Oracle GlassFish Server 3.0.1 Troubleshooting Guide

Issues Related to Security

java.security.AccessControlException: Access Denied Error

Description

The following error occurs from an application client, or appears in the server.log file:

java.security.AccessControlException: access denied
(java.util.PropertyPermission name write...)

There is a permissions issue in the policy files. Either the client.policy file for the application client or the server.policy file for server side components does not have permission to set the property.

Solution

Add the permission in client.policy (for the application client), or in server.policy (for web modules) for the application that needs to set the property. By default, applications only have read permission for properties.

For example, to grant read/write permission for all files in the codebase directory, add or append the following to client.policy or server.policy:

grant codeBase "file:/.../build/sparc_SunOS/sec/-" {
   permission java.util.PropertyPermission "*", "read,write";
 };

Mutual Authentication Not Working With the Application Client

Description

This failure can occur when the keystore and truststore properties are not set properly.

Solution

Set the following properties on the JVM:

javax.net.ssl.keyStore=
<keystore-file-path>;javax.net.ssl.trustStore=<truststore-file-path>

To use the application client, set the environment variable VMARGS to the following value:


-Djavax.net.ssl.keyStore=${admin.domain.dir}/${admin.domain}/config/keystore.jks
-Djavax.net.ssl.trustStore=${admin.domain.dir}/${admin.domain}/config/cacerts.jks