.URI; import java.net.URISyntaxException; import java.net.URL; -import java.security.Policy; -import java.text.MessageFormat; import java.util.ResourceBundle; import java.util.Vector; import javax.swing.SwingUtilities; -import org.glassfish.appclient.client.acc.AppClientContainer; import org.glassfish.appclient.client.acc.JWSACCClassLoader; import static org.glassfish.main.jdke.props.SystemProperties.setProperty; @@ -62,9 +58,6 @@ */ public class JWSACCMain implements Runnable { - /** name of the permissions template */ - private static final String PERMISSIONS_TEMPLATE_NAME = "jwsclient.policy"; - /** placeholder used in the policy template to substitute dynamically-generated grant clauses */ private static final String GRANT_CLAUSES_PROPERTY_EXPR = "${grant.clauses}"; @@ -79,11 +72,6 @@ public class JWSACCMain implements Runnable { private static final String JWSACC_RUN_ON_SWING_THREAD = "RunOnSwingThread"; - /** grant clause template for dynamically populating the policy */ - private static final String GRANT_CLAUSE_TEMPLATE = "grant codeBase \"{0}\" '{'\n" + - " permission java.security.AllPermission;\n" + - "'}';"; - /** * request to exit the JVM upon return from the client - should be set (via * the -jwsacc command-line argument value) only for @@ -138,12 +126,6 @@ public static void main(String[] args) { throw new IllegalArgumentException(rb.getString("jwsacc.errorLocJARs"), thr); } - /* - *Before creating the new instance of the real ACC main, set permissions - *so ACC and the user's app client can function properly. - */ - setPermissions(); - /* *Make sure that the main ACC class is instantiated and run in the *same thread. Java Web Start may not normally do so. @@ -274,37 +256,6 @@ private static void processJWSArgs(Vector args) { } } - private static void setPermissions() { - try { - /* - */ - String permissionsTemplate = loadResource(JWSACCMain.class, PERMISSIONS_TEMPLATE_NAME); - - /* - *Prepare the grant clauses for the downloaded jars and substitute - *those clauses into the policy template. - */ - StringBuilder grantClauses = new StringBuilder(); - - for (URL url : downloadedJarURLs) { - grantClauses.append(MessageFormat.format(GRANT_CLAUSE_TEMPLATE, url.toExternalForm())); - } - - for (URL url : persistenceJarURLs) { - grantClauses.append(MessageFormat.format(GRANT_CLAUSE_TEMPLATE, url.toExternalForm())); - } - - String substitutedPermissionsTemplate = permissionsTemplate.replace(GRANT_CLAUSES_PROPERTY_EXPR, grantClauses.toString()); - boolean retainTempFiles = Boolean.getBoolean(AppClientContainer.APPCLIENT_RETAIN_TEMP_FILES_PROPERTYNAME); - File policyFile = writeTextToTempFile(substitutedPermissionsTemplate, "jwsacc", ".policy", retainTempFiles); - - refreshPolicy(policyFile); - - } catch (IOException ioe) { - throw new RuntimeException("Error loading permissions template", ioe); - } - } - /** *Locates the first free policy.url.x setting. *@return the int value for the first unused policy setting @@ -324,13 +275,6 @@ public static int firstFreePolicyIndex() { *as additional policy. *@param policyFile the file containing additional policy */ - public static void refreshPolicy(File policyFile) { - int idx = firstFreePolicyIndex(); - URI policyFileURI = policyFile.toURI(); - java.security.Security.setProperty("policy.url." + idx, policyFileURI.toASCIIString()); - Policy p = Policy.getPolicy(); - p.refresh(); - } /** *The methods below are duplicates from the com.sun.enterprise.appclient.jws.Util class. diff --git a/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/jws/boot/LaunchSecurityHelper.java b/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/jws/boot/LaunchSecurityHelper.java index d72b6074845..859cd8d6626 100644 --- a/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/jws/boot/LaunchSecurityHelper.java +++ b/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/jws/boot/LaunchSecurityHelper.java @@ -21,8 +21,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.net.URI; -import java.security.Policy; import org.glassfish.appclient.client.acc.AppClientContainer; import org.glassfish.appclient.client.acc.Util; @@ -37,25 +35,6 @@ public class LaunchSecurityHelper { private static final String SYSTEM_CODEBASE_PROPERTY = "appclient.system.codebase"; private static final int BUFFER_SIZE = 1024; - public static void setPermissions() { - try { - /* - * Get the permissions template and write it to a temporary file. - */ - final String permissionsTemplate = loadResource(LaunchSecurityHelper.class, PERMISSIONS_TEMPLATE_NAME); - - /* - * The Java security logic will process property references in - * the policy file template automatically. - */ - boolean retainTempFiles = Boolean.getBoolean(AppClientContainer.APPCLIENT_RETAIN_TEMP_FILES_PROPERTYNAME); - File policyFile = Util.writeTextToTempFile(permissionsTemplate, "jwsacc", ".policy", retainTempFiles); - refreshPolicy(policyFile); - - } catch (IOException ioe) { - throw new RuntimeException("Error loading permissions template", ioe); - } - } /** * Retrieves a resource as a String. @@ -115,11 +94,5 @@ private static int firstFreePolicyIndex() { * as additional policy. * @param policyFile the file containing additional policy */ - private static void refreshPolicy(File policyFile) { - int idx = firstFreePolicyIndex(); - URI policyFileURI = policyFile.toURI(); - java.security.Security.setProperty("policy.url." + idx, policyFileURI.toASCIIString()); - Policy p = Policy.getPolicy(); - p.refresh(); - } + } diff --git a/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/common/ClientClassLoaderDelegate.java b/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/common/ClientClassLoaderDelegate.java index ed04f73c3ac..50fd7d22190 100644 --- a/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/common/ClientClassLoaderDelegate.java +++ b/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/common/ClientClassLoaderDelegate.java @@ -33,31 +33,6 @@ public class ClientClassLoaderDelegate { public ClientClassLoaderDelegate(URLClassLoader cl) { this.cl = cl; - loadPemissions(); - } - - private void loadPemissions() { - try { - processDeclaredPermissions(); - } catch (IOException e) { - throw new RuntimeException(e); - } - } - - private void processDeclaredPermissions() throws IOException { - if (System.getSecurityManager() == null) { - return; - } - - PermissionCollection declaredPermissionCollection = PermissionsUtil.getClientDeclaredPermissions(cl); - - PermissionCollection eePc = PermissionsUtil.getClientEEPolicy(cl); - PermissionCollection eeRestriction = PermissionsUtil.getClientRestrictPolicy(cl); - - SMGlobalPolicyUtil.checkRestriction(eePc, eeRestriction); - SMGlobalPolicyUtil.checkRestriction(declaredPermissionCollection, eeRestriction); - - permHolder = new PermsHolder(eePc, declaredPermissionCollection, eeRestriction); } public PermissionCollection getCachedPerms(CodeSource codesource) { diff --git a/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/common/PermissionsUtil.java b/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/common/PermissionsUtil.java index 9f58dba1457..07a06f19f99 100644 --- a/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/common/PermissionsUtil.java +++ b/appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/common/PermissionsUtil.java @@ -17,22 +17,13 @@ import com.sun.enterprise.security.ee.perms.XMLPermissionsHandler; -import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URISyntaxException; import java.net.URL; -import java.security.CodeSource; -import java.security.NoSuchAlgorithmException; import java.security.PermissionCollection; -import java.security.Policy; -import java.security.URIParameter; -import java.security.cert.Certificate; import javax.xml.stream.XMLStreamException; -import static com.sun.enterprise.security.ee.perms.SMGlobalPolicyUtil.CLIENT_TYPE_CODESOURCE; import static com.sun.enterprise.security.ee.perms.SMGlobalPolicyUtil.CommponentType.car; public class PermissionsUtil { @@ -63,64 +54,4 @@ public static PermissionCollection getClientDeclaredPermissions(ClassLoader clas } } - // get the permissions configured inside the javaee.client.policy, - // which might be packaged inside the client jar, - // or from the installed folder lib/appclient - // result could be null if either of the above is found - public static PermissionCollection getClientEEPolicy(ClassLoader classLoader) throws IOException { - return getClientPolicy(classLoader, CLIENT_EE_PERMS_PKG, CLIENT_EE_PERMS_FILE); - } - - // get the permissions configured inside the javaee.client.policy, - // which might be packaged inside the client jar, - // or from the installed folder lib/appclient - // result could be null if either of the above is found - public static PermissionCollection getClientRestrictPolicy(ClassLoader classLoader) throws IOException { - return getClientPolicy(classLoader, CLIENT_RESTRICT_PERMS_PKG, CLIENT_RESTRICT_PERMS_FILE); - } - - private static PermissionCollection getClientPolicy(ClassLoader classLoader, String pkgedFile, String policyFileName) throws IOException { - - // 1st try to find from the packaged client jar - URL eeClientUrl = classLoader.getResource(pkgedFile); - if (eeClientUrl != null) - return getEEPolicyPermissions(eeClientUrl); - - // 2nd try to find from client's installation at lib/appclient folder - String clientPolicyClocation = getClientInstalledPath(); - if (clientPolicyClocation != null) { - return getPolicyPermissions(clientPolicyClocation + policyFileName); - } - - return null; - - } - - private static PermissionCollection getPolicyPermissions(String policyFilename) throws IOException { - if (!new File(policyFilename).exists()) { - return null; - } - - return getEEPolicyPermissions(new URL("file:" + policyFilename)); - } - - private static PermissionCollection getEEPolicyPermissions(URL fileUrl) throws IOException { - try { - return - Policy.getInstance("JavaPolicy", new URIParameter(fileUrl.toURI())) - .getPermissions(new CodeSource(new URL(CLIENT_TYPE_CODESOURCE), (Certificate[]) null)); - } catch (NoSuchAlgorithmException | MalformedURLException | URISyntaxException e) { - throw new IllegalStateException(e); - } - } - - private static String getClientInstalledPath() { - String policyPath = System.getProperty("java.security.policy"); - if (policyPath == null) { - return null; - } - - return new File(policyPath).getParent() + File.separator; - } - } diff --git a/appserver/appclient/client/appclient-scripts/src/main/resources/glassfish/bin/appclient.js b/appserver/appclient/client/appclient-scripts/src/main/resources/glassfish/bin/appclient.js index 8facac7be60..25186598ba4 100644 --- a/appserver/appclient/client/appclient-scripts/src/main/resources/glassfish/bin/appclient.js +++ b/appserver/appclient/client/appclient-scripts/src/main/resources/glassfish/bin/appclient.js @@ -43,7 +43,6 @@ var appcPath = envVars("APPCPATH"); var accJar=quoteStringIfNeeded(AS_INSTALL + "\\lib\\gf-client.jar"); var jvmArgs="-Dcom.sun.aas.installRoot=" + quoteStringIfNeeded(AS_INSTALL) + - " -Djava.security.policy=" + quoteStringIfNeeded(AS_INSTALL + "\\lib\\appclient\\client.policy") + " -Djava.system.class.loader=org.glassfish.appclient.client.acc.agent.ACCAgentClassLoader" + " -Djava.security.auth.login.config=" + quoteStringIfNeeded(AS_INSTALL + "\\lib\\appclient\\appclientlogin.conf"); var VMARGS = envVars("VMARGS"); diff --git a/appserver/connectors/admin/src/test/resources/DomainTest.xml b/appserver/connectors/admin/src/test/resources/DomainTest.xml index e3cb9792a5c..517178c0ce5 100644 --- a/appserver/connectors/admin/src/test/resources/DomainTest.xml +++ b/appserver/connectors/admin/src/test/resources/DomainTest.xml @@ -134,7 +134,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 diff --git a/appserver/connectors/connectors-internal-api/src/test/resources/DomainTest.xml b/appserver/connectors/connectors-internal-api/src/test/resources/DomainTest.xml index 733999eb277..90d095c39c2 100644 --- a/appserver/connectors/connectors-internal-api/src/test/resources/DomainTest.xml +++ b/appserver/connectors/connectors-internal-api/src/test/resources/DomainTest.xml @@ -128,7 +128,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 diff --git a/appserver/connectors/connectors-internal-api/src/test/resources/PasswordAliasTest.xml b/appserver/connectors/connectors-internal-api/src/test/resources/PasswordAliasTest.xml index 04085641b58..45f1f4551be 100644 --- a/appserver/connectors/connectors-internal-api/src/test/resources/PasswordAliasTest.xml +++ b/appserver/connectors/connectors-internal-api/src/test/resources/PasswordAliasTest.xml @@ -137,7 +137,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m diff --git a/appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/ConnectorRuntime.java b/appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/ConnectorRuntime.java index de15b84887b..ff08e61528c 100755 --- a/appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/ConnectorRuntime.java +++ b/appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/ConnectorRuntime.java @@ -651,12 +651,12 @@ public String[] getSystemConnectorsAllowingPoolCreation() { @Override public String[] getConnectionDefinitionNames(String rarName) throws ConnectorRuntimeException { - return configParserAdmService.getConnectionDefinitionNames(rarName); + return null; } @Override public String getSecurityPermissionSpec(String moduleName) throws ConnectorRuntimeException { - return configParserAdmService.getSecurityPermissionSpec(moduleName); + return null; } @Override diff --git a/appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/service/ConnectorConfigurationParserServiceImpl.java b/appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/service/ConnectorConfigurationParserServiceImpl.java index 661165264bd..bc4d65553ec 100755 --- a/appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/service/ConnectorConfigurationParserServiceImpl.java +++ b/appserver/connectors/connectors-runtime/src/main/java/com/sun/enterprise/connectors/service/ConnectorConfigurationParserServiceImpl.java @@ -21,18 +21,10 @@ import com.sun.enterprise.connectors.util.AdminObjectConfigParser; import com.sun.enterprise.connectors.util.ConnectorConfigParser; import com.sun.enterprise.connectors.util.ConnectorConfigParserFactory; -import com.sun.enterprise.connectors.util.MCFConfigParser; import com.sun.enterprise.connectors.util.MessageListenerConfigParser; import com.sun.enterprise.deployment.ConnectorDescriptor; -import com.sun.enterprise.deployment.SecurityPermission; -import java.io.BufferedReader; -import java.io.File; -import java.io.FileReader; -import java.util.Iterator; import java.util.Properties; -import java.util.Set; -import java.util.logging.Level; /** @@ -48,106 +40,6 @@ public class ConnectorConfigurationParserServiceImpl extends ConnectorService { public ConnectorConfigurationParserServiceImpl() { } - /** - * Obtains the Permission string that needs to be added to the - * to the security policy files. These are the security permissions needed - * by the resource adapter implementation classes. - * These strings are obtained by parsing the ra.xml - * - * @param moduleName rar module Name - * @return Required policy permissions in server.policy file - * @throws ConnectorRuntimeException If rar.xml parsing fails. - */ - public String getSecurityPermissionSpec(String moduleName) - throws ConnectorRuntimeException { - - if (moduleName == null) { - return null; - } - String policyString = null; - - //check whether the policy file already has required permissions. - String fileName = System.getProperty("java.security.policy"); - if (fileName != null) { - File policyFile = new File(fileName); - String policyContent = getFileContent(policyFile); - - ConnectorDescriptor connectorDescriptor = getConnectorDescriptor(moduleName); - Set securityPermissions = connectorDescriptor.getSecurityPermissions(); - Iterator it = securityPermissions.iterator(); - SecurityPermission secPerm = null; - String permissionString = null; - - while (it.hasNext()) { - secPerm = (SecurityPermission) it.next(); - permissionString = secPerm.getPermission(); - if(permissionString != null) { - int intIndex = policyContent.indexOf(permissionString); - if (intIndex == -1) { - if (policyString != null) { - policyString = policyString + "\n \n" + permissionString; - } else { - policyString = "\n\n" + permissionString; - } - } - } - } - - //print the missing permissions - if (policyString != null) { - policyString = CAUTION_MESSAGE + policyString; - } - } - return policyString; - } - - /** - * Obtain the content of server.policy file - * - * @param file File server.policy file - * @return String content of server.policy file - */ - public String getFileContent(File file) { - StringBuilder contents = new StringBuilder(); - BufferedReader input = null; - try { - input = new BufferedReader(new FileReader(file)); - try { - String line = null; - while ((line = input.readLine()) != null) { - contents.append(line); - contents.append(System.getProperty("line.separator")); - } - } finally { - input.close(); - } - } - catch (Exception ex) { - _logger.log(Level.WARNING, "Exception while performing resource-adapter's " + - "security permission check : ", ex); - } - return contents.toString(); - } - - /** Obtains all the Connection definition names of a rar - * @param rarName rar moduleName - * @return Array of connection definition names. - */ - public String[] getConnectionDefinitionNames(String rarName) - throws ConnectorRuntimeException - { - - String[] result = new String[0]; - ConnectorDescriptor desc = getConnectorDescriptor(rarName); - if(desc != null) { - MCFConfigParser mcfConfigParser = (MCFConfigParser) - ConnectorConfigParserFactory.getParser(ConnectorConfigParser.MCF); - return mcfConfigParser.getConnectionDefinitionNames(desc); - } else { - return result; - } - } - /** * Retrieves the Resource adapter javabean properties with default values. * The default values will the values present in the ra.xml. If the diff --git a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java index 975213665d9..fee1ea13ba8 100644 --- a/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java +++ b/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java @@ -26,13 +26,11 @@ import com.sun.enterprise.security.common.AppservAccessController; import com.sun.enterprise.security.ee.SecurityUtil; import com.sun.enterprise.security.ee.audit.AppServerAuditManager; -import com.sun.enterprise.security.ee.authorize.PolicyContextHandlerImpl; import com.sun.enterprise.security.ee.authorize.cache.PermissionCache; import com.sun.enterprise.security.ee.authorize.cache.PermissionCacheFactory; import com.sun.logging.LogDomains; import jakarta.security.jacc.EJBMethodPermission; -import jakarta.security.jacc.PolicyContext; import java.lang.reflect.Method; import java.net.MalformedURLException; @@ -68,7 +66,6 @@ import org.glassfish.external.probe.provider.StatsProviderManager; import org.glassfish.security.common.Role; -import static java.lang.System.getSecurityManager; import static java.util.Collections.synchronizedMap; import static java.util.logging.Level.FINE; import static java.util.logging.Level.SEVERE; @@ -91,8 +88,6 @@ public final class EJBSecurityManager implements SecurityManager { private static final Logger _logger = LogDomains.getLogger(EJBSecurityManager.class, LogDomains.EJB_LOGGER); - private static final PolicyContextHandlerImpl pcHandlerImpl = PolicyContextHandlerImpl.getInstance(); - // We use two protection domain caches until we decide how to // set the applicationCodeSource in the protection domain of system apps. // @@ -200,7 +195,6 @@ public boolean authorize(ComponentInvocation componentInvocation) { return ejbInvocation.getAuth().booleanValue(); } - pcHandlerImpl.getHandlerData().setInvocation(ejbInvocation); SecurityContext securityContext = SecurityContext.getCurrent(); @@ -293,7 +287,7 @@ public Object invoke(Method beanClassMethod, boolean isLocal, Object bean, Objec // System Security Manager is disabled. // Still need to execute it within the target bean's policy context. // see CR 6331550 - if ((isLocal && getUsesCallerIdentity()) || getSecurityManager() == null) { + if ((isLocal && getUsesCallerIdentity())) { return authorizationService.invokeBeanMethod(bean, beanClassMethod, methodParameters); } @@ -550,25 +544,7 @@ public Object run() { @Override public void resetPolicyContext() { - if (System.getSecurityManager() == null) { - PolicyContextHandlerImpl.getInstance().reset(); - PolicyContext.setContextID(null); - return; - } - try { - AppservAccessController.doPrivileged(new PrivilegedExceptionAction<>() { - @Override - public Object run() throws Exception { - PolicyContextHandlerImpl.getInstance().reset(); - PolicyContext.setContextID(null); - return null; - } - }); - } catch (PrivilegedActionException pae) { - _logger.log(SEVERE, "Unexpected exception manipulating policy context", pae); - throw new RuntimeException(pae); - } } private SecurityContext getSecurityContext() { diff --git a/appserver/jdbc/admin/src/test/resources/DomainTest.xml b/appserver/jdbc/admin/src/test/resources/DomainTest.xml index 8160668d34a..af628c4d859 100644 --- a/appserver/jdbc/admin/src/test/resources/DomainTest.xml +++ b/appserver/jdbc/admin/src/test/resources/DomainTest.xml @@ -119,7 +119,7 @@ -client - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 diff --git a/appserver/jdbc/jdbc-runtime/src/test/resources/DomainTest.xml b/appserver/jdbc/jdbc-runtime/src/test/resources/DomainTest.xml index 67defe4336a..779f9cc064b 100644 --- a/appserver/jdbc/jdbc-runtime/src/test/resources/DomainTest.xml +++ b/appserver/jdbc/jdbc-runtime/src/test/resources/DomainTest.xml @@ -142,7 +142,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 diff --git a/appserver/orb/orb-connector/src/test/resources/DomainTest.xml b/appserver/orb/orb-connector/src/test/resources/DomainTest.xml index 87460ecffe0..24435e9f9be 100644 --- a/appserver/orb/orb-connector/src/test/resources/DomainTest.xml +++ b/appserver/orb/orb-connector/src/test/resources/DomainTest.xml @@ -128,7 +128,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 diff --git a/appserver/resources/mail/mail-connector/src/test/resources/DomainTest.xml b/appserver/resources/mail/mail-connector/src/test/resources/DomainTest.xml index e3cb9792a5c..517178c0ce5 100644 --- a/appserver/resources/mail/mail-connector/src/test/resources/DomainTest.xml +++ b/appserver/resources/mail/mail-connector/src/test/resources/DomainTest.xml @@ -134,7 +134,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 diff --git a/appserver/resources/resources-connector/src/test/resources/DomainTest.xml b/appserver/resources/resources-connector/src/test/resources/DomainTest.xml index e32bdf6f3b1..27f89949f6a 100644 --- a/appserver/resources/resources-connector/src/test/resources/DomainTest.xml +++ b/appserver/resources/resources-connector/src/test/resources/DomainTest.xml @@ -125,7 +125,7 @@ -Djavax.xml.accessExternalSchema=all -Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/JavaEESecurityLifecycle.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/JavaEESecurityLifecycle.java index febbf218778..1c5f5c7cf2b 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/JavaEESecurityLifecycle.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/JavaEESecurityLifecycle.java @@ -61,19 +61,6 @@ public void postConstruct() { @Override public void onInitialization() { - java.lang.SecurityManager securityManager = System.getSecurityManager(); - - // TODO: need someway to not override the SecMgr if the EmbeddedServer was - // run with a different non-default SM. - // right now there seems no way to find out if the SM is the VM's default SM. - if (securityManager != null && !J2EESecurityManager.class.equals(securityManager.getClass())) { - try { - System.setSecurityManager(new J2EESecurityManager()); - } catch (SecurityException ex) { - LOG.log(WARNING, "Could not override SecurityManager"); - } - } - initializeJakartaAuthentication(); } diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/SecurityUtil.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/SecurityUtil.java index 54914c5a576..3b24991f09b 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/SecurityUtil.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/SecurityUtil.java @@ -28,7 +28,6 @@ import jakarta.security.jacc.PolicyConfigurationFactory; import jakarta.security.jacc.PolicyContextException; -import java.security.Policy; import java.util.Collection; import java.util.logging.Logger; @@ -106,10 +105,7 @@ public static void removePolicy(String contextId) throws IASSecurityException { // find the PolicyConfig and delete it. PolicyConfiguration pc = PolicyConfigurationFactory.getPolicyConfigurationFactory().getPolicyConfiguration(contextId, false); pc.delete(); - // Only do refresh policy if the deleted context was in service - if (wasInService) { - Policy.getPolicy().refresh(); - } + } catch (ClassNotFoundException cnfe) { String msg = localStrings.getLocalString("enterprise.security.securityutil.classnotfound", diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/HandlerData.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/HandlerData.java index 27dc99273d7..a1b63f64545 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/HandlerData.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/HandlerData.java @@ -54,34 +54,6 @@ public void setInvocation(ComponentInvocation inv) { this.inv = inv; } - public Object get(String key) { - if (PolicyContextHandlerImpl.HTTP_SERVLET_REQUEST.equalsIgnoreCase(key)) { - return httpReq; - } - if (PolicyContextHandlerImpl.SUBJECT.equalsIgnoreCase(key)) { - return SecurityContext.getCurrent().getSubject(); - } - if (PolicyContextHandlerImpl.REUSE.equalsIgnoreCase(key)) { - PermissionCacheFactory.resetCaches(); - return Integer.valueOf(0); - } - - if (inv == null) { - return null; - } - - if (PolicyContextHandlerImpl.SOAP_MESSAGE.equalsIgnoreCase(key)) { - return ejbDelegate != null ? ejbDelegate.getSOAPMessage(inv) : null; - } - if (PolicyContextHandlerImpl.ENTERPRISE_BEAN.equalsIgnoreCase(key)) { - return ejbDelegate != null ? ejbDelegate.getEnterpriseBean(inv) : null; - } - if (PolicyContextHandlerImpl.EJB_ARGUMENTS.equalsIgnoreCase(key)) { - return ejbDelegate != null ? ejbDelegate.getEJbArguments(inv) : null; - } - return null; - } - void reset() { httpReq = null; inv = null; diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/PolicyContextHandlerImpl.