6 Replies Latest reply on Apr 27, 2017 5:29 AM by pyotr

Unsigned B2 <...> requested a permission that only signed B2s are allowed to have

aw21431 Apr 13, 2017 8:00 AM

We have just upgraded our test server to 2017 Q2 and we're seeing a bit of log spam caused by (mostly our in house) unsigned B2s.

I had a quick search around and couldn't see any guides on how to sign our B2s.

I'm using Eclipse and Gradle and any pointers / guides would be appreciated

Re: Unsigned B2 <...> requested a permission that only signed B2s are allowed to have

shane Apr 23, 2017 9:19 PM (in response to aw21431)

Hi Andrew,

You cannot sign your B2s. Well, you can, but it wont help. What the error should say is the B2 "requested a permission that only B2s signed by Bb are allowed to have."

Cheers,
Shane.
Like Show 0 Likes(0)

Actions
- Re: Unsigned B2 <...> requested a permission that only signed B2s are allowed to have
  
  aw21431 Apr 24, 2017 3:48 PM (in response to shane)
  
  Thanks Shane,
  I guess it's time to audit my B2s and see if they need the permissions to function and what the alternatives to how I'm using them are (if any).
  
  Which will probably mean moving to using DAO for most things rather than grabbing a Db connection directly.
  
  Like Show 0 Likes(0)
  
  Actions
  - Re: Unsigned B2 <...> requested a permission that only signed B2s are allowed to have
    
    shane Apr 25, 2017 8:17 PM (in response to aw21431)
    
    Hi Andrew Wiles,
    
    I'd love to hear the results of your auditing. It will be good to get a list together of what Blackboard is restricting.
    
    They have announced that the <<ALL FILES>> permission will be going in 2017 Q4.
    
    Cheers,
    Shane.
    
    Like Show 0 Likes(0)
    
    Actions
    - Re: Unsigned B2 <...> requested a permission that only signed B2s are allowed to have
      
      aw21431 Apr 26, 2017 4:21 AM (in response to shane)
      
      Hi Shane,
      
      The results are in.
      There were only two (repeated) permissions that in my manifests which were generating the warnings, these were:
      <permission type="java.util.PropertyPermission" name="*" actions="read,write" />
      Which I think I've picked up from a Spring B2 tutorial / template somewhere? Learn 3200 seems content with having this left as actions="read".
      And,
      <permission type="java.lang.RuntimePermission" name="*"/>
      Which I must have picked up somewhere for my non-Springy B2s but doesn't affect anything when I remove it.
      
      Panic over!
      
      Cheers,
      Andrew
      1 of 1 people found this helpful
      
      Like Show 1 Likes(1)
      
      Actions
      - Re: Unsigned B2 <...> requested a permission that only signed B2s are allowed to have
        
        shane Apr 26, 2017 7:32 PM (in response to aw21431)
        
        I wonder if perhaps it is the asterisk in the name field that is blocked as of 2017 Q2. Mark Kauffman or Scott Hurrey are you able to provide any light on what permissions are being restricted in which versions (beyond the ALL FILES permission).
        
        Cheers,
        Shane.
        
        Like Show 0 Likes(0)
        
        Actions
- Re: Unsigned B2 <...> requested a permission that only signed B2s are allowed to have
  
  pyotr Apr 27, 2017 5:29 AM (in response to shane)
  
  Actually, you can. But it's only practical when you're self-hosted as you need to put the public key (corresponding to the private key that you used for signing) somewhere in the Blackboard configuration directory (config/internal/certs/ ?) and restart Blackboard before uploading your b2. At least, that worked a few years back (unfortunately I didn't document the exact steps taken).
  
  Like Show 0 Likes(0)
  
  Actions

Go to original post