Skip to Content
0
Former Member
Dec 19, 2007 at 09:23 PM

RMI security issue

19 Views

Hi, there!

I have a security issue when I try to run RMI client code in the web application on the Web AS 2004s. There is

lookup statement in JSP or servlet code:

Naming.lookup("//server/RemoteClass")

which throws

java.io.AccessControlException: access denied (java.io.FilePermission

D:\usr\sap\AS1\JC00\j2ee\cluster\server0\apps\sap.com\MyEntApp\servlet_jsp\MyWebApp\work\com\mycompany\packagename\RemoteClassImpl_Stub.class read)

I have investigated where "java.security.policy" parameter is setup, there has value "./java.policy". This file is

regenerated each time when web AS is started, thus I created another policy file, granted file permission for

above path and set it as -Djava.security.policy in server start parameter. It doesn't resolve problem, I have

investigated this parameter doesn't correlate with real application run-time permissions. Have anybody ideas?

Thanks

P.S. This code works fine as a standalone application.