Blocking for the Java Domino agent

Question

Blocking for the Java Domino agent

I need to unlock restrictions for the Java Domino agent. I have read the java policy file on the Domino server that needs to be changed.

In development, I could set:

grant { permission java.security.AllPermission; };

But if I want to limit this tutorial to a single agent / application, how do I do it?

For Xpages, I could do:

grant codeBase "xspnsf://server:0/yourdatabase.nsf/-" { 
    permission java.security.AllPermission;
};

But will it also allow all permissions for the Java Domino agent in this NSF?

+3

java lotus-domino

Patrick kwinten Jun 28. '17 at 6:30

source to share

1 answer

Dietmar Höhmann · Answer 1 · 2017-11-01T11:56:29+0000

AFAIK you can't. I have spent many hours on this issue. But Java agents and script libs do not have a code base that you can refer to. Perhaps I haven't tried with code signatures. Or you can put your code in a jar file on the filesystem (with all caveats).
On the other hand: Permissions are a rail that forces developers to inadvertently harm, not a security feature (more than that). Any Java code in any agent can easily get AllPermission. I don't see much benefit in limiting permissions in production.

Blocking for the Java Domino agent

More articles: