Our Java policy file used to just be:
grant {
permission java.security.AllPermission;
};
I am trying to make our application more secure than just granting everything to everyone. I have it working well except I am having troubles giving permission to files.
The error I currently get is:
java.security.AccessControlException: access denied (java.io.FilePermission \\server.log write)
I have tried so many combinations of things, such as:
permission java.io.FilePermission "\\\\server.log", "write";
permission java.io.FilePermission "C:\\Temp\\logs\\server.log", "write";
permission java.io.FilePermission "\\server.log", "write";
permission java.io.FilePermission "${TEMP}${/}-", "write";
permission java.io.FilePermission "*", "read,write";
The only thing I can get it to work is using:
grant {
permission java.security.AllPermission;
};
I get the error "java.io.FileNotFoundException: \server.log (The filename, directory name, or volume label syntax is incorrect)" when using (even when the files do exist):
permission java.io.FilePermission "<<ALL FILES>>", "write";
Just wondering if anyone had any other ideas to try. I don't really want to have to resort to granting all just to get the file permissions right, obviously I am missing something.
EDIT:
I just realized that maybe this is a clue in the log file:
log4j:ERROR setFile(null,false) call failed.
Maybe I need some permissions for this specifically? Digging around Google now....
In Oracle documentation have some examples: https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc3.html
permission java.io.FilePermission "myfile", "read,write";
permission java.io.FilePermission "/home/gong/", "read";
permission java.io.FilePermission "/tmp/mytmp", "read,delete";
permission java.io.FilePermission "/bin/*", "execute";
permission java.io.FilePermission "*", "read";
permission java.io.FilePermission "/-", "read,execute";
permission java.io.FilePermission "-", "read,execute";
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "c:\\temp\\foo", "read,write,delete")
\\this one works for me