I'm in the process of deploying an app to my ISP, who is running Tomcat 4.1.29 and has the security manager enabled. Since there are many applications running he will only allow specific system properties to be read. I'm currently getting an exception (stack trace below) and have traced it back to the
cirrus.hibernate.Environment class. For some reason Environment is calling
properties.putAll( System.getProperties() ); and does not take into account that this may throw an
AccessControlException.
What is the work around for this? (And finding a more lax ISP is not an option ;0)
I'm curious as to why Hibernate would even need to have access to the "global" System properties in the first place. If it's just to override Hibernate specific properties on the commandline, then a better solution is to explicitly define those. IMO, when it comes down to security, fine granularity is a good thing.
Cheers,
Brad
Code:
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1243)
at java.lang.System.getProperties(System.java:501)
at cirrus.hibernate.Environment.<clinit>(Environment.java:310)
Login
FAQ
Search