14747 - Executing InitPortalData tool causes logging failure when running with restrictive java permissions

Problem Note 14747: Executing InitPortalData tool causes logging failure when running with restrictive java permissions

When running the InitPortalData tool with the Remote Services JAVA
policy file set to restrictive permissions, the following traceback will
occur:

log4j: ERROR Could not create an Appender. Reported error follows.
java.security.AccessControlException: access denied
(java.io.FilePermission
C:\Program Files\SAS\SASFoundationServices\Deployments\Portal\log\
    portal.log write)
  at java.security.AccessControlContext.checkPermission(Unknown Source)
  at java.security.AccessController.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkWrite(Unknown Source)
  at java.io.FileOutputStream.<init>(Unknown Source)
  at java.io.FileOutputStream.<init>(Unknown Source)
  at org.apache.log4j.FileAppender.setFile(FileAppender.java:272)
  at org.apache.log4j.FileAppender.activateOptions
     (FileAppender.java:151)
  at org.apache.log4j.config.PropertySetter.activate
     (PropertySetter.java:248)
  at org.apache.log4j.xml.DOMConfigurator.parseAppender
     (DOMConfigurator.java:210)
  at org.apache.log4j.xml.DOMConfigurator.findAppenderByName
     (DOMConfigurator.java:140)
  at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference
     (DOMConfigurator.java:153)
  at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement
     (DOMConfigurator.java:415)
  at org.apache.log4j.xml.DOMConfigurator.parseRoot
     (DOMConfigurator.java:384)
  at org.apache.log4j.xml.DOMConfigurator.parse
     (DOMConfigurator.java:790)
  at org.apache.log4j.xml.DOMConfigurator.doConfigure
     (DOMConfigurator.java:685)
  at org.apache.log4j.xml.DOMConfigurator.configure
     (DOMConfigurator.java:543)
  at com.sas.services.logging.LoggingService$Log4jService.initialize
     (Unknown Source)
  at com.sas.services.logging.LoggingService.initialize
     (Unknown Source)
       ...

The problem is that the tool uses the Remote Services policy file but
writes to the Portal log file. It uses the Remote Services policy file
because the format of that file is what is needed for command line
applications.


This problem can be resolved by adding the following line to
sas.wik.sasservices.policy.orig:

   permission java.io.FilePermission "$PORTAL_LOG_DIR$${/}portal.log",
   "write";


A fix for SAS 9.1.3 (9.1 TS1M3) for this issue is available at:

http://www.sas.com/techsup/download/hotfix/e9_sbcs_prod_list.html#014747

For customers running SAS with Asian Language Support (DBCS), this
fix should be downloaded from:

http://www.sas.com/techsup/download/hotfix/e9_dbcs_prod_list.html#014747

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
Product Family	Product	System	Reported	Fixed*	Reported	Fixed*
SAS System	SAS Information Delivery Portal	Microsoft Windows XP Professional	2.0	2.0	9.1 TS1M3	9.1 TS1M3 SP3
		Microsoft Windows 2000 Server	2.0	2.0	9.1 TS1M3	9.1 TS1M3 SP3
		Microsoft Windows 2000 Professional	2.0	2.0	9.1 TS1M3	9.1 TS1M3 SP3
		Microsoft Windows 2000 Datacenter Server	2.0	2.0	9.1 TS1M3	9.1 TS1M3 SP3
		64-bit Enabled HP-UX	2.0	2.0	9.1 TS1M3	9.1 TS1M3 SP3
		64-bit Enabled Solaris	2.0	2.0	9.1 TS1M3	9.1 TS1M3 SP3
		Microsoft Windows 2000 Advanced Server	2.0	2.0	9.1 TS1M3	9.1 TS1M3 SP3
		Microsoft Windows NT Workstation	2.0	2.0	9.1 TS1M3	9.1 TS1M3 SP3
		64-bit Enabled AIX	2.0	2.0	9.1 TS1M3	9.1 TS1M3 SP3

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	medium
Topic:	System Administration ==> Servers ==> Portal

Date Modified:	2005-10-21 14:23:38
Date Created:	2005-03-10 09:14:53