Granting access to Java Logger with java.policy file not working in Domino 9.0.1

Question

After I upgraded our 32bit dedicated Windows 2003 server from 9.0 to 9.0.1 this part in java.policy file stopped working:

permission java.util.logging.LoggingPermission "control";

which means I'm not able to use Java Logger. I get this:

HTTP JVM: java.security.AccessControlException: Access denied (java.util.logging.LoggingPermission control)
HTTP JVM:   at java.security.AccessController.throwACE(AccessController.java:100)
HTTP JVM:   at java.security.AccessController.checkPermission(AccessController.java:166)
HTTP JVM:   at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
HTTP JVM:   at java.util.logging.LogManager.checkPermission(LogManager.java:317)
HTTP JVM:   at java.util.logging.LogManager.checkAccess(LogManager.java:311)
HTTP JVM:   at java.util.logging.Logger.addHandler(Logger.java:548)

I even tried copying the java.policy file from 64bit 9.0 virtual server where it works and restarted HTTP. Then I tested with a replica of an application that works on 9.0 server and it gave this error on 9.0.1 server.

The Java code is in Code/Java elements and it is called from an XPage.

How do I grant permissions to Java in Domino 9.0.1?

Update:

If I add this:

permission java.security.AllPermission;

then it works. So it is reading the java.policy file but granting access to logging does not work any more, at least not the same way it works in 9.0.1. Granting AllPermission is definitely not the solution I'm looking for.

Lars Migula seems to have the same problem after a fixpack install in 8.5.3.

score 1 · Answer 1 · answered Dec 19 '13 at 10:45

1

By the way put your changes in the java.pol file not the java.policy file. Just create a it in the same directory as the java.policy file. java.pol doesn't get replaced by upgrades / fixpacks...

answered Dec 19 '13 at 10:45

umeli

165
1
5

Yes I know but that's not the issue here. – Panu Haaramo Dec 19 '13 at 11:15

score 0 · Accepted Answer · answered Dec 05 '13 at 08:08

IBM support told me this:

this issue matches a known issue described in SPR# RGAU9CSBWA linked with APAR LO77612 . This issue was first reported in 8.5.3 FP 5 and reproduced also in 9.0.1

I added the link which does not work currently, hopefully because of temporary problems at IBM site. I was able to see this much of it:

LO77612: MODIFIED JAVA.POLICY IGNORED AFTER INSTALLING FIXPACK 5 ON DOMINO 8.5.3

Temporary fix

java.security.AllPermission; to the java.policy file.

They will create a Customer Report for me also and hopefully this gets fixed soon.

Granting access to Java Logger with java.policy file not working in Domino 9.0.1

2 Answers2