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/PolicyContextHandlerImpl.java index 5510d6e71a6..d9362c42bf4 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/PolicyContextHandlerImpl.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/PolicyContextHandlerImpl.java @@ -34,15 +34,11 @@ public class PolicyContextHandlerImpl implements PolicyContextHandler { public static final String ENTERPRISE_BEAN = "jakarta.ejb.EnterpriseBean"; public static final String EJB_ARGUMENTS = "jakarta.ejb.arguments"; public static final String SUBJECT = "javax.security.auth.Subject.container"; - public static final String REUSE = "java.security.Policy.supportsReuse"; private static PolicyContextHandlerImpl pchimpl = null; private ThreadLocal thisHandlerData = new ThreadLocal(); - private PolicyContextHandlerImpl() { - } - private synchronized static PolicyContextHandlerImpl _getInstance() { if (pchimpl == null) { pchimpl = new PolicyContextHandlerImpl(); @@ -50,15 +46,6 @@ private synchronized static PolicyContextHandlerImpl _getInstance() { return pchimpl; } - public static PolicyContextHandlerImpl getInstance() { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(new SecurityPermission("setPolicy")); - } - - return _getInstance(); - } - @Override public boolean supports(String key) { String[] s = getKeys(); @@ -72,14 +59,13 @@ public boolean supports(String key) { @Override public String[] getKeys() { - String[] s = { HTTP_SERVLET_REQUEST, SOAP_MESSAGE, ENTERPRISE_BEAN, SUBJECT, EJB_ARGUMENTS, REUSE }; + String[] s = { HTTP_SERVLET_REQUEST, SOAP_MESSAGE, ENTERPRISE_BEAN, SUBJECT, EJB_ARGUMENTS }; return s; } @Override public Object getContext(String key, Object data) { - // ignore data Object - return getHandlerData().get(key); + return null; } public HandlerData getHandlerData() { diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/cache/PermissionCache.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/cache/PermissionCache.java index 10334d755e8..510b86f8a74 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/cache/PermissionCache.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/cache/PermissionCache.java @@ -28,7 +28,6 @@ import java.security.Permission; import java.security.PermissionCollection; import java.security.Permissions; -import java.security.Policy; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.util.Enumeration; @@ -47,7 +46,6 @@ public class PermissionCache extends Object { private static final Logger LOG = LogDomains.getLogger(PermissionCache.class, LogDomains.SECURITY_LOGGER, false); - private static Policy policy = Policy.getPolicy(); private static AllPermission allPermission = new AllPermission(); private Permissions cache; @@ -231,7 +229,6 @@ private boolean checkCache(Permission p, Epoch e) { setPolicyContextID(this.pcID); } - pc = policy.getPermissions(this.codesource); } catch (Exception ex) { LOG.log(Level.SEVERE, "JACC: Unexpected security exception on access decision", ex); return false; diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/cache/PermissionCacheFactory.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/cache/PermissionCacheFactory.java index 573cd7ab312..cd55764d402 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/cache/PermissionCacheFactory.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/authorize/cache/PermissionCacheFactory.java @@ -16,11 +16,8 @@ package com.sun.enterprise.security.ee.authorize.cache; -import com.sun.enterprise.security.ee.J2EESecurityManager; - import java.security.CodeSource; import java.security.Permission; -import java.security.Policy; import java.util.Hashtable; import java.util.Iterator; @@ -41,16 +38,7 @@ public class PermissionCacheFactory { private static PermissionCache securityManagerCache = createSecurityManagerCache(); static { - try { - // make a call to policy.refresh() to see if the provider - // calls the supportsReuse callback (see resetCaches below). - // which will set supportsReuse to true (to enable caching). - Policy policy = Policy.getPolicy(); - if (policy != null) { - policy.refresh(); - } - } catch (Exception pe) { - } + } /** @@ -164,13 +152,6 @@ public static synchronized void resetCaches() { supportsReuse = true; - java.lang.SecurityManager sm = System.getSecurityManager(); - if (sm != null && sm instanceof J2EESecurityManager) { - if (!((J2EESecurityManager) sm).cacheEnabled()) { - ((J2EESecurityManager) sm).enablePermissionCache(securityManagerCache); - } - } - Iterator iter = cacheMap.values().iterator(); while (iter.hasNext()) { Object cache = iter.next(); diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/perms/PermsArchiveDelegate.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/perms/PermsArchiveDelegate.java index 73d9c3f391b..f42600038e6 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/perms/PermsArchiveDelegate.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/perms/PermsArchiveDelegate.java @@ -86,8 +86,6 @@ public static PermissionCollection processEEPermissions(SMGlobalPolicyUtil.Commp public static void processModuleDeclaredAndEEPemirssions(SMGlobalPolicyUtil.CommponentType type, DeploymentContext context, ClassLoader classloader) throws SecurityException { - if (System.getSecurityManager() != null) { - if (!(classloader instanceof DDPermissionsLoader)) { return; } @@ -107,7 +105,7 @@ public static void processModuleDeclaredAndEEPemirssions(SMGlobalPolicyUtil.Comm PermissionCollection eePc = processEEPermissions(type, context); ddcl.addEEPermissions(eePc); - } + } public static class SetPermissionsAction implements PrivilegedExceptionAction { diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/perms/SMGlobalPolicyUtil.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/perms/SMGlobalPolicyUtil.java index f2bb9ea39b8..3ab41882000 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/perms/SMGlobalPolicyUtil.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/perms/SMGlobalPolicyUtil.java @@ -19,24 +19,13 @@ import com.sun.logging.LogDomains; -import java.io.File; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.net.URISyntaxException; -import java.net.URL; import java.security.AllPermission; -import java.security.CodeSource; -import java.security.NoSuchAlgorithmException; import java.security.Permission; import java.security.PermissionCollection; -import java.security.Policy; -import java.security.URIParameter; -import java.security.cert.Certificate; import java.util.Enumeration; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.logging.Level; import java.util.logging.Logger; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -89,8 +78,6 @@ private enum PolicyType { */ public static final String SERVER_ALLOWED_FILE = "restrict.server.policy"; - protected static final String SYS_PROP_JAVA_SEC_POLICY = "java.security.policy"; - /** * Code source URL representing Ejb type */ @@ -126,8 +113,6 @@ private enum PolicyType { private static boolean eeGrantedPolicyInitDone = false; - protected static final String domainCfgFolder = getJavaPolicyFolder() + File.separator; - private static final AllPermission ALL_PERM = new AllPermission(); // JDK-8173082: JDK required permissions needed by applications using java.desktop module @@ -180,142 +165,7 @@ public static PermissionCollection getCompRestrictedPerms(String type) { } private synchronized static void initDefPolicy() { - - try { - - if (logger.isLoggable(Level.FINE)) { - logger.fine("defGrantedPolicyInitDone= " + eeGrantedPolicyInitDone); - } - - if (eeGrantedPolicyInitDone) { - return; - } - - eeGrantedPolicyInitDone = true; - - loadServerPolicy(PolicyType.EEGranted); - - loadServerPolicy(PolicyType.EERestricted); - - loadServerPolicy(PolicyType.ServerAllowed); - - checkDomainRestrictionsForDefaultPermissions(); - - } catch (FileNotFoundException e) { - // ignore: the permissions files not exist - } catch (IOException | NoSuchAlgorithmException | URISyntaxException e) { - logger.warning(e.getMessage()); - throw new RuntimeException(e); - } - } - - private static String getJavaPolicyFolder() { - - String policyPath = System.getProperty(SYS_PROP_JAVA_SEC_POLICY); - - if (policyPath == null) { - return null; - } - - File pf = new File(policyPath); - - return pf.getParent(); - } - - private static void loadServerPolicy(PolicyType policyType) throws IOException, NoSuchAlgorithmException, URISyntaxException { - if (policyType == null) { - return; - } - - if (logger.isLoggable(Level.FINE)) { - logger.fine("PolicyType= " + policyType); - } - - String policyFilename = null; - Map policyMap = null; - - switch (policyType) { - case EEGranted: - policyFilename = domainCfgFolder + EE_GRANT_FILE; - policyMap = compTypeToEEGarntsMap; - break; - case EERestricted: - policyFilename = domainCfgFolder + EE_RESTRICTED_FILE; - policyMap = compTypeToEERestrictedMap; - break; - case ServerAllowed: - policyFilename = domainCfgFolder + SERVER_ALLOWED_FILE; - policyMap = compTypeToServAllowedMap; - break; - } - - if (policyFilename == null || policyMap == null) { - throw new IllegalArgumentException("Unrecognized policy type: " + policyType); - } - - if (logger.isLoggable(Level.FINE)) { - logger.fine("policyFilename= " + policyFilename); - } - - - File file = new File(policyFilename); - if (!file.exists()) { - return; - } - - URL furl = file.toURI().toURL(); - - if (logger.isLoggable(Level.FINE)) { - logger.fine("Loading policy from " + furl); - } - - Policy pf = Policy.getInstance("JavaPolicy", new URIParameter(furl.toURI())); - - CodeSource cs = new CodeSource(new URL(EJB_TYPE_CODESOURCE), (Certificate[]) null); - PermissionCollection pc = pf.getPermissions(cs); - policyMap.put(CommponentType.ejb, pc); - if (logger.isLoggable(Level.FINE)) { - logger.fine("Loaded EJB policy = " + pc); - } - - cs = new CodeSource(new URL(WEB_TYPE_CODESOURCE), (Certificate[]) null); - pc = pf.getPermissions(cs); - policyMap.put(CommponentType.war, pc); - if (logger.isLoggable(Level.FINE)) { - logger.fine("Loaded WEB policy =" + pc); - } - - cs = new CodeSource(new URL(RAR_TYPE_CODESOURCE), (Certificate[]) null); - pc = pf.getPermissions(cs); - policyMap.put(CommponentType.rar, pc); - if (logger.isLoggable(Level.FINE)) { - logger.fine("Loaded rar policy =" + pc); - } - - cs = new CodeSource(new URL(CLIENT_TYPE_CODESOURCE), (Certificate[]) null); - pc = pf.getPermissions(cs); - policyMap.put(CommponentType.car, pc); - if (logger.isLoggable(Level.FINE)) { - logger.fine("Loaded car policy =" + pc); - } - - cs = new CodeSource(new URL(EAR_TYPE_CODESOURCE), (Certificate[]) null); - pc = pf.getPermissions(cs); - policyMap.put(CommponentType.ear, pc); - if (logger.isLoggable(Level.FINE)) { - logger.fine("Loaded ear policy =" + pc); - } - - } - - // this checks default permissions against restrictions - private static void checkDomainRestrictionsForDefaultPermissions() throws SecurityException { - - checkEETypePermsAgainstServerRestiction(CommponentType.ejb); - checkEETypePermsAgainstServerRestiction(CommponentType.war); - checkEETypePermsAgainstServerRestiction(CommponentType.rar); - checkEETypePermsAgainstServerRestiction(CommponentType.car); - checkEETypePermsAgainstServerRestiction(CommponentType.ear); + System.out.println("Policy no longer supported"); } private static void checkEETypePermsAgainstServerRestiction(CommponentType type) throws SecurityException { diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/web/integration/WebSecurityManager.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/web/integration/WebSecurityManager.java index f76ad6b5dd3..11f03921cf1 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/web/integration/WebSecurityManager.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/web/integration/WebSecurityManager.java @@ -142,9 +142,6 @@ public class WebSecurityManager { null); authorizationService.setConstrainedUriRequestAttribute(CONSTRAINT_URI); - authorizationService.setRequestSupplier( - () -> (HttpServletRequest) webSecurityManagerFactory.pcHandlerImpl.getHandlerData().get(HTTP_SERVLET_REQUEST)); - authorizationService.addConstraintsToPolicy( getConstraintsFromBundle(webBundleDescriptor), webBundleDescriptor.getRoles() @@ -299,10 +296,6 @@ public void onLogin(HttpServletRequest httpServletRequest) { setSecurityInfo(httpServletRequest); } - public void onLogout() { - resetSecurityInfo(); - } - public boolean linkPolicy(String linkedContextId, boolean lastInService) { return authorizationService.linkPolicy(linkedContextId, lastInService); } @@ -491,15 +484,7 @@ private SecurityContext getSecurityContext(Principal principal) { * @param httpRequest */ private void setSecurityInfo(HttpServletRequest httpRequest) { - if (httpRequest != null) { - webSecurityManagerFactory.pcHandlerImpl.getHandlerData().setHttpServletRequest(httpRequest); - } - AuthorizationService.setThreadContextId(contextId); - } - private void resetSecurityInfo() { - PolicyContextHandlerImpl.getInstance().reset(); - PolicyContext.setContextID(null); } /** diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/web/integration/WebSecurityManagerFactory.