XPages error "CLFAD0229E: Security exception occurred servicing request for..."

9 March, 2015 10:31:59 AM Miguel Calvo  English  security  XPages  |  Comentarios (2)

Today we're dealing with a problem executing an XPage that uses a Java class, developed inside Domino Designer.

The user is getting an HTML Error 403 on clicking a button from the XPage that instances the Java class. No other information can be obtained from the server console or from \data\domino\workspace\logs directory

The reason for this problem is the lack of permissions for the Java class to execute in the server.

Solution
It's necessary to modify the security restrictions for Java excution in the
/domino/jvm/lib/security/java.policy
file

You can add a EVERYTHING CAN BE DONE ENTRY
grant { permission java.security.AllPermission; };

or a more restrictive, per database, entry

grant codeBase "xspnsf://server:0/mypathdbinlowercase.nsf/-" {
     permission java.security.AllPermission;
};

There is an interesting debate at http://www.wissel.net/blog/d6plinks/SHWL-8JYAT5


Gravatar Image
1) XPages error CLFAD0229E: Security exception occurred servicing request for...
Adrian Osterwalder 03/09/2015 1:44:46 PM

You shouldn't edit the the java.policy file... you should use a java.pol file to set the permission. Otherwise your change can accidently be overwritten while a JVM patch.

See IBM Technote: https://www-304.ibm.com/support/docview.wss?uid=swg21679242

Gravatar Image
2) XPages error CLFAD0229E: Security exception occurred servicing request for...
Jesse Gallagher 03/10/2015 4:02:01 PM

That bit about java.pol is good advice - the java.policy file is overwritten on pretty much any Notes/Domino update. Unfortunately, the java.pol file isn't entirely immune: though it survives _most_ updates, some of them seem to take a crude approach to upgrading the JVM and delete the file outright. So the best route is to use java.pol but still keep an eye on it during upgrades.

Deja una respuesta


Nota:  (No HTML - Los enlaces serán convertidos si están precedidos por http://)

¿ Recuérdame?