Permissions needed to work in secure mode
You need to add special permissions if the web application server will be running in secure mode during the scan.
- Permission to access "getClassLoader" (java.lang.RuntimePermission)
- Permission to use "accessClassInPackage.sun.net.www.protocol.*" (java.lang.RuntimePermission)
- Read permission to the "java.io.tmpdir" property (java.util.PropertyPermission)
- Read/Write permission to "<<ALL FILES>>"
If necessary, consult your web server manual for instructions on how and where to add these Java Security permissions. The sections below provide some sources and examples that may help you in doing this. It should be stressed that the examples are examples only, and would almost certainly need adaptation to work in your particular case.
HCL® WebSphere®
Guide:
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/topic/com.ibm.websphere.express.doc/info/exp/ae/tsec_waspolicyfile.html
Outline of lines to be added:
grant codeBase "file:${application}" {
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.net.www.protocol.*";
permission java.io.FilePermission "<>", "read, write";
permission java.util.PropertyPermission "java.io.tmpdir", "read";
};
Location:
<profile_root>/config/cells/<cell_name>/applications/<ear_file_name>
/deployments/<application_name>/META-INF/was.policy
Example of lines to be added:
"C:\Program Files (x86)\IBM\WebSphere\AppServer\profiles\AppSrv01
\config\cells\ROIS-PSNode01Cell\applications\GBootStrap_war.ear
\deployments\GBootStrap_war\META-INF\was.policy")
Apache Tomcat
Guide:
http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html#Configuring_Tomcat_With_A_SecurityManager
Outline of lines to be added:
grant codeBase "file:${catalina.base}/webapps/GBootStrap/-"{
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.net.www.protocol.*";
permission java.io.FilePermission "<<ALL FILES>>">>", "read, write";
permission java.util.PropertyPermission "java.io.tmpdir", "read";
};
Location:
<CATALINA_HOME>/conf/catalina.policy
Example of lines to be added:
"C:\Software\Tomcat\apache-tomcat-6.0.33\conf\catalina.policy"
Weblogic
Guide:
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/security/server_prot.html
Specifically refer to the section entitled "Setting Application-Specific Security Policies"
Outline of lines to be added:
<security-permission>
<description>
Allow getting the J2EEJ2SETest4 property
</description>
<security-permission-spec>
grant {
permission java.util.PropertyPermission
"welcome.J2EEJ2SETest4","read";
};
</security-permission-spec>
</security-permission>
Line to be added:
weblogic.xml
JBoss
Guide:
http://docs.jboss.org/jbossweb/latest/security-manager-howto.html
Outline of lines to be added:
grant codeBase "file:${catalina.base}/webapps/GBootStrap/-"{
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.net.www.protocol.*";
permission java.io.FilePermission "ALL FILES", "read, write";
permission java.util.PropertyPermission "java.io.tmpdir", "read";
};
Line to be added:
CATALINA_HOME/conf/catalina.policy