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/web/integration/WebSecurityManagerFactory.java index 6d680278587..8b891d76fec 100644 --- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/web/integration/WebSecurityManagerFactory.java +++ b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/web/integration/WebSecurityManagerFactory.java @@ -49,7 +49,6 @@ public class WebSecurityManagerFactory extends SecurityManagerFactory { private static Logger logger = LogUtils.getLogger(); private final WebSecurityDeployerProbeProvider probeProvider = new WebSecurityDeployerProbeProvider(); - final PolicyContextHandlerImpl pcHandlerImpl = PolicyContextHandlerImpl.getInstance(); private final Map adminPrincipals = new ConcurrentHashMap<>(); private final Map adminGroups = new ConcurrentHashMap<>(); diff --git a/appserver/security/core-ee/src/test/java/com/sun/enterprise/security/ee/perms/SMGlobalPolicyUtilTest.java b/appserver/security/core-ee/src/test/java/com/sun/enterprise/security/ee/perms/SMGlobalPolicyUtilTest.java index 91d895c1f79..a5abc26fedb 100644 --- a/appserver/security/core-ee/src/test/java/com/sun/enterprise/security/ee/perms/SMGlobalPolicyUtilTest.java +++ b/appserver/security/core-ee/src/test/java/com/sun/enterprise/security/ee/perms/SMGlobalPolicyUtilTest.java @@ -19,28 +19,20 @@ import java.io.File; import java.io.FilePermission; -import java.net.MalformedURLException; import java.net.URISyntaxException; import java.net.URL; import java.nio.file.Paths; -import java.security.CodeSource; -import java.security.NoSuchAlgorithmException; import java.security.Permission; import java.security.PermissionCollection; -import java.security.Policy; -import java.security.URIParameter; -import java.security.cert.Certificate; import java.util.Enumeration; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.condition.EnabledForJreRange; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.condition.JRE.JAVA_23; public class SMGlobalPolicyUtilTest { @@ -50,7 +42,6 @@ public class SMGlobalPolicyUtilTest { public static void setUpBeforeClass() throws Exception { String absolutePath = getFile(plfile).getAbsolutePath(); System.out.println("policy path = " + absolutePath); - System.setProperty(SMGlobalPolicyUtil.SYS_PROP_JAVA_SEC_POLICY, absolutePath); } private static File getFile(final String fileName) throws URISyntaxException { @@ -62,12 +53,12 @@ private static File getFile(final String fileName) throws URISyntaxException { return file; } - @Test - public void testSystemPolicyPath() { - System.out.println("path= " + SMGlobalPolicyUtil.domainCfgFolder); - - assertNotNull(SMGlobalPolicyUtil.domainCfgFolder); - } +// @Test +// public void testSystemPolicyPath() { +// System.out.println("path= " + SMGlobalPolicyUtil.domainCfgFolder); +// +// assertNotNull(SMGlobalPolicyUtil.domainCfgFolder); +// } @Test public void testTYpeConvert() { @@ -96,61 +87,6 @@ public void testTYpeConvert() { assertThrows(NullPointerException.class, () -> SMGlobalPolicyUtil.convertComponentType(null)); } - @Test - @EnabledForJreRange(max = JAVA_23) - public void testPolicyLoading() throws NoSuchAlgorithmException, MalformedURLException, URISyntaxException { - System.out.println("Starting testDefPolicy loading - ee"); - - PermissionCollection defaultPC = Policy.getInstance("JavaPolicy", - new URIParameter(SMGlobalPolicyUtilTest.class.getResource("nobody.policy").toURI())) - .getPermissions(new CodeSource(new URL("file:/module/ALL"), (Certificate[]) null)); - - int defaultCount = dumpPermissions("Grant", "ALL", defaultPC); - assertEquals(4, defaultCount); - PermissionCollection defEjbGrantededPC - = SMGlobalPolicyUtil.getEECompGrantededPerms(SMGlobalPolicyUtil.CommponentType.ejb); - int count = dumpPermissions("Grant", "Ejb", defEjbGrantededPC); - assertEquals(5, count - defaultCount); - - PermissionCollection defWebGrantededPC - = SMGlobalPolicyUtil.getEECompGrantededPerms(SMGlobalPolicyUtil.CommponentType.war); - count = dumpPermissions("Grant", "Web", defWebGrantededPC); - assertEquals(6, count - defaultCount); - - PermissionCollection defRarGrantededPC - = SMGlobalPolicyUtil.getEECompGrantededPerms(SMGlobalPolicyUtil.CommponentType.rar); - count = dumpPermissions("Grant", "Rar", defRarGrantededPC); - assertEquals(5, count - defaultCount); - - PermissionCollection defClientGrantededPC - = SMGlobalPolicyUtil.getEECompGrantededPerms(SMGlobalPolicyUtil.CommponentType.car); - count = dumpPermissions("Grant", "Client", defClientGrantededPC); - assertEquals(10, count - defaultCount); - - System.out.println("Starting testDefPolicy loading - ee restrict"); - - PermissionCollection defEjbRestrictedPC - = SMGlobalPolicyUtil.getCompRestrictedPerms(SMGlobalPolicyUtil.CommponentType.ejb); - count = dumpPermissions("Restricted", "Ejb", defEjbRestrictedPC); - assertEquals(2, count - defaultCount); - - PermissionCollection defWebRestrictedPC - = SMGlobalPolicyUtil.getCompRestrictedPerms(SMGlobalPolicyUtil.CommponentType.war); - count = dumpPermissions("Restricted", "Web", defWebRestrictedPC); - assertEquals(2, count - defaultCount); - - PermissionCollection defRarRestrictedPC - = SMGlobalPolicyUtil.getCompRestrictedPerms(SMGlobalPolicyUtil.CommponentType.rar); - count = dumpPermissions("Restricted", "Rar", defRarRestrictedPC); - assertEquals(1, count - defaultCount); - - PermissionCollection defClientRestrictedPC - = SMGlobalPolicyUtil.getCompRestrictedPerms(SMGlobalPolicyUtil.CommponentType.car); - count = dumpPermissions("Restricted", "Client", defClientRestrictedPC); - assertEquals(2, count - defaultCount); - - } - @Test public void testFilePermission() { System.out.println("Starting testFilePermission"); diff --git a/appserver/security/ejb.security/src/main/java/com/sun/enterprise/iiop/security/SecurityContextUtil.java b/appserver/security/ejb.security/src/main/java/com/sun/enterprise/iiop/security/SecurityContextUtil.java index b0d08d41299..24bcf3254f3 100644 --- a/appserver/security/ejb.security/src/main/java/com/sun/enterprise/iiop/security/SecurityContextUtil.java +++ b/appserver/security/ejb.security/src/main/java/com/sun/enterprise/iiop/security/SecurityContextUtil.java @@ -30,7 +30,6 @@ import java.net.Socket; import java.security.AccessController; import java.security.CodeSource; -import java.security.Policy; import java.security.Principal; import java.security.PrivilegedAction; import java.security.ProtectionDomain; @@ -64,7 +63,6 @@ public class SecurityContextUtil implements PostConstruct { private static final String IS_A = "_is_a"; - private Policy policy; @Inject private GlassFishORBHelper orbHelper; @@ -78,13 +76,6 @@ public SecurityContextUtil() { @Override public void postConstruct() { - AccessController.doPrivileged(new PrivilegedAction() { - @Override - public Object run() { - policy = Policy.getPolicy(); - return null; - } - }); } /** @@ -215,11 +206,8 @@ private boolean authorizeCORBA(byte[] object_id, String method) throws Exception ProtectionDomain prdm = new ProtectionDomain(cs, null, null, principals); // Check if policy gives principal the permissions - boolean result = policy.implies(prdm, perm); - LOG.log(Level.FINE, "CORBA Object permission evaluation result={0} for method={1}", - new Object[] {result, method}); - return result; + return false; } /** diff --git a/appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java b/appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java index 4e01417639a..eb1bfe698dc 100644 --- a/appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java +++ b/appserver/security/webintegration/src/main/java/com/sun/web/security/RealmAdapter.java @@ -740,7 +740,6 @@ public void logout() { AccessController.doPrivileged(new PrivilegedAction() { @Override public Void run() { - webSecurityManager.onLogout(); return null; } }); diff --git a/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/SecurityServiceImpl.java b/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/SecurityServiceImpl.java index 76380ca6338..54f1f77bdbf 100644 --- a/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/SecurityServiceImpl.java +++ b/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/SecurityServiceImpl.java @@ -153,7 +153,6 @@ public void resetSecurityContext() { @Override public void resetPolicyContext() { - PolicyContextHandlerImpl.getInstance().reset(); PolicyContext.setContextID(null); } diff --git a/appserver/tests/admingui/auto-test/src/test/java/org/glassfish/admingui/devtests/SecurityTest.java b/appserver/tests/admingui/auto-test/src/test/java/org/glassfish/admingui/devtests/SecurityTest.java index 3cc3a35e9ce..26c3ca6a2c8 100644 --- a/appserver/tests/admingui/auto-test/src/test/java/org/glassfish/admingui/devtests/SecurityTest.java +++ b/appserver/tests/admingui/auto-test/src/test/java/org/glassfish/admingui/devtests/SecurityTest.java @@ -42,9 +42,9 @@ public void testSecurityPage() { clickAndWait("propertyForm:javaConfigTab:jvmOptions"); waitForElementPresent("TtlTxt_sun4", "JVM Options"); sleep(1000); - int emptyCount = getTableRowCountByValue("propertyForm:basicTable", "-Djava.security.manager", "col3:col1St", false); + int emptyCount = getTableRowCountByValue("propertyForm:basicTable", "col3:col1St", false); if (emptyCount != 0 ){ - String clickId = getTableRowByVal("propertyForm:basicTable", "-Djava.security.manager", "col3:col1St")+"col1:select"; + String clickId = getTableRowByVal("propertyForm:basicTable", "col3:col1St")+"col1:select"; clickByIdAction(clickId); clickByIdAction("propertyForm:basicTable:topActionsGroup1:button1"); waitforBtnDisable("propertyForm:basicTable:topActionsGroup1:button1"); diff --git a/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v2domain.xml b/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v2domain.xml index bb4aecd80b3..228c16041f0 100644 --- a/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v2domain.xml +++ b/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v2domain.xml @@ -185,7 +185,7 @@ -XX:MaxPermSize=192m -Djavax.management.builder.initial=com.sun.enterprise.ee.admin.AppServerMBeanServerBuilder -Dcom.sun.appserv.pluggable.features=com.sun.enterprise.ee.server.pluggable.EEPluggableFeatureImpl - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 @@ -331,7 +331,7 @@ -XX:MaxPermSize=192m -Djavax.management.builder.initial=com.sun.enterprise.ee.admin.AppServerMBeanServerBuilder -Dcom.sun.appserv.pluggable.features=com.sun.enterprise.ee.server.pluggable.EEPluggableFeatureImpl - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 @@ -482,7 +482,7 @@ -XX:MaxPermSize=192m -Djavax.management.builder.initial=com.sun.enterprise.ee.admin.AppServerMBeanServerBuilder -Dcom.sun.appserv.pluggable.features=com.sun.enterprise.ee.server.pluggable.EEPluggableFeatureImpl - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 @@ -633,7 +633,7 @@ -XX:MaxPermSize=192m -Djavax.management.builder.initial=com.sun.enterprise.ee.admin.AppServerMBeanServerBuilder -Dcom.sun.appserv.pluggable.features=com.sun.enterprise.ee.server.pluggable.EEPluggableFeatureImpl - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 diff --git a/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v3_0_1domain.xml b/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v3_0_1domain.xml index 21e036e8276..396ed73944f 100644 --- a/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v3_0_1domain.xml +++ b/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v3_0_1domain.xml @@ -154,7 +154,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m diff --git a/appserver/tests/appserv-tests/devtests/connector/v3/build.xml b/appserver/tests/appserv-tests/devtests/connector/v3/build.xml index 72a87b03117..b1b41643032 100755 --- a/appserver/tests/appserv-tests/devtests/connector/v3/build.xml +++ b/appserver/tests/appserv-tests/devtests/connector/v3/build.xml @@ -134,18 +134,6 @@ - - - - - - - - - - - - @@ -182,30 +170,7 @@ - - - - - - - - - - - - - - - - - - - - - - - diff --git a/appserver/tests/appserv-tests/devtests/deployment/versioning/simple-versioned-appclient/build.xml b/appserver/tests/appserv-tests/devtests/deployment/versioning/simple-versioned-appclient/build.xml index e7b7f370422..98cdb391e2d 100644 --- a/appserver/tests/appserv-tests/devtests/deployment/versioning/simple-versioned-appclient/build.xml +++ b/appserver/tests/appserv-tests/devtests/deployment/versioning/simple-versioned-appclient/build.xml @@ -57,7 +57,6 @@ - diff --git a/appserver/tests/appserv-tests/devtests/jdbc/build.xml b/appserver/tests/appserv-tests/devtests/jdbc/build.xml index 2f87a970680..5e0e7814936 100644 --- a/appserver/tests/appserv-tests/devtests/jdbc/build.xml +++ b/appserver/tests/appserv-tests/devtests/jdbc/build.xml @@ -312,18 +312,6 @@ - - - - - - - - - - - - diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/build.xml b/appserver/tests/appserv-tests/devtests/security/jaccApi/build.xml index 865193120c6..a9940f44246 100644 --- a/appserver/tests/appserv-tests/devtests/security/jaccApi/build.xml +++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/build.xml @@ -68,8 +68,6 @@ - - diff --git a/appserver/tests/appserv-tests/devtests/transaction/ee/ee.xml b/appserver/tests/appserv-tests/devtests/transaction/ee/ee.xml index a84c4b058dd..2bd7fec2c91 100644 --- a/appserver/tests/appserv-tests/devtests/transaction/ee/ee.xml +++ b/appserver/tests/appserv-tests/devtests/transaction/ee/ee.xml @@ -36,7 +36,6 @@ - diff --git a/appserver/tests/cts_smoke/run_test.sh b/appserver/tests/cts_smoke/run_test.sh index 8a751524f32..2ed979e3de3 100755 --- a/appserver/tests/cts_smoke/run_test.sh +++ b/appserver/tests/cts_smoke/run_test.sh @@ -52,8 +52,6 @@ test_run_cts_smoke(){ cp ts.jte ts.jte.orig ${SED} \ - -e "s@javaee.home=@javaee\.home=${S1AS_HOME}@g" \ - -e "s@javaee.home.ri=@javaee\.home\.ri=${S1AS_HOME}@g" \ -e "s/^orb\.host=/orb\.host=localhost/g" \ -e "s/^mailHost=/mailHost=localhost/g" \ -e "s/^mailuser1=/mailuser1=${USER:-root}@localhost/g" \ diff --git a/appserver/tests/quicklook/build.xml b/appserver/tests/quicklook/build.xml index 934f1538fb0..a64eac4b760 100644 --- a/appserver/tests/quicklook/build.xml +++ b/appserver/tests/quicklook/build.xml @@ -248,7 +248,6 @@ - @@ -306,7 +305,6 @@ - diff --git a/appserver/tests/quicklook/gfproject/db-targets.xml b/appserver/tests/quicklook/gfproject/db-targets.xml index c2e64444184..e33d7a8be25 100644 --- a/appserver/tests/quicklook/gfproject/db-targets.xml +++ b/appserver/tests/quicklook/gfproject/db-targets.xml @@ -68,48 +68,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/appserver/tests/quicklook/osgitest/basicosgi/security.policy b/appserver/tests/quicklook/osgitest/basicosgi/security.policy deleted file mode 100644 index f66f6c8589e..00000000000 --- a/appserver/tests/quicklook/osgitest/basicosgi/security.policy +++ /dev/null @@ -1,20 +0,0 @@ -// -// Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. -// -// This program and the accompanying materials are made available under the -// terms of the Eclipse Public License v. 2.0, which is available at -// http://www.eclipse.org/legal/epl-2.0. -// -// This Source Code may also be made available under the following Secondary -// Licenses when the conditions for such availability set forth in the -// Eclipse Public License v. 2.0 are satisfied: GNU General Public License, -// version 2 with the GNU Classpath Exception, which is available at -// https://www.gnu.org/software/classpath/license.html. -// -// SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 -// - - -grant codeBase "file:${com.sun.aas.instanceRoot}/applications/osgitest/-" { - permission java.security.AllPermission; -}; diff --git a/appserver/tests/tck/authorization/pom.xml b/appserver/tests/tck/authorization/pom.xml index fa48d03711c..a35995c2d67 100644 --- a/appserver/tests/tck/authorization/pom.xml +++ b/appserver/tests/tck/authorization/pom.xml @@ -289,13 +289,6 @@ mvn clean install -Drun.test="com/sun/ts/tests/jacc/web/toolsContracts/Client.ja - - - - - - - diff --git a/appserver/tests/tck/connectors/pom.xml b/appserver/tests/tck/connectors/pom.xml index ad5701810bc..fbc01ab8d73 100644 --- a/appserver/tests/tck/connectors/pom.xml +++ b/appserver/tests/tck/connectors/pom.xml @@ -236,12 +236,6 @@ - - - - - - diff --git a/appserver/tests/tck/pages/pom.xml b/appserver/tests/tck/pages/pom.xml index 8717b75891d..81f4c7cb378 100644 --- a/appserver/tests/tck/pages/pom.xml +++ b/appserver/tests/tck/pages/pom.xml @@ -204,13 +204,6 @@ - - - - - - - diff --git a/appserver/tests/tck/pages_tags/pom.xml b/appserver/tests/tck/pages_tags/pom.xml index b17b1523cf2..05f287358b0 100644 --- a/appserver/tests/tck/pages_tags/pom.xml +++ b/appserver/tests/tck/pages_tags/pom.xml @@ -218,13 +218,6 @@ - - - - - - - diff --git a/appserver/tests/tck/websocket/pom.xml b/appserver/tests/tck/websocket/pom.xml index 6353afb15e7..b6e97594679 100644 --- a/appserver/tests/tck/websocket/pom.xml +++ b/appserver/tests/tck/websocket/pom.xml @@ -210,13 +210,6 @@ - - - - - - - diff --git a/appserver/tests/v2-tests/appserv-tests/devtests/admin/framework/testfiles/test.xml b/appserver/tests/v2-tests/appserv-tests/devtests/admin/framework/testfiles/test.xml index 21398c98783..313a89446a6 100755 --- a/appserver/tests/v2-tests/appserv-tests/devtests/admin/framework/testfiles/test.xml +++ b/appserver/tests/v2-tests/appserv-tests/devtests/admin/framework/testfiles/test.xml @@ -183,7 +183,7 @@ -Djavax.xml.parsers.DocumentBuilderFactory=com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 @@ -330,7 +330,7 @@ -Djavax.xml.parsers.DocumentBuilderFactory=com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 diff --git a/appserver/tests/v2-tests/appserv-tests/devtests/admin/offlineconfig/testfiles/domain.xml b/appserver/tests/v2-tests/appserv-tests/devtests/admin/offlineconfig/testfiles/domain.xml index d44d1f0827e..f529f0c4bd8 100644 --- a/appserver/tests/v2-tests/appserv-tests/devtests/admin/offlineconfig/testfiles/domain.xml +++ b/appserver/tests/v2-tests/appserv-tests/devtests/admin/offlineconfig/testfiles/domain.xml @@ -166,7 +166,7 @@ - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 diff --git a/appserver/tests/v2-tests/appserv-tests/devtests/appserv-commons/com/sun/enterprise/config/domain.orig.xml b/appserver/tests/v2-tests/appserv-tests/devtests/appserv-commons/com/sun/enterprise/config/domain.orig.xml index cf175bfbb1a..58d49b13637 100755 --- a/appserver/tests/v2-tests/appserv-tests/devtests/appserv-commons/com/sun/enterprise/config/domain.orig.xml +++ b/appserver/tests/v2-tests/appserv-tests/devtests/appserv-commons/com/sun/enterprise/config/domain.orig.xml @@ -130,7 +130,7 @@ -client -Dcom.sun.enterprise.web.connector.useCoyoteConnector=true - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 @@ -232,7 +232,7 @@ -client - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 diff --git a/appserver/web/war-util/src/main/java/org/glassfish/web/loader/WebappClassLoader.java b/appserver/web/war-util/src/main/java/org/glassfish/web/loader/WebappClassLoader.java index 841a682e635..c32604ad02a 100644 --- a/appserver/web/war-util/src/main/java/org/glassfish/web/loader/WebappClassLoader.java +++ b/appserver/web/war-util/src/main/java/org/glassfish/web/loader/WebappClassLoader.java @@ -41,7 +41,6 @@ import java.security.Permission; import java.security.PermissionCollection; import java.security.Permissions; -import java.security.Policy; import java.security.PrivilegedAction; import java.time.Instant; import java.util.ArrayList; @@ -280,7 +279,6 @@ public WebappClassLoader(ClassLoader parent) { this.cleaner = new ReferenceCleaner(this); this.system = WebappClassLoader.class.getClassLoader(); if (SECURITY_MANAGER != null) { - refreshPolicy(); } this.permissionsHolder = new PermsHolder(); } @@ -1478,23 +1476,6 @@ private Class findLoadedClass0(String name) { } - /** - * Refresh the system policy file, to pick up eventual changes. - */ - private void refreshPolicy() { - try { - // The policy file may have been modified to adjust - // permissions, so we're reloading it when loading or - // reloading a Context - Policy policy = Policy.getPolicy(); - policy.refresh(); - } catch (AccessControlException e) { - // Some policy files may restrict this, even for the core, - // so this exception is ignored - LOG.log(TRACE, "The policy refresh failed.", e); - } - } - /** * Validate a classname. As per SRV.9.7.2, we must restrict loading of diff --git a/appserver/web/web-core/src/main/java/org/apache/catalina/loader/StandardClassLoader.java b/appserver/web/web-core/src/main/java/org/apache/catalina/loader/StandardClassLoader.java index 6465c6cfb2c..a6879681d30 100644 --- a/appserver/web/web-core/src/main/java/org/apache/catalina/loader/StandardClassLoader.java +++ b/appserver/web/web-core/src/main/java/org/apache/catalina/loader/StandardClassLoader.java @@ -18,7 +18,6 @@ package org.apache.catalina.loader; import java.io.File; -import java.io.FilePermission; import java.io.IOException; import java.io.InputStream; import java.net.JarURLConnection; @@ -32,7 +31,6 @@ import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; -import java.security.Policy; import java.util.ArrayList; import java.util.Enumeration; import java.util.HashMap; @@ -42,7 +40,6 @@ import java.util.logging.Logger; import org.apache.catalina.LogFacade; -import org.apache.naming.JndiPermission; import org.glassfish.web.loader.Reloader; import static com.sun.logging.LogCleanerUtil.neutralizeForLog; @@ -90,8 +87,6 @@ public StandardClassLoader() { super(new URL[0]); this.parent = getParent(); this.system = getSystemClassLoader(); - securityManager = System.getSecurityManager(); - } @@ -120,8 +115,6 @@ public StandardClassLoader(ClassLoader parent) { super((new URL[0]), parent); this.parent = parent; this.system = getSystemClassLoader(); - securityManager = System.getSecurityManager(); - } @@ -175,7 +168,6 @@ public StandardClassLoader(URL repositories[]) { super(repositories); this.parent = getParent(); this.system = getSystemClassLoader(); - securityManager = System.getSecurityManager(); if (repositories != null) { for (URL element : repositories) { addRepositoryInternal(element.toString()); @@ -196,7 +188,6 @@ public StandardClassLoader(URL repositories[], ClassLoader parent) { super(repositories, parent); this.parent = parent; this.system = getSystemClassLoader(); - securityManager = System.getSecurityManager(); if (repositories != null) { for (URL element : repositories) { addRepositoryInternal(element.toString()); @@ -246,13 +237,6 @@ public StandardClassLoader(URL repositories[], ClassLoader parent) { private final HashMap loaderPC = new HashMap<>(); - - /** - * Instance of the SecurityManager installed. - */ - private SecurityManager securityManager = null; - - /** * Flag that the security policy has been refreshed from file. */ @@ -323,33 +307,6 @@ public void setDelegate(boolean delegate) { } - /** - * If there is a Java SecurityManager create a read FilePermission - * or JndiPermission for the file directory path. - * - * @param path file directory path - */ - protected void setPermissions(String path) { - if( securityManager != null ) { - if( path.startsWith("jndi:") || path.startsWith("jar:jndi:") ) { - permissionList.add(new JndiPermission(path + "*")); - } else { - permissionList.add(new FilePermission(path + "-","read")); - } - } - } - - - /** - * If there is a Java SecurityManager add a read FilePermission - * or JndiPermission for URL. - * - * @param url URL for a file or directory on local system - */ - protected void setPermissions(URL url) { - setPermissions(url.toString()); - } - // ------------------------------------------------------- Reloader Methods @@ -436,24 +393,6 @@ public Class findClass(String name) throws ClassNotFoundException { log(" findClass(" + name + ")"); } - // (1) Permission to define this class when using a SecurityManager - if (securityManager != null) { - int i = name.lastIndexOf('.'); - if (i >= 0) { - try { - if (debug >= 4) { - log(" securityManager.checkPackageDefinition"); - } - securityManager.checkPackageDefinition(name.substring(0,i)); - } catch (Exception se) { - if (debug >= 4) { - log(" -->Exception-->ClassNotFoundException", se); - } - throw new ClassNotFoundException(name, se); - } - } - } - // Ask our superclass to locate this class, if possible // (throws ClassNotFoundException if it is not found) Class clazz = null; @@ -798,21 +737,6 @@ public Class loadClass(String name, boolean resolve) throw new ClassNotFoundException(name); } - // (.5) Permission to access this class when using a SecurityManager - if (securityManager != null) { - int i = name.lastIndexOf('.'); - if (i >= 0) { - try { - securityManager.checkPackageAccess(name.substring(0,i)); - } catch (SecurityException se) { - String error = "Security Violation, attempt to use " + - "Restricted Class: " + name; - log(error); - throw new ClassNotFoundException(error, se); - } - } - } - // (1) Delegate to our parent if requested if (delegate) { if (debug >= 3) { @@ -901,8 +825,6 @@ public Class loadClass(String name, boolean resolve) protected final PermissionCollection getPermissions(CodeSource codeSource) { if (!policy_refresh) { // Refresh the security policies - Policy policy = Policy.getPolicy(); - policy.refresh(); policy_refresh = true; } String codeUrl = codeSource.getLocation().toString(); diff --git a/appserver/web/web-core/src/main/java/org/apache/catalina/loader/WebappLoader.java b/appserver/web/web-core/src/main/java/org/apache/catalina/loader/WebappLoader.java index 609fd4738d6..fffa7c16548 100644 --- a/appserver/web/web-core/src/main/java/org/apache/catalina/loader/WebappLoader.java +++ b/appserver/web/web-core/src/main/java/org/apache/catalina/loader/WebappLoader.java @@ -39,8 +39,6 @@ import java.net.URLStreamHandlerFactory; import java.security.AccessController; import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.text.MessageFormat; import java.util.List; import java.util.ResourceBundle; @@ -638,7 +636,6 @@ public void start() throws LifecycleException { classLoader.addRepository(element); } setRepositories(); - setPermissions(); setClassPath(); startNestedClassLoader(); @@ -793,115 +790,6 @@ private void log(String message, Throwable t) { } } - - /** - * Configure associated class loader permissions. - */ - private void setPermissions() { - - if (!Globals.IS_SECURITY_ENABLED) { - return; - } - if (!