Question

Adding local exceptions on Cloud Security Emulation

0

Hi, is there a way to set security permission specifically for a single Mendix project? So that I can develop and test locally with cloud security emulation and extra permissions. Situation is that we're struggling to get some Java library calls working in the cloud node due to security restrictions there. Though I have found out that I can change the general template that specifies the cloud security emulation policy for all my local Mendix projects this is not a desirable situation (the templace policy file can be found in the folder where Mendix is installed, e.g. C:\Program Files\Mendix\5.19.0\modeler\runtemplates\deployment\data, file is 'security.policy'. ). This works but then it changes the security settings for all Mendix (v5.19.0) projects that I currently run. After upgrade of our current project to a more recent version this changes will impact other projects. Generally turning of the Cloud Security Emulation in the project is also not an option, that is only a temporary workaround. Hope anyone has any suggestions for us?

asked 2017-04-10

David de Groot

2 answers

Nick van Wieren · Answer 1 · 2017-04-11

Hi David, you can enable a security policy manually by including it in your project and referring to it in the Extra JVM parameters - you can read about it at https://docs.oracle.com/javase/tutorial/security/tour2/step4.html.

Please keep in mind that the Java security policy can change from time to time at Mendix.

David de Groot · Answer 2 · 2017-04-14

Hi Nick,

thanks for the suggestion, however I tried that and I can't get it to work. The modeler gives an exception at startup and won't run.
I'm using the option to add security rules to the existing model by setting the additional JVM parameters to "-Djava.security.policy=D:\MySecurity.policy"
Using "-Djava.security.manager" gives an error that the Security manager is already installed.

I gradually had to add more and more permissions to MySecurity.policy as Mendix requires loads of additional properties to be added that were not needed earlier. I have added whatever is reqeusted and end up with this policy:

grant {
   //general Mendix requirements, to be refined with specifics
   permission java.io.FilePermission "D:/Program Files/Mendix/5.19.0/runtime/-", "read";
   permission java.io.FilePermission "-", "read";
   permission java.io.FilePermission "run/-", "write"; //felixcache
   permission java.io.FilePermission "run/-", "delete"; //felixcache

   permission java.util.PropertyPermission "*", "read,write";

   permission java.lang.RuntimePermission "*";
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

   permission java.net.NetPermission "specifyStreamHandler";
   permission org.osgi.framework.AdminPermission "*", "*";

   // Additional permissions for MyProject
   permission java.lang.RuntimePermission   "preferences", "read";
   permission java.util.PropertyPermission "com.sun.org.apache.xml.internal.dtm.DTMManager", "read";
   permission java.util.PropertyPermission "com.ctc.wstx.returnNullForDefaultNamespace", "read";
};

However, when running the model there is an exception I can't solve:

Could not create framework: java.lang.NullPointerException: Specified service reference cannot be null.
java.lang.NullPointerException: Specified service reference cannot be null.
   at org.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.java:458)
   at org.apache.felix.main.AutoProcessor.processAutoDeploy(AutoProcessor.java:112)
   at org.apache.felix.main.AutoProcessor.process(AutoProcessor.java:78)
   at org.apache.felix.main.Main.main(Main.java:292)

This is were I got stuck. This is quite a general exception and doesn't give me a clue on what permissions could be missing. Any idea how to continue from here?