ColdFusion 11 version: 11,0,19,314546Edition: EnterpriseOperating System: Windows Server 2012 R2Java Version: 1.8.0_231 I'm having a problem with <cfexecute> once I enabled Sandbox Security on my CF11 Enterprise installation. I have one ApacheCXF webservice client that is executed from withint the application. I've done the following within this sandbox: enabled the cfexecute tag under the sandboxgiven Execute permission on the folder where the client and calling function reside ( same folder )given execute permission to the Windows user account and the service account on this directory.also tried full control access for user account and service account, as well as execute in sandbox for entire diretory. The error I'm getting is:An exception occurred when invoking an external process.The cause of this exception was that: java.security.AccessControlException: access denied ("java.io.FilePermission" "<>" "execute"). Any suggestions?

A

Anonymous

Question

CF11 java.security.AccessControlException when Sandboxing enabled

Forum|Forum|6 years ago
January 21, 2020
3 replies
1287 views

ColdFusion 11 version: 11,0,19,314546

Edition: Enterprise

Operating System: Windows Server 2012 R2

Java Version: 1.8.0_231

I'm having a problem with <cfexecute> once I enabled Sandbox Security on my CF11 Enterprise installation. I have one ApacheCXF webservice client that is executed from withint the application. I've done the following within this sandbox:

enabled the cfexecute tag under the sandbox
given Execute permission on the folder where the client and calling function reside ( same folder )
given execute permission to the Windows user account and the service account on this directory.
also tried full control access for user account and service account, as well as execute in sandbox for entire diretory.

The error I'm getting is:

An exception occurred when invoking an external process.

The cause of this exception was that: java.security.AccessControlException: access denied ("java.io.FilePermission" "<>" "execute").

Any suggestions?

This topic has been closed for replies.

P

paule12345

Inspiring

Try adding this to the sandbox with RWD permissions.

C:/ColdFusion11/cfusion/runtime/work/Catalina/localhost/tmp/-

Back in my CF11 days I remember having to explicitly add that to get certain things to work in the sandbox.

A

Anonymous

Thanks for the suggestion! Unfortuntely, this didn't make a difference 😞

D

Dave Watts

Community Expert

This is going to be an unsatisfying answer, but there are a bunch of other settings you have to enable within the CF Administrator for sandboxes to do this sort of thing. I don't know what they are, but they're probably documented on the forums here. Look for answers by Russ Michaels, who knew all about sandboxes. Alternatively, review the lockdown guide which might cover this more directly. I just don't use sandboxes, so I can't tell you what the settings actually are, sorry.

Dave Watts, Eidolon LLC

A

Anonymous

I'll look for threads from Russ Michaels, thanks. Been through the lockdown guide in depth already.

WolfShade

Legend

I don't really work with any of the Java in CF, directly, but I wonder if the CF account that CF is running under has permission to access the CFEXECUTE tag, or anything else related. It _sounds_ like a permissions issue, to me.

HTH,

^ _ ^

EDIT: I mean after the sandbox is enabled, of course.

A

Anonymous

I've even tried giving full control to both the user account and the service account, but still didn't work.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded