| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| SOLVED: WMQ Internet pass-thru Support Pac (MS81) |
« View previous topic :: View next topic » |
| Author |
Message
|
| Michael Dag |
 Posted: Tue Mar 09, 2010 10:23 am Post subject: |
 |
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
Can you post the working policy file then? or the parts that are relevant?
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Tue Mar 09, 2010 2:47 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20767
Location: LI,NY
|
( 6 )
Of course I completely obscured the Windows angle.
If you google a bit all the java path and policy file stuff you should find an entry stating that IIRC adding a $/ at the end of the file name after a space tells that you are using / as separator and removes the need for a \...
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Mar 10, 2010 12:07 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Michael Dag wrote: |
| Can you post the working policy file then? or the parts that are relevant? |
Below is the complete content of the java.policy file, which sits in the $JREHOME\lib\security directory. I fully acknowledge that it is perhaps not the best way to do things, however I need to progress and can get it working 'properly' later...
| Code: |
/* AUTOMATICALLY GENERATED ON Tue Mar 09 15:42:46 GMT 2010*/
/* DO NOT EDIT */
grant codeBase "file:/C:/Program%20Files/Java/jre6/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/C:/WINDOWS/Sun/Java/lib/ext/*" {
permission java.security.AllPermission;
};
grant {
permission java.lang.RuntimePermission "stopThread";
permission java.net.SocketPermission "localhost:1024-", "listen";
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
};
grant codeBase "file:/c:/mqipt/lib/com.ibm.mq.ipt.jar" {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.util.PropertyPermission "user.dir", "read";
permission java.util.PropertyPermission "user.home", "read";
permission java.util.PropertyPermission "file.encoding", "read";
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.io.FilePermission "c:\\mqipt", "read";
permission java.io.FilePermission "c:\\mqipt\\errors\\*", "read, write";
permission java.io.FilePermission "c:\\mqipt\\logs\\*", "read, write";
permission java.io.FilePermission "c:\\mqipt\\exits\\*", "read";
permission java.io.FilePermission "c:\\mqipt\\ssl\\*", "read";
permission java.io.FilePermission "c:\\mqipt\\lib\\*", "execute";
permission java.io.FilePermission "c:\\mqipt\\bin\\*", "execute";
permission java.io.FilePermission "c:\\mqipt\\*", "read, write";
permission java.net.SocketPermission "127.0.0.1:1024-", "accept, listen, resolve";
permission java.net.SocketPermission "127.0.0.1:14161", "connect, resolve";
};
|
The last two entries (SocketPermission) are for a client and queue manager on my test box.
The only security reference in the mqipt.conf file now is the SecurityManager=true stanza in the [global] section.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Mar 10, 2010 10:28 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20767
Location: LI,NY
|
The lower part (mqipt code base) is normally found in the mqipt.policy file in the <install>/ssl directory of mqipt.
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Mar 10, 2010 11:57 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| fjb_saper wrote: |
The lower part (mqipt code base) is normally found in the mqipt.policy file in the <install>/ssl directory of mqipt.
Have fun |
fj,
As I stated in a previous post:
| Quote: |
| By replicating the mqipt.policy entries into the global java.policy file, I can get the IPT to start. I used the policytool to do the editing, and interestingly it strips out additional forward slashes and adds in additional back-slashes. |
I have to move forward on this and the 'fix' allows me to do so. Once I have the deeper knowledge and process for what I need to achieve, I can revert back to how it 'should' be and fault diagnose further - time is pressing unfortunately.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| exerk |
| Posted: Fri Mar 12, 2010 2:27 am Post subject: FINAL UPDATE |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Using the policytool to make the entries in the policy files then comparing the different files gave me the answer. I am now running the IPT with a separate policy file and the answer is the single / construction on the "grant codebase" element, and the \\ construction on the "permission" elements. I'm not sure if this is a "me" thing due to the setup of the two machines I'm using, or an IPT thing as I'm using V2.0.
Again, my thanks to all for the assistance rendered.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Mar 12, 2010 8:44 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20767
Location: LI,NY
|
| fjb_saper wrote: |
If you google a bit all the java path and policy file stuff you should find an entry stating that IIRC adding a $/ at the end of the file name after a space tells that you are using / as separator and removes the need for a \...
Have fun |
Note, I haven't tried it, but I read about it. This is supposed to make those things more portable. The right thing if it doesn't work is to use policy tool as you did to review the contents of the policy file....
Thanks for sharing your solution
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
