Hi everyone,
We use a third-party library in a portlet application which gets a snapshot of all system properties:
1Properties systemProperties = System.getProperties();
2....
3properties.putAll(systemProperties); //properties is a static variable in this library
in liferay-plugin-package.properties i have set:
1security-manager-properties-read=*
When
security-manager-enabled is set to "generate", it does not add anything more in pacl-policy. The generator does not seem to see it, and everything works finely. But when i turn
security-manager-enabled to true, i get an exception such:
1 Caused by: java.security.AccessControlException: Access denied ("java.util.PropertyPermission" "*" "read,write")
2 at com.liferay.portal.security.pacl.PortalPolicy.implies(PortalPolicy.java:195)
3 at java.security.ProtectionDomain.implies(ProtectionDomain.java:272)
4 at java.security.AccessControlContext.checkPermission(AccessControlContext.java:350)
5 at java.security.AccessController.checkPermission(AccessController.java:559)
6 at com.liferay.portal.security.pacl.PortalSecurityManagerImpl.checkPermission(PortalSecurityManagerImpl.java:299)
7 at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1269)
8 at java.lang.System.getProperties(System.java:623)
Is this "System.getProperties" strictly forbidden, even if we give a read access on all properties?
Is there a possible workaround, or should we have to change the source code of this library?
Thanks!
Signez svp dedans pour marquer ceci comme inadéquat.
