cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

CF11 java.security.AccessControlException when Sandboxing enabled

cf97bob
Community Beginner ,
Jan 21, 2020 Jan 21, 2020

Copy link to clipboard

Copied

ColdFusion 11 version: 11,0,19,314546

Edition: Enterprise

Operating System: Windows Server 2012 R2

Java Version: 1.8.0_231

 

I'm having a problem with <cfexecute> once I enabled Sandbox Security on my CF11 Enterprise installation.  I have one ApacheCXF webservice client that is executed from withint the application.  I've done the following within this sandbox:

 

  • enabled the cfexecute tag under the sandbox
  • given Execute permission on the folder where the client and calling function reside ( same folder )
  • given execute permission to the Windows user account and the service account on this directory.
  • also tried full control access for user account and service account, as well as execute in sandbox for entire diretory.

 

The error I'm getting is:

An exception occurred when invoking an external process.

The cause of this exception was that: java.security.AccessControlException: access denied ("java.io.FilePermission" "<>" "execute").

 

Any suggestions?

TOPICS
Security , Server administration

Views

913

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 7 Replies 7
latest latest Jump to latest reply
WolfShade
LEGEND ,
Jan 21, 2020 Jan 21, 2020

Copy link to clipboard

Copied

I don't really work with any of the Java in CF, directly, but I wonder if the CF account that CF is running under has permission to access the CFEXECUTE tag, or anything else related.  It _sounds_ like a permissions issue, to me.

 

HTH,

 

^ _ ^

 

EDIT:  I mean after the sandbox is enabled, of course.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
cf97bob
Community Beginner ,
Jan 21, 2020 Jan 21, 2020

Copy link to clipboard

Copied

In Response To WolfShade

I've even tried giving full control to both the user account and the service account, but still didn't work.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
cf97bob
Community Beginner ,
Jan 21, 2020 Jan 21, 2020

Copy link to clipboard

Copied

In Response To WolfShade

Going to try a file path of <<ALL FILES>> with execute permission on the directory next and see what happens.  Unfortunately, it looks like I have to bounce the server for changes to take effect so will need to wait until after hours.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dave Watts Community Expert
Community Expert ,
Jan 21, 2020 Jan 21, 2020

Copy link to clipboard

Copied

This is going to be an unsatisfying answer, but there are a bunch of other settings you have to enable within the CF Administrator for sandboxes to do this sort of thing. I don't know what they are, but they're probably documented on the forums here. Look for answers by Russ Michaels, who knew all about sandboxes. Alternatively, review the lockdown guide which might cover this more directly. I just don't use sandboxes, so I can't tell you what the settings actually are, sorry.

 

Dave Watts, Eidolon LLC

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
cf97bob
Community Beginner ,
Jan 21, 2020 Jan 21, 2020

Copy link to clipboard

Copied

In Response To Dave Watts

I'll look for threads from Russ Michaels, thanks.  Been through the lockdown guide in depth already.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
paule12345
Participant ,
Jan 21, 2020 Jan 21, 2020

Copy link to clipboard

Copied

Try adding this to the sandbox with RWD permissions.

C:/ColdFusion11/cfusion/runtime/work/Catalina/localhost/tmp/-

Back in my CF11 days I remember having to explicitly add that to get certain things to work in the sandbox. 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
cf97bob
Community Beginner ,
Jan 22, 2020 Jan 22, 2020

Copy link to clipboard

Copied

LATEST
In Response To paule12345

Thanks for the suggestion!  Unfortuntely, this didn't make a difference 😞

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices