cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
0
Upvote

CF11 java.security.AccessControlException when Sandboxing enabled

Guest
Jan 21, 2020 Jan 21, 2020

ColdFusion 11 version: 11,0,19,314546

Edition: Enterprise

Operating System: Windows Server 2012 R2

Java Version: 1.8.0_231

 

I'm having a problem with <cfexecute> once I enabled Sandbox Security on my CF11 Enterprise installation.  I have one ApacheCXF webservice client that is executed from withint the application.  I've done the following within this sandbox:

 

  • enabled the cfexecute tag under the sandbox
  • given Execute permission on the folder where the client and calling function reside ( same folder )
  • given execute permission to the Windows user account and the service account on this directory.
  • also tried full control access for user account and service account, as well as execute in sandbox for entire diretory.

 

The error I'm getting is:

An exception occurred when invoking an external process.

The cause of this exception was that: java.security.AccessControlException: access denied ("java.io.FilePermission" "<>" "execute").

 

Any suggestions?

TOPICS
Security , Server administration
1.1K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 7 Replies 7
latest latest Jump to latest reply
WolfShade
LEGEND ,
Jan 21, 2020 Jan 21, 2020

I don't really work with any of the Java in CF, directly, but I wonder if the CF account that CF is running under has permission to access the CFEXECUTE tag, or anything else related.  It _sounds_ like a permissions issue, to me.

 

HTH,

 

^ _ ^

 

EDIT:  I mean after the sandbox is enabled, of course.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jan 21, 2020 Jan 21, 2020
In Response To WolfShade

I've even tried giving full control to both the user account and the service account, but still didn't work.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jan 21, 2020 Jan 21, 2020
In Response To WolfShade

Going to try a file path of <<ALL FILES>> with execute permission on the directory next and see what happens.  Unfortunately, it looks like I have to bounce the server for changes to take effect so will need to wait until after hours.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dave Watts Community Expert
Community Expert ,
Jan 21, 2020 Jan 21, 2020

This is going to be an unsatisfying answer, but there are a bunch of other settings you have to enable within the CF Administrator for sandboxes to do this sort of thing. I don't know what they are, but they're probably documented on the forums here. Look for answers by Russ Michaels, who knew all about sandboxes. Alternatively, review the lockdown guide which might cover this more directly. I just don't use sandboxes, so I can't tell you what the settings actually are, sorry.

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jan 21, 2020 Jan 21, 2020
In Response To Dave Watts

I'll look for threads from Russ Michaels, thanks.  Been through the lockdown guide in depth already.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
paule12345
Participant ,
Jan 21, 2020 Jan 21, 2020

Try adding this to the sandbox with RWD permissions.

C:/ColdFusion11/cfusion/runtime/work/Catalina/localhost/tmp/-

Back in my CF11 days I remember having to explicitly add that to get certain things to work in the sandbox. 

 

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jan 22, 2020 Jan 22, 2020
LATEST
In Response To paule12345

Thanks for the suggestion!  Unfortuntely, this didn't make a difference 😞

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices