AnsweredAssumed Answered

B2 installation and permissions issues after SaaS updates

Question asked by bhopewell on Aug 8, 2017



We're working on updating our B2 to be compatible with the SaaS releases of Blackboard (v3200 and higher). All recommended updates have been made, (such as configuration changes, Java 8, etc.), but we're seeing some odd behavior when deploying the B2 that began when we removed the permission that granted full access to all files on the system, as recommended as best practice and to avoid the stern user warning that appeared when installing the B2 with wide open file access permissions.


This is the line we removed:

<permission type="" name="&lt;&lt;ALL FILES&gt;&gt;" actions="read,write"/>


Since we removed the "ALL FILES" entry and added more secure, specific file permission entries in our manifest, we can't seem to get permissions set properly. We're seeing different, but probably related issues:


1) First problem (Release 3200.0.0-rel.49+f560cbb)


When installing the B2 in BB Learn version 3200.0.0 (current Developer VM), the "Privileges" page of the installation comes up

with no warning and shows the permissions granted to the B2 with other settings as usual, but when clicking the "Approve" button at the bottom, the page just hangs and never comes back. There are no log entries explaining the problem and there doesn't seem to be a timeout.


2) Second problem (Release 3200.10.0-rel.22+4c01314)


When installing our updated B2 on the smoke test servers, the B2 installs flawlessly, but none of the files in the web folder or subfolders can be accessed. There is no error on the screen or in the log when this occurs. The URLs simply redirect to the BB Learn home page without any indication that something went wrong. For example, if we choose "Settings" from the B2 menu on the "Installed Tools" page, the URL looks like it should be correct, but we're taken to the home page.


Here's the "Settings" URL from the Installed Tools page for our B2, for example:


Accessing that URL or the URL to any resource, even images, that should be available in the B2's "Web" folder will return to the BB Learn's home page with no indication anything went wrong.



QUESTION: Is there something in the permissions set in our bb-manifest file that could cause these issues? If not, can you please point us in the right direction to figure this out. We have many BB customers moving to SaaS and we'd like to resolve this quickly. The permissions settings in bb-manifest are below. Thanks in advance for any advice you can offer. I will gladly send a fruit basket or a box of steaks to the person who helps solve this problem!


- From bb-manifest:



      <permission type="java.lang.reflect.ReflectPermission" name="suppressAccessChecks"/>

      <permission type="java.lang.RuntimePermission" name="injectRenderingHook" />

      <permission type="socket" name="*" actions="connect,listen,resolve,accept"/>

      <permission type="runtime" name="accessDeclaredMembers"/>

      <permission type="runtime" name="getClassLoader"/>

      <permission type="runtime" name="createClassLoader"/>

      <permission type="" name="${java.home}/-" actions="read"/>

      <permission type="" name="BB_HOME/-" actions="read,write,delete"/>

      <permission type="" name="BB_CONTENT/-" actions="read,write,delete"/>

      <permission type="" name="BB_HOME/apps/tomcat/temp/-" actions="read,write,delete" />

      <permission type="java.lang.RuntimePermission" name="setContextClassLoader" actions=""/>

      <permission type="java.util.PropertyPermission" name="*" actions="read,write"/>

      <permission type="runtime" name="setContextClassLoader"/>

      <permission type="attribute" name="user.personalinfo" actions="get, set"/>

      <permission type="attribute" name="user.authinfo" actions="get"/>

      <permission type="persist" name="content" actions="create,read,modify"/>

      <permission type="" name="*" actions="connect,resolve"/>

      <permission type="" name="insertProvider.SunJSSE" action=""/>

      <permission type="" name="setHostnameVerifier" action=""/>