How do I specify in jee 7 permissions.xml

Question

I have a JAXRS web application that is being deployed to a Wildfly 10 standalone server. I am trying to create a restrictive META-INF/permissions.xml security policy in my war file, but I am struggling to get the java.io.FilePermission to recognize a property expansion. When I use it in a .policy file, this works fine:

permission java.io.FilePermission       "${myProperty}", "read,write,execute";

But, when I port it to the permissions.xml, it generates a java.security.AccessControlException:

<permission>
   <class-name>java.io.FilePermission</class-name>
   <name>${myProperty}</name>
   <actions>read,write,execute</actions>
</permission>

or

<permission>
    <class-name>java.io.FilePermission</class-name>
    <name>${myProperty}${/}-</name>
    <actions>read,write,execute</actions>
 </permission>

or

<permission>
   <class-name>java.io.FilePermission</class-name>
   <name>&amp;lt;&amp;lt;ALL FILES&amp;gt;&amp;gt;</name>
   <actions>read,write,execute</actions>
</permission>

or

<permission>
   <class-name>java.io.FilePermission</class-name>
   <name>*</name>
   <actions>read,write,execute</actions>
</permission>

I can't seem to get it to work. All of the above combinations fail.

Is there a way to make Property Expansion work in the permissions.xml? Is there a way to make <ALL FILES> FilePermission work in the permissions.xml?

score 2 · Accepted Answer · answered Dec 16 '17 at 14:22

2

Have you tried this:

<permission>
   <class-name>java.io.FilePermission</class-name>
   <name>&lt;&lt;ALL FILES&gt;&gt;</name>
   <actions>read,write,execute</actions>
</permission>

?

answered Dec 16 '17 at 14:22

David M. Lloyd

2,805
1
12
10

That did it. Thank you! – Eric Wetmiller Mar 14 '18 at 22:04
Thanks. I just have a silly question how can I verify that this permission policy has applied successfully? – Vaibhav Miniyar May 31 '21 at 07:53

How do I specify in jee 7 permissions.xml

1 Answers1