Deployment on Administration Server 8.1 with non-default URIs is inaccessible (6308426) (Sun Java Enterprise System 2005Q4 Release Notes)

Sun Java Enterprise System 2005Q4 Release Notes

Previous: Possible security exposure via HTTP administration interface (6252097)
Next: Administration Server patch fails to apply when server is stopped (6273652)

Deployment on Administration Server 8.1 with non-default URIs is inaccessible (6308426)

If you install Access Manager 7.0 on Application Server 8.1 and choose non-default URIs for Access Manager (for example, idserver instead of amconsole and idconsole instead of amconsole). Specifically, in the amas81configfile, the configureServerPolicy() does not account for the use case in which Access Manager is being configured with default URIs. Instead it assumes that the Access Manager war files will be deployed with the default URIs and grant permissions to amserver.war, amconsole.war, and ampassword.war.

Solution Perform the following procedure:

Stop the application server instance on which Access Manager was deployed.
Change to the following directory: ${AS_DOMAINS_DIR}/${AS_DOMAIN}/config
Type the following command: cp server.policy server.policy.orig
Locate the following policies grant codeBase: "file:\${com.sun.aas.instanceRoot}/applications/j2ee-modules/amserver/-" { permission java.net.SocketPermission "*", "connect,accept,resolve"; permission java.util.PropertyPermission "*", "read, write"; }; grant codeBase "file:\${com.sun.aas.instanceRoot}/applications/j2ee-modules/amconsole/-" { permission java.net.SocketPermission "*", "connect,accept,resolve"; permission java.util.PropertyPermission "*", "read, write"; }; grant codeBase "file:\${com.sun.aas.instanceRoot}/applications/j2ee-modules/ampassword/-" { permission java.net.SocketPermission "*", "connect,accept,resolve"; permission java.util.PropertyPermission "*", "read, write"; };
Replace "amserver" with the URI for the services web application in the line grant codeBase "file:\${com.sun.aas.instanceRoot}/applications/j2ee-modules/amserver/-" {
For legacy mode installations, replace "amconsole" with the URI for the console web application in the line grant codeBase "file:\${com.sun.aas.instanceRoot}/applications/j2ee-modules/amconsole/-" {
Replace "ampassword" with the URI for the password web application in the line grant codeBase "file:\${com.sun.aas.instanceRoot}/applications/j2ee-modules/ampassword/-" {
Start the application server instance on which Access Manager was deployed.