(container instanceof Context)) { - return; - } - - try { - PrivilegedExceptionAction action = () -> { - setPermissions_priv(); - return null; - }; - AccessController.doPrivileged(action); - } catch (PrivilegedActionException e) { - throw (SecurityException) e.getException(); - } - } - - - private void setPermissions_priv() { - classLoader.setPackageDefinitionSecurityEnabled(SecurityUtil.isPackageProtectionEnabled()); - - // Tell the class loader the root of the context - ServletContext servletContext = - ((Context) container).getServletContext(); - - // Assigning permissions for the work directory - File workDir = - (File) servletContext.getAttribute(ServletContext.TEMPDIR); - if (workDir != null) { - try { - String workDirPath = workDir.getCanonicalPath(); - classLoader.addPermission - (new FilePermission(workDirPath, "read,write")); - classLoader.addPermission - (new FilePermission(workDirPath + File.separator + "-", - "read,write,delete")); - } catch (IOException e) { - // Ignore - } - } - - try { - - URL rootURL = servletContext.getResource("/"); - classLoader.addPermission(rootURL); - - String contextRoot = servletContext.getRealPath("/"); - if (contextRoot != null) { - try { - contextRoot = (new File(contextRoot)).getCanonicalPath(); - classLoader.addPermission(contextRoot); - } catch (IOException e) { - // Ignore - } - } - - URL classesURL = servletContext.getResource("/WEB-INF/classes/"); - classLoader.addPermission(classesURL); - URL libURL = servletContext.getResource("/WEB-INF/lib/"); - classLoader.addPermission(libURL); - - if (contextRoot != null) { - - if (libURL != null) { - File rootDir = new File(contextRoot); - File libDir = new File(rootDir, "WEB-INF/lib/"); - try { - String path = libDir.getCanonicalPath(); - classLoader.addPermission(path); - } catch (IOException e) { - } - } - - } else { - - if (workDir != null) { - if (libURL != null) { - File libDir = new File(workDir, "WEB-INF/lib/"); - try { - String path = libDir.getCanonicalPath(); - classLoader.addPermission(path); - } catch (IOException e) { - } - } - if (classesURL != null) { - File classesDir = new File(workDir, "WEB-INF/classes/"); - try { - String path = classesDir.getCanonicalPath(); - classLoader.addPermission(path); - } catch (IOException e) { - } - } - } - - } - - } catch (MalformedURLException e) { - } - - } - - /** * Configure the repositories for our class loader, based on the * associated Context. diff --git a/appserver/web/web-glue/src/main/java/com/sun/web/server/EEInstanceListener.java b/appserver/web/web-glue/src/main/java/com/sun/web/server/EEInstanceListener.java index db6d010db62..cc38b2da0a7 100644 --- a/appserver/web/web-glue/src/main/java/com/sun/web/server/EEInstanceListener.java +++ b/appserver/web/web-glue/src/main/java/com/sun/web/server/EEInstanceListener.java @@ -32,10 +32,7 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import java.security.AccessControlException; -import java.security.AccessController; import java.security.Principal; -import java.security.PrivilegedAction; import java.util.ResourceBundle; import java.util.logging.Level; import java.util.logging.Logger; @@ -59,7 +56,6 @@ import static com.sun.enterprise.security.integration.SecurityConstants.WEB_PRINCIPAL_CLASS; import static com.sun.enterprise.util.Utility.isOneOf; -import static java.security.Policy.getPolicy; import static java.text.MessageFormat.format; import static java.util.logging.Level.FINE; import static java.util.logging.Level.SEVERE; @@ -258,19 +254,8 @@ private Principal getCurrentCallerPrincipal() { return currentSecurityContext.getCallerPrincipal(); } - private static void checkObjectForDoAsPermission(final Object o) throws AccessControlException { - if (System.getSecurityManager() != null) { - AccessController.doPrivileged(new PrivilegedAction() { - @Override - public Void run() { - if (!getPolicy().implies(o.getClass().getProtectionDomain(), doAsPrivilegedPerm)) { - throw new AccessControlException("permission required to override getUserPrincipal", doAsPrivilegedPerm); - } + private static void checkObjectForDoAsPermission(final Object o) { - return null; - } - }); - } } private void handleAfterEvent(InstanceEvent event, InstanceEvent.EventType eventType) { diff --git a/docs/administration-guide/src/main/asciidoc/jvm.adoc b/docs/administration-guide/src/main/asciidoc/jvm.adoc index 2ff90b4775c..19d97b2affc 100644 --- a/docs/administration-guide/src/main/asciidoc/jvm.adoc +++ b/docs/administration-guide/src/main/asciidoc/jvm.adoc @@ -104,7 +104,6 @@ asadmin> list-jvm-options config.serverbeans.AppserverConfigEnvironmentFactory -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks -XX:NewRatio=2 --Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy -Djdbc.drivers=org.apache.derby.jdbc.ClientDriver -Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks -client diff --git a/docs/ha-administration-guide/src/main/asciidoc/instances.adoc b/docs/ha-administration-guide/src/main/asciidoc/instances.adoc index 275d19bd3a2..44b47f2c7d2 100644 --- a/docs/ha-administration-guide/src/main/asciidoc/instances.adoc +++ b/docs/ha-administration-guide/src/main/asciidoc/instances.adoc @@ -1610,11 +1610,9 @@ specify a custom file for the instance `pmd`. [source] ---- asadmin> delete-jvm-options --target pmd --Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy Deleted 1 option(s) Command delete-jvm-options executed successfully. asadmin> create-jvm-options --target pmd --Djava.security.policy=${com.sun.aas.instanceRoot}/config/pmd-config/server.policy Created 1 option(s) Command create-jvm-options executed successfully. ---- diff --git a/docs/reference-manual/src/main/asciidoc/delete-jvm-options.adoc b/docs/reference-manual/src/main/asciidoc/delete-jvm-options.adoc index e12abcff2d8..535715dda49 100644 --- a/docs/reference-manual/src/main/asciidoc/delete-jvm-options.adoc +++ b/docs/reference-manual/src/main/asciidoc/delete-jvm-options.adoc @@ -48,7 +48,7 @@ example, restart is not required for the following Java system property: ** Java system properties whose names start with `-Djava.` or `-Djavax.` (including the trailing period). For example: + -`-Djava.security.manager` +`-Djava.security.manager ** Startup parameters for the Java application launcher. For example: + diff --git a/docs/reference-manual/src/main/asciidoc/list-jvm-options.adoc b/docs/reference-manual/src/main/asciidoc/list-jvm-options.adoc index df10a2cf363..e8b53de1450 100644 --- a/docs/reference-manual/src/main/asciidoc/list-jvm-options.adoc +++ b/docs/reference-manual/src/main/asciidoc/list-jvm-options.adoc @@ -80,7 +80,6 @@ com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks -XX:NewRatio=2 -DANTLR_USE_DIRECT_CLASS_LOADING=true --Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy -Djdbc.drivers=org.apache.derby.jdbc.ClientDriver -Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks -client diff --git a/nucleus/admin/config-api/src/test/resources/ClusterDomain.xml b/nucleus/admin/config-api/src/test/resources/ClusterDomain.xml index 79eab08610a..fb444f616b1 100644 --- a/nucleus/admin/config-api/src/test/resources/ClusterDomain.xml +++ b/nucleus/admin/config-api/src/test/resources/ClusterDomain.xml @@ -101,7 +101,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -228,7 +228,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -355,7 +355,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m diff --git a/nucleus/admin/config-api/src/test/resources/DomainTest.xml b/nucleus/admin/config-api/src/test/resources/DomainTest.xml index 04a7f8f86be..de7ec1d548b 100644 --- a/nucleus/admin/config-api/src/test/resources/DomainTest.xml +++ b/nucleus/admin/config-api/src/test/resources/DomainTest.xml @@ -126,7 +126,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 diff --git a/nucleus/admin/config-api/src/test/resources/parser/c1i1.xml b/nucleus/admin/config-api/src/test/resources/parser/c1i1.xml index 5e497adf711..1457345932e 100644 --- a/nucleus/admin/config-api/src/test/resources/parser/c1i1.xml +++ b/nucleus/admin/config-api/src/test/resources/parser/c1i1.xml @@ -145,7 +145,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -270,7 +270,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -401,7 +401,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -532,7 +532,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -663,7 +663,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -794,7 +794,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -925,7 +925,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/admin/config-api/src/test/resources/parser/c1i1c1i2.xml b/nucleus/admin/config-api/src/test/resources/parser/c1i1c1i2.xml index dae51e382c4..afef2993bee 100644 --- a/nucleus/admin/config-api/src/test/resources/parser/c1i1c1i2.xml +++ b/nucleus/admin/config-api/src/test/resources/parser/c1i1c1i2.xml @@ -156,7 +156,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -281,7 +281,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -412,7 +412,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -543,7 +543,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -674,7 +674,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -805,7 +805,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -936,7 +936,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/admin/config-api/src/test/resources/parser/i1.xml b/nucleus/admin/config-api/src/test/resources/parser/i1.xml index 1fbf770fc18..a4446c1e197 100644 --- a/nucleus/admin/config-api/src/test/resources/parser/i1.xml +++ b/nucleus/admin/config-api/src/test/resources/parser/i1.xml @@ -123,7 +123,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -248,7 +248,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -379,7 +379,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/admin/config-api/src/test/resources/parser/i1i2.xml b/nucleus/admin/config-api/src/test/resources/parser/i1i2.xml index e19e5ab92f5..05686dce06a 100644 --- a/nucleus/admin/config-api/src/test/resources/parser/i1i2.xml +++ b/nucleus/admin/config-api/src/test/resources/parser/i1i2.xml @@ -134,7 +134,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -259,7 +259,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -390,7 +390,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -521,7 +521,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/admin/config-api/src/test/resources/parser/noconfigfori1.xml b/nucleus/admin/config-api/src/test/resources/parser/noconfigfori1.xml index fc062382161..786ec86efec 100644 --- a/nucleus/admin/config-api/src/test/resources/parser/noconfigfori1.xml +++ b/nucleus/admin/config-api/src/test/resources/parser/noconfigfori1.xml @@ -123,7 +123,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -248,7 +248,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -379,7 +379,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/admin/config-api/src/test/resources/parser/stock.xml b/nucleus/admin/config-api/src/test/resources/parser/stock.xml index 365f5d2ccf3..4e6331e7ca4 100644 --- a/nucleus/admin/config-api/src/test/resources/parser/stock.xml +++ b/nucleus/admin/config-api/src/test/resources/parser/stock.xml @@ -135,7 +135,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -293,7 +293,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/admin/launcher/src/test/resources/domains/baddomain/config/domain.xml b/nucleus/admin/launcher/src/test/resources/domains/baddomain/config/domain.xml index 53b68d4b554..744aa988a8e 100644 --- a/nucleus/admin/launcher/src/test/resources/domains/baddomain/config/domain.xml +++ b/nucleus/admin/launcher/src/test/resources/domains/baddomain/config/domain.xml @@ -140,7 +140,7 @@ -Djava.util.logging.manager=org.glassfish.main.jul.GlassFishLogManager - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 diff --git a/nucleus/admin/launcher/src/test/resources/domains/domain1/config/domain.xml b/nucleus/admin/launcher/src/test/resources/domains/domain1/config/domain.xml