This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • Java security permissions
Skip to end of metadata
Go to start of metadata

Version 1.1 may require property permissions and OGNL permissions that are not listed here. Please update this page if you know more about it.

For version 1.2 and up, you seem to need (Tomcat conf/catalina.policy syntax):

// For substitution of one object for another during serialization
// or deserialization. This is used in ReplaceObjectOutputStream,
// which is used for page versioning (undoing changes).
permission java.io.SerializablePermission "enableSubstitution";

// For FilePageStore's custom serialization
permission java.io.SerializablePermission "enableSubclassImplementation";

// For crypted URL functionality (see WebRequestWithCryptedUrl).
permission java.security.SecurityPermission "insertProvider.SunJCE";
// The following was required to get Wicket, at least the examples, to work at all
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

If you are doing file uploads, you need to grant (if not already granted)

permission java.util.PropertyPermission "java.io.tmpdir", "read";

and for Wicket properties to work (currently only the development/ production flag falls in this category, which if provided as a system property -Dwicket.configuration=(development/deployment) will override any set in the web.xml file), you'll need to add

permission java.util.PropertyPermission "wicket.*", "read";

I added the following to my /etc/tomcat5.5/policy.d/50user.policy to make my small Wicket application work on Tomcat 5.5 on Debian:

grant codeBase "jar:file:/var/lib/tomcat5.5/webapps/simile-timeline-demo/WEB-INF/lib/wicket-1.3.5.jar!/-" {
 permission java.util.PropertyPermission "org.apache.wicket.*", "read";

 permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

grant codeBase "file:/var/lib/tomcat5.5/webapps/simile-timeline-demo/WEB-INF/classes/-" {
 permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
  • No labels