Blocking for the Java Domino agent
I need to unlock restrictions for the Java Domino agent. I have read the java policy file on the Domino server that needs to be changed.
In development, I could set:
grant { permission java.security.AllPermission; };
But if I want to limit this tutorial to a single agent / application, how do I do it?
For Xpages, I could do:
grant codeBase "xspnsf://server:0/yourdatabase.nsf/-" {
permission java.security.AllPermission;
};
But will it also allow all permissions for the Java Domino agent in this NSF?
source to share
AFAIK you can't. I have spent many hours on this issue. But Java agents and script libs do not have a code base that you can refer to. Perhaps I haven't tried with code signatures. Or you can put your code in a jar file on the filesystem (with all caveats).
On the other hand: Permissions are a rail that forces developers to inadvertently harm, not a security feature (more than that). Any Java code in any agent can easily get AllPermission. I don't see much benefit in limiting permissions in production.
source to share