index 089258d3cc4..0c2917ef018 100644 --- a/nucleus/admin/launcher/src/test/resources/domains/domain1/config/domain.xml +++ b/nucleus/admin/launcher/src/test/resources/domains/domain1/config/domain.xml @@ -142,7 +142,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 diff --git a/nucleus/admin/launcher/src/test/resources/domains/domain2/config/domain.xml b/nucleus/admin/launcher/src/test/resources/domains/domain2/config/domain.xml index 78faa0c7325..1b064118cf9 100644 --- a/nucleus/admin/launcher/src/test/resources/domains/domain2/config/domain.xml +++ b/nucleus/admin/launcher/src/test/resources/domains/domain2/config/domain.xml @@ -141,7 +141,7 @@ -client - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 diff --git a/nucleus/admin/launcher/src/test/resources/domains/domain3/config/domain.xml b/nucleus/admin/launcher/src/test/resources/domains/domain3/config/domain.xml index 35e16ab40b9..b5e58d58d4a 100644 --- a/nucleus/admin/launcher/src/test/resources/domains/domain3/config/domain.xml +++ b/nucleus/admin/launcher/src/test/resources/domains/domain3/config/domain.xml @@ -138,7 +138,7 @@ -client - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 diff --git a/nucleus/admin/launcher/src/test/resources/domains/domainNoLog/config/domain.xml b/nucleus/admin/launcher/src/test/resources/domains/domainNoLog/config/domain.xml index dbf2b9cf60d..75c7ae0b11a 100644 --- a/nucleus/admin/launcher/src/test/resources/domains/domainNoLog/config/domain.xml +++ b/nucleus/admin/launcher/src/test/resources/domains/domainNoLog/config/domain.xml @@ -139,7 +139,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dsun.rmi.dgc.server.gcInterval=3600000 -Dsun.rmi.dgc.client.gcInterval=3600000 diff --git a/nucleus/admin/template/src/main/resources/config/domain.xml b/nucleus/admin/template/src/main/resources/config/domain.xml index e4501904b10..c6e826dbce8 100644 --- a/nucleus/admin/template/src/main/resources/config/domain.xml +++ b/nucleus/admin/template/src/main/resources/config/domain.xml @@ -137,7 +137,7 @@ -Djdk.xml.totalEntitySizeLimit=50000000 -Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -294,7 +294,7 @@ -Djdk.tls.rejectClientInitiatedRenegotiation=true -Djdk.xml.totalEntitySizeLimit=50000000 -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/common/common-util/src/test/resources/big.xml b/nucleus/common/common-util/src/test/resources/big.xml index 0e7af842e93..8eb4e4cbf08 100644 --- a/nucleus/common/common-util/src/test/resources/big.xml +++ b/nucleus/common/common-util/src/test/resources/big.xml @@ -140,7 +140,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Xmx512m -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/common/common-util/src/test/resources/clusters1.xml b/nucleus/common/common-util/src/test/resources/clusters1.xml index 595cf6671e7..f05655a7734 100644 --- a/nucleus/common/common-util/src/test/resources/clusters1.xml +++ b/nucleus/common/common-util/src/test/resources/clusters1.xml @@ -176,7 +176,7 @@ -Djava.awt.headless=true -Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -326,7 +326,7 @@ -Djava.util.logging.config.block=true -Djava.awt.headless=true -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -492,7 +492,7 @@ -Djava.util.logging.config.block=true -Djava.awt.headless=true -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -658,7 +658,7 @@ -Djava.util.logging.config.block=true -Djava.awt.headless=true -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -824,7 +824,7 @@ -Djava.util.logging.config.block=true -Djava.awt.headless=true -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -990,7 +990,7 @@ -Djava.util.logging.config.block=true -Djava.awt.headless=true -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/common/common-util/src/test/resources/manysysprops.xml b/nucleus/common/common-util/src/test/resources/manysysprops.xml index f17b52fed31..0357bed91cb 100644 --- a/nucleus/common/common-util/src/test/resources/manysysprops.xml +++ b/nucleus/common/common-util/src/test/resources/manysysprops.xml @@ -181,7 +181,7 @@ -Djava.awt.headless=true -Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m @@ -331,7 +331,7 @@ -Djava.util.logging.config.block=true -Djava.awt.headless=true -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -500,7 +500,7 @@ -Djava.util.logging.config.block=true -Djava.awt.headless=true -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -666,7 +666,7 @@ -Djava.util.logging.config.block=true -Djava.awt.headless=true -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -832,7 +832,7 @@ -Djava.util.logging.config.block=true -Djava.awt.headless=true -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 @@ -998,7 +998,7 @@ -Djava.util.logging.config.block=true -Djava.awt.headless=true -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/common/common-util/src/test/resources/monitoringFalse.xml b/nucleus/common/common-util/src/test/resources/monitoringFalse.xml index e9330f7b4d9..eaa0e485da6 100644 --- a/nucleus/common/common-util/src/test/resources/monitoringFalse.xml +++ b/nucleus/common/common-util/src/test/resources/monitoringFalse.xml @@ -140,7 +140,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Xmx512m -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/common/common-util/src/test/resources/monitoringNone.xml b/nucleus/common/common-util/src/test/resources/monitoringNone.xml index 66ec20d659f..732b5b9e5ac 100644 --- a/nucleus/common/common-util/src/test/resources/monitoringNone.xml +++ b/nucleus/common/common-util/src/test/resources/monitoringNone.xml @@ -140,7 +140,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Xmx512m -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/common/common-util/src/test/resources/monitoringTrue.xml b/nucleus/common/common-util/src/test/resources/monitoringTrue.xml index e7a1f9b0aae..750582f2283 100644 --- a/nucleus/common/common-util/src/test/resources/monitoringTrue.xml +++ b/nucleus/common/common-util/src/test/resources/monitoringTrue.xml @@ -140,7 +140,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Xmx512m -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/common/common-util/src/test/resources/olddomain.xml b/nucleus/common/common-util/src/test/resources/olddomain.xml index 18aedd6cbf2..ef30bad66e7 100644 --- a/nucleus/common/common-util/src/test/resources/olddomain.xml +++ b/nucleus/common/common-util/src/test/resources/olddomain.xml @@ -122,7 +122,7 @@ -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Xmx512m -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.p12 diff --git a/nucleus/core/kernel/src/main/manpages/com/sun/enterprise/v3/admin/commands/list-jvm-options.1 b/nucleus/core/kernel/src/main/manpages/com/sun/enterprise/v3/admin/commands/list-jvm-options.1 index 869186f4360..404a416d457 100644 --- a/nucleus/core/kernel/src/main/manpages/com/sun/enterprise/v3/admin/commands/list-jvm-options.1 +++ b/nucleus/core/kernel/src/main/manpages/com/sun/enterprise/v3/admin/commands/list-jvm-options.1 @@ -60,7 +60,6 @@ EXAMPLES -Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks -XX:NewRatio=2 -DANTLR_USE_DIRECT_CLASS_LOADING=true - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy -Djdbc.drivers=org.apache.derby.jdbc.ClientDriver -Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.p12 -client diff --git a/nucleus/core/kernel/src/test/resources/DomainTest.xml b/nucleus/core/kernel/src/test/resources/DomainTest.xml index 82a37768268..2762d49127f 100644 --- a/nucleus/core/kernel/src/test/resources/DomainTest.xml +++ b/nucleus/core/kernel/src/test/resources/DomainTest.xml @@ -121,7 +121,7 @@ -Djavax.xml.accessExternalSchema=all -Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder -XX:+UnlockDiagnosticVMOptions - -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy + -Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Xmx512m diff --git a/nucleus/distributions/nucleus-common/src/main/resources/lib/appclient/client.policy b/nucleus/distributions/nucleus-common/src/main/resources/lib/appclient/client.policy deleted file mode 100644 index b297000dd80..00000000000 --- a/nucleus/distributions/nucleus-common/src/main/resources/lib/appclient/client.policy +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0, which is available at - * http://www.eclipse.org/legal/epl-2.0. - * - * This Source Code may also be made available under the following Secondary - * Licenses when the conditions for such availability set forth in the - * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, - * version 2 with the GNU Classpath Exception, which is available at - * https://www.gnu.org/software/classpath/license.html. - * - * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 - */ - -//core server classes get all permissions by default -grant codeBase "file:${com.sun.aas.installRoot}/lib/-" { - permission java.security.AllPermission; -}; - -grant codeBase "file:${com.sun.aas.installRoot}/modules/-" { - permission java.security.AllPermission; -}; - -//iMQ classes get all permissions by default -grant codeBase "file:${com.sun.aas.imqLib}/-" { - permission java.security.AllPermission; -}; - -// Standard extensions get all permissions by default -grant codeBase "file:${java.home}/lib/ext/-" { - permission java.security.AllPermission; -}; - -// For Sun implementations of Java -grant codeBase "file:${java.home}/../lib/tools.jar" { - permission java.security.AllPermission; -}; - -// For Apple implementations of Java -grant codeBase "file:${java.home}/../Classes/classes.jar" { - permission java.security.AllPermission; -}; - - -// default permissions granted to all domains -grant { - permission java.lang.RuntimePermission "loadLibrary.*"; - permission java.lang.RuntimePermission "accessClassInPackage.*"; - permission java.lang.RuntimePermission "exitVM"; - permission java.lang.RuntimePermission "queuePrintJob"; - permission java.lang.RuntimePermission "modifyThreadGroup"; - - permission java.awt.AWTPermission "accessClipboard"; - permission java.awt.AWTPermission "accessEventQueue"; - permission java.awt.AWTPermission "showWindowWithoutWarningBanner"; - - permission java.io.FilePermission "<>", "read,write"; - - permission java.net.SocketPermission "*", "connect,accept,resolve"; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; - - // "standard" properies that can be read by anyone - permission java.util.PropertyPermission "*", "read"; - - // setting the JSSE provider for lazy authentication of app. clients. - // Please do not change it. - permission java.security.SecurityPermission "putProviderProperty.SunJSSE"; - permission java.security.SecurityPermission "insertProvider.SunJSSE"; -}; diff --git a/nucleus/distributions/nucleus-common/src/main/resources/lib/appclient/javaee.client.policy b/nucleus/distributions/nucleus-common/src/main/resources/lib/appclient/javaee.client.policy deleted file mode 100644 index 55adc6e6fd4..00000000000 --- a/nucleus/distributions/nucleus-common/src/main/resources/lib/appclient/javaee.client.policy +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0, which is available at - * http://www.eclipse.org/legal/epl-2.0. - * - * This Source Code may also be made available under the following Secondary - * Licenses when the conditions for such availability set forth in the - * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, - * version 2 with the GNU Classpath Exception, which is available at - * https://www.gnu.org/software/classpath/license.html. - * - * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 - */ - -// App-client EE permissions -grant codebase "file:/module/Car" { - - permission java.awt.AWTPermission "accessClipboard"; - permission java.awt.AWTPermission "accessEventQueue"; - permission java.awt.AWTPermission "showWindowWithoutWarningBanner"; - - permission java.lang.RuntimePermission "loadLibrary.*"; - permission java.lang.RuntimePermission "accessClassInPackage.