Versions Compared

Old Version 6

changes.mady.by.user Arnout Engelen

Saved on

compared with

New Version Current

changes.mady.by.user Arnout Engelen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Excerpt
hiddentrue

Which security permissions are required to run Wicket in a SecurityManager

Version 1.1 may require property permissions and OGNL permissions that are not listed here. Please update this page if you know more about it.

For version 1.2 and up, you seem to need (Tomcat conf/catalina.policy syntax):

Code Block
// For substitution of one object for another during serialization
// or deserialization. This is used in ReplaceObjectOutputStream,
// which is used for page versioning (undoing changes).
permission java.io.SerializablePermission "enableSubstitution";

// For FilePageStore's custom serialization
permission java.io.SerializablePermission "enableSubclassImplementation";

// For crypted URL functionality (see WebRequestWithCryptedUrl).
permission java.security.SecurityPermission "insertProvider.SunJCE";
Code Block
// The following was required to get Wicket, at least the examples, to work at all
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

If you are doing file uploads, you need to grant (if not already granted)

Code Block
permission java.util.PropertyPermission "java.io.tmpdir", "read";

and for Wicket properties to work (currently only the development/ production flag falls in this category, which if provided as a system property -Dwicket.configuration=(development/deployment) will override any set in the web.xml file), you'll need to add

Code Block
permission java.util.PropertyPermission "wicket.*", "read";

I added the following to my /etc/tomcat5.5/policy.d/50user.policy to make my small Wicket application work on Tomcat 5.5 on Debian:

Code Block
grant codeBase "jar:file:/var/lib/tomcat5.5/webapps/simile-timeline-demo/WEB-INF/lib/wicket-1.3.5.jar!/-" {
 permission java.util.PropertyPermission "org.apache.wicket.*", "read";

 permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

grant codeBase "file:/var/lib/tomcat5.5/webapps/simile-timeline-demo/WEB-INF/classes/-" {
 permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};