IDependOn-Set: 1
IDependOn-Set: 2
IDependOn-Set: 287
IDependOn-Set: 298
IDependOn-Set: 307
IDependOn-Set: 7
LastModifiedSecs: 936993557
Parent: 7
SequenceNumber: 3
Title: JServ and JDK1.2 (Java Plattform 2) Configuration Issues
Part: 0
Author-Set: wimpi@oehwww.unileoben.ac.at
LastModifiedSecs: 936993557
Type: html
Lines: 77
<p>If you want to deploy JServ running under jdk 1.2 (Java Platform 2)
you might encounter some troubles with the fact that security
is handled far different from the 1.1 versions.</p> 
<p>        
Without an edited java.policy file you might encounter
major deadlocks on calling a servlet. This has obviously
following reasons:
</P>
<p>
<li>the JServ ClassLoader!
<li>The fact that the APJ Protocol runs via a socket and needs to accept
connection(s).
</p>
<p>
Here is a list of things you should consider in case you
want to run JServ on jdk1.2:<br>
<ol>
<li> set permissions granting reading access to all class files AND
properties files you use in any of your servlet zones.    
<li> set permissions granting ClassLoader creation
<li> set permissions granting socket listening and accepting rights
</ol>  
This should be done SECURELY and not by simply
granting ALL RIGHTS.
<p>
Following will guide you doing this:
<ul>
<li> The <path to jdk1.2.* guide>/security/permissions.html
<li> The <path to jdk1.2.* guide>/security/PolicyFiles.html
<li> Following example:
</ul>       
<pre>
grant codeBase "file:/path/to/ApacheJServ.jar" {        //will grant this rights only to JServ
        
        //FileRead Permissions to class files that should be loaded via
        //the the JServ class loader.
        //(e.g: anything you refered to in any zones repository property).
        //Note:
        //The $quot;/-&quot; means that the permission is granted recursive
        //for anything in the named directory.
        permission java.io.FilePermission "/path/to/classes/or/jars/-", "read";

        //FileRead Permissions to <zone>.properties files
        permission java.io.FilePermission "/path/to/properties/-", "read";

        //FileRead Permissions to any properties loaded by any of your own servlets/classes
        //that are in turn loaded by the JServ ClassLoader.
        //(eg. anything you referred to in any zones repository property)
        permission java.io.FilePermission "/path/to/zone/configdir/<any>.properties" , "read";

        
        //....I guess you got somehow.
        
        //ClassLoader creation permission to allow JServ deploying its own
        //ClassLoader.
        permission java.lang.RuntimePermission "createClassLoader";
        
        //Socket listening and accepting permissions
        permission java.net.SocketPermission "*:<jservport>","connect,accept,listen,resolve";
};

</pre> 

If you add something similar to your systems or users java.policy file
the problems should be resolved (more or less secure).
<p>
A note on how to find the system policy file:<br>
it is obviously by default located at
<pre>
        <java.home>/lib/security/java.policy  (Solaris)
        <java.home>/jre/lib/security/java.policy (Linux JDK1.2 pre-v2 from  Blackdown.org)
        <java.home>\lib\security\java.policy  (Windows)
</pre>        
        
I hope that helps to get started, any further permission problems
should be resolvable with the help of the jdk1.2.* (Java Platform 2) guide.

EndPart: 0