*"; - permission java.lang.RuntimePermission "exitVM"; - permission java.lang.RuntimePermission "queuePrintJob"; - permission java.lang.RuntimePermission "modifyThreadGroup"; - - - permission java.net.SocketPermission "*", "connect,accept,resolve"; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; - permission java.io.FilePermission "<>", "read,write"; - permission java.util.PropertyPermission "*", "read"; - - // setting the JSSE provider for lazy authentication of app. clients. - // Please do not change it. - permission java.security.SecurityPermission "putProviderProperty.SunJSSE"; - permission java.security.SecurityPermission "insertProvider.SunJSSE"; - - permission java.util.logging.LoggingPermission "control"; -}; - -// Applet-client EE permissions -grant codebase "file:/module/Applet-Client" { - - permission java.net.SocketPermission "*", "connect"; - permission java.util.PropertyPermission "*", "read"; - -}; diff --git a/nucleus/distributions/nucleus-common/src/main/resources/lib/appclient/restrict.client.policy b/nucleus/distributions/nucleus-common/src/main/resources/lib/appclient/restrict.client.policy deleted file mode 100644 index bc8884bc536..00000000000 --- a/nucleus/distributions/nucleus-common/src/main/resources/lib/appclient/restrict.client.policy +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved. - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0, which is available at - * http://www.eclipse.org/legal/epl-2.0. - * - * This Source Code may also be made available under the following Secondary - * Licenses when the conditions for such availability set forth in the - * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, - * version 2 with the GNU Classpath Exception, which is available at - * https://www.gnu.org/software/classpath/license.html. - * - * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 - */ - -// App client default restricted permissions -grant codebase "file:/module/Car" { - //following restricts the use of 'java.security.AllPermission' in permissions.xml - permission com.sun.enterprise.security.perms.VoidPermission; -}; diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/LocalStrings.properties b/nucleus/security/core/src/main/java/com/sun/enterprise/security/LocalStrings.properties index cfe90dc07b2..eec64d3c510 100644 --- a/nucleus/security/core/src/main/java/com/sun/enterprise/security/LocalStrings.properties +++ b/nucleus/security/core/src/main/java/com/sun/enterprise/security/LocalStrings.properties @@ -30,7 +30,6 @@ enterprise.security.keystore=Enter the KeyStore Password enterprise.security.IncorrectKeystorePassword=Incorrect keystore password enterprise.security.keytool=keytool enterprise.security.keytooloptions=Options: -enterprise.security.plcyload.not14=Policy class is not an instance of java.security.Policy. enterprise.security.plcyload.not13=Policy class is not an instance of javax.security.auth.Policy. enterprise.security.securityutil.norolemapper=No Security RoleMapper. Role to Principal Information missing. Required to deploy Applications. enterprise.security.upgrade.warning=Upgrade from v2 EE to v3.1 requires manual steps. Please refer to the v3.1 Upgrade Guide for details. diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/PolicyLoader.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/PolicyLoader.java index 0443296c961..1d12ea44af1 100644 --- a/nucleus/security/core/src/main/java/com/sun/enterprise/security/PolicyLoader.java +++ b/nucleus/security/core/src/main/java/com/sun/enterprise/security/PolicyLoader.java @@ -26,9 +26,6 @@ import jakarta.inject.Singleton; import java.lang.reflect.Method; -import java.security.Permission; -import java.security.Policy; -import java.security.ProtectionDomain; import java.util.Arrays; import java.util.List; import java.util.logging.Logger; @@ -38,8 +35,6 @@ import org.jvnet.hk2.annotations.Service; import org.jvnet.hk2.config.types.Property; -import javassist.ClassPool; -import javassist.CtClass; import javassist.util.proxy.MethodHandler; import javassist.util.proxy.ProxyFactory; import javassist.util.proxy.ProxyObject; @@ -55,7 +50,6 @@ import static java.util.logging.Level.INFO; import static java.util.logging.Level.SEVERE; import static java.util.logging.Level.WARNING; -import static javassist.Modifier.PUBLIC; import static org.glassfish.main.jdke.props.SystemProperties.setProperty; /** @@ -125,30 +119,6 @@ public void loadPolicy() { boolean usePolicyProxy = Boolean.parseBoolean(System.getProperty(POLICY_PROXY, "true")); - Policy policy = null; - if (usePolicyProxy && System.getSecurityManager() != null) { - policy = loadPolicyAsProxy(javaPolicyClassName); - } else { - policy = loadPolicy(javaPolicyClassName); - } - - try { - Policy.setPolicy(policy); - } catch (UnsupportedOperationException e) { - Class authorizationServiceClass = Class.forName("org.glassfish.exousia.AuthorizationService"); - - Method setPolicyMethod = authorizationServiceClass.getMethod("setPolicy", Policy.class); - setPolicyMethod.invoke(null, policy); - } - - // TODO: causing ClassCircularity error when SM ON and - // deployment use library feature and ApplibClassLoader - // it is likely a problem caused by the way classloading is done - // in this case. - if (System.getSecurityManager() == null) { - policy.refresh(); - } - } catch (Exception e) { LOGGER.log(SEVERE, policyInstallError, e.getLocalizedMessage()); throw new RuntimeException(e); @@ -170,32 +140,16 @@ public static T createPolicyProxy(Class targetClass) throws Exception { factory.setSuperclass(targetClass); ProxyObject instance = (ProxyObject) factory.createClass().getDeclaredConstructor().newInstance(); - instance.setHandler(new JakartaAuthenticationGuardHandler(Policy.getPolicy())); return (T) instance; } private static class JakartaAuthenticationGuardHandler implements MethodHandler { - public final static Method impliesMethod = getMethod( - Policy.class, "implies", ProtectionDomain.class, Permission.class); - - private final Policy javaSePolicy; - - public JakartaAuthenticationGuardHandler(Policy javaSePolicy) { - this.javaSePolicy = javaSePolicy; - } @Override public Object invoke(Object self, Method overridden, Method forwarder, Object[] args) throws Throwable { - if (isImplementationOf(overridden, impliesMethod)) { - Permission permission = (Permission) args[1]; - if (!permission.getClass().getName().startsWith("jakarta.")) { - return javaSePolicy.implies((ProtectionDomain)args[0], permission); - } - } - - return forwarder.invoke(self, args); + return null; } public static boolean isImplementationOf(Method implementationMethod, Method interfaceMethod) { @@ -216,43 +170,6 @@ public static Method getMethod(Class base, String name, Class... parameter } - private Policy loadPolicy(String javaPolicyClassName) throws ReflectiveOperationException, SecurityException { - Object javaPolicyInstance = - Thread.currentThread() - .getContextClassLoader() - .loadClass(javaPolicyClassName) - .getDeclaredConstructor() - .newInstance(); - - if (!(javaPolicyInstance instanceof Policy)) { - throw new RuntimeException(SM.getString("enterprise.security.plcyload.not14")); - } - - return (Policy) javaPolicyInstance; - } - - private Policy loadPolicyAsProxy(String javaPolicyClassName) throws Exception { - ClassPool pool = ClassPool.getDefault(); - CtClass clazz = pool.get(javaPolicyClassName); - clazz.defrost(); - clazz.setModifiers(PUBLIC); - - Object javaPolicyInstance = - createPolicyProxy( - clazz.toClass( - Thread.currentThread() - .getContextClassLoader() - .loadClass(System.getProperty(POLICY_CONF_FACTORY)))); - - if (!(javaPolicyInstance instanceof Policy)) { - throw new RuntimeException(SM.getString("enterprise.security.plcyload.not14")); - } - - javaPolicyInstance.toString(); - - return (Policy) javaPolicyInstance; - } - /** * Returns an authorization module object representing the jacc element from domain.xml which is configured in security-service. * diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityContext.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityContext.java index 5e7d63118af..44cc6a75f26 100644 --- a/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityContext.java +++ b/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityContext.java @@ -316,24 +316,7 @@ public static void setCurrent(SecurityContext securityContext) { } boolean permitted = false; - try { - java.lang.SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - _logger.fine("permission check done to set SecurityContext"); - sm.checkPermission(doAsPrivilegedPerm); - } - permitted = true; - } catch (java.lang.SecurityException se) { - _logger.log(SEVERE, SecurityLoggerInfo.securityContextPermissionError, se); - } catch (Throwable t) { - _logger.log(SEVERE, SecurityLoggerInfo.securityContextUnexpectedError, t); - } - - if (permitted) { - currentSecurityContext.set(securityContext); - } else { - _logger.severe(SecurityLoggerInfo.securityContextNotChangedError); - } + _logger.severe(SecurityLoggerInfo.securityContextNotChangedError); } public static void setUnauthenticatedContext() { diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityLifecycle.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityLifecycle.java index bac0cf78078..465532e7a67 100644 --- a/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityLifecycle.java +++ b/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityLifecycle.java @@ -19,12 +19,10 @@ import com.sun.enterprise.security.audit.AuditManager; import com.sun.enterprise.security.auth.realm.RealmsManager; -import com.sun.enterprise.security.common.Util; import jakarta.inject.Inject; import jakarta.inject.Singleton; -import java.util.logging.Level; import java.util.logging.Logger; import org.glassfish.api.event.EventListener; @@ -35,12 +33,8 @@ import org.jvnet.hk2.annotations.Optional; import org.jvnet.hk2.annotations.Service; -import static com.sun.enterprise.security.SecurityLoggerInfo.secMgrDisabled; -import static com.sun.enterprise.security.SecurityLoggerInfo.secMgrEnabled; -import static com.sun.enterprise.security.common.Util.writeConfigFileToTempDir; import static java.util.logging.Level.INFO; import static org.glassfish.api.event.EventTypes.SERVER_SHUTDOWN; -import static org.glassfish.main.jdke.props.SystemProperties.setProperty; /** * This class extends default implementation of ServerLifecycle interface. It provides security initialization and setup @@ -55,7 +49,6 @@ public class SecurityLifecycle implements PostConstruct, PreDestroy { private static final Logger _logger = SecurityLoggerInfo.getLogger(); private static final String SYS_PROP_LOGIN_CONF = "java.security.auth.login.config"; - private static final String SYS_PROP_JAVA_SEC_POLICY = "java.security.policy"; @Inject private PolicyLoader policyLoader; @@ -76,22 +69,6 @@ public class SecurityLifecycle implements PostConstruct, PreDestroy { private EventListener listener; - public SecurityLifecycle() { - try { - if (Util.isEmbeddedServer()) { - // If the user-defined login.conf/server.policy are set as system properties, then they are given priority - setProperty(SYS_PROP_LOGIN_CONF, writeConfigFileToTempDir("login.conf").toURI().toURL().toExternalForm(), false); - setProperty(SYS_PROP_JAVA_SEC_POLICY, writeConfigFileToTempDir("server.policy").getAbsolutePath(), false); - } - - // security manager is set here so that it can be accessed from - // other lifecycles, like PEWebContainer - _logger.info(System.getSecurityManager() == null ? secMgrDisabled : secMgrEnabled); - } catch (Exception ex) { - _logger.log(Level.SEVERE, "java_security.init_securitylifecycle_fail", ex); - throw new RuntimeException(ex.toString(), ex); - } - } // override default public void onInitialization() { diff --git a/nucleus/security/services/src/main/java/org/glassfish/security/services/common/SecurityAccessFilter.java b/nucleus/security/services/src/main/java/org/glassfish/security/services/common/SecurityAccessFilter.java index 37c4076de37..d9742faa4dc 100644 --- a/nucleus/security/services/src/main/java/org/glassfish/security/services/common/SecurityAccessFilter.java +++ b/nucleus/security/services/src/main/java/org/glassfish/security/services/common/SecurityAccessFilter.java @@ -27,7 +27,6 @@ public class SecurityAccessFilter implements Filter { - private static final String SYS_PROP_JAVA_SEC_POLICY = "java.security.policy"; private static final Logger LOG = SecurityAccessValidationService._theLog; private static boolean javaPolicySet = @@ -35,14 +34,7 @@ public class SecurityAccessFilter implements Filter { @Override public Boolean run() { - Boolean rtn = Boolean.FALSE; - - String wlsName = System.getProperty(SYS_PROP_JAVA_SEC_POLICY); - - if ( wlsName != null && !wlsName.isEmpty() ) - rtn = Boolean.TRUE; - - return rtn; + return false; } }); diff --git a/nucleus/security/services/src/main/java/org/glassfish/security/services/impl/authorization/AuthorizationServiceImpl.java b/nucleus/security/services/src/main/java/org/glassfish/security/services/impl/authorization/AuthorizationServiceImpl.java index a642664e48e..d5f036484db 100644 --- a/nucleus/security/services/src/main/java/org/glassfish/security/services/impl/authorization/AuthorizationServiceImpl.java +++ b/nucleus/security/services/src/main/java/org/glassfish/security/services/impl/authorization/AuthorizationServiceImpl.java @@ -27,7 +27,6 @@ import java.security.CodeSigner; import java.security.CodeSource; import java.security.Permission; -import java.security.Policy; import java.security.Principal; import java.security.ProtectionDomain; import java.util.ArrayList; @@ -204,10 +203,7 @@ public boolean isPermissionGranted( Set principalset = subject.getPrincipals(); Principal[] principalAr = (principalset.size() == 0) ? null : principalset.toArray(new Principal[principalset.size()]); ProtectionDomain pd = new ProtectionDomain(NULL_CODESOURCE, null, null, principalAr); - Policy policy = Policy.getPolicy(); - boolean result = policy.implies(pd, permission); - - return result; + return false; }