AccessControlException in doPriveledge

Question

We are trying to get the number of files from a directory using the below code:

   File dataDir = new File(dataHome);
            final File privdataDir = dataDir;
            System.out.println("The datadir is : \n"+dataDir+"The privdataDir is : \n"+privdataDir);
            int count = 0;
            final int[] privcount = {0};


            if (privdataDir != null) {
                System.out.println("Going into doPriveledge block");
            AccessController.doPrivileged(new PrivilegedAction() {
                public Object run()
                {

                    privcount[0] = privdataDir.list().length;
                    return null;

                }
            });
            }

            count = privcount[0];
            System.out.println("The count is : "+count);

The dataDir variable refers to path : C:\MyApp\config It is throwing AccessControlException at the following line in the code :

privcount[0] = privdataDir.list().length;

The exception is:

[ERROR][SmartlinkThread] 2015-03-18 07:22:59.0862 GMT: SmartlinkThread: Error processing agg interval: java.security.AccessControlException: Access denied (java.io.FilePermission C:\MyApp\config read) <AggIntervalTaskThread>
[ERROR][SmartlinkThread] 2015-03-18 07:22:59.0862 GMT: java.security.AccessControlException: Access denied (java.io.FilePermission C:\MyApp\config read) <AggIntervalTaskThread>
[ERROR][SmartlinkThread] 2015-03-18 07:22:59.0863 GMT:  at java.security.AccessController.checkPermission(AccessController.java:132) <AggIntervalTaskThread>
[ERROR][SmartlinkThread] 2015-03-18 07:22:59.0863 GMT:  at java.lang.SecurityManager.checkPermission(SecurityManager.java:544) <AggIntervalTaskThread>
[ERROR][SmartlinkThread] 2015-03-18 07:22:59.0863 GMT:  at java.lang.SecurityManager.checkRead(SecurityManager.java:883) <AggIntervalTaskThread>
[ERROR][SmartlinkThread] 2015-03-18 07:22:59.0863 GMT:  at java.io.File.list(File.java:982) <AggIntervalTaskThread>

The following has already been added to the java.policy file and server.policy file

grant codeBase "file:C:/MyApp/-" {
permission java.security.AllPermission;
};            

This code is being run for IBM Websphere 8.0.x. In another part of the same application, it is giving the same error while reading a file. We are not able to understand why the code is giving this error even though all the permissions have already been granted to it. Any help would be appreciated.

Answer 1

I'm assuming you have web application that you deploy on WebSphere, and you have Java 2 Security enabled.

You should create in the EAR/META-INF/was.policy file, with the following content (your codeBase is incorrect):

grant codeBase "file:${application}" {
  permission java.security.AllPermission;
};

If you done that correctly, this file should be displayed during installation via web console.

For more details about creating policy files for WebSphere applications check Configuring the was.policy file for Java 2 security

Answer 2

Posting what had worked for me.

Our complete application does not deploy on Websphere. Only a part of it's code integrates with Websphere and collects some relevant data. We believe some other web application which had been deployed on Websphere may have been enabling Java 2 Security. Added the following statement to the server.policy and java.policy files:

grant{
permission java.security.AllPermission;
};

Please note that this grants permission to everything to do anything in Websphere.