I've recently encountered a variety of reports on the topic of ColdFusion MX 7.x Sandbox Security (SBS). Here I summarize and explain how to resolve each one:

  1. Datasource names are case sensitive in SBS
  2. File Uploads require SBS permission on a temp directory
  3. CFDOCUMENT requires SBS permission to System Fonts
  4. Multiserver Configuration requires manual edit to jvm.config



1) Datasource names are case sensitive in SBS
If the case of datasource names in CFML source code do not match the exact datasource name case in the ColdFusion Administrator, then a security error will be reported when using SBS. This has been logged as a bug, and an example of the error message is.

view plain print about
1Security: The requested template has been denied access to oracle_psdb_upper.
2The following is the internal exception message: access denied (coldfusion.sql.DataSourcePermission oracle_psdb_upper)
3
4The error occurred in C:CFusionMX7wwwrootsandbox1sub1sub2query_dsncase.cfm: line 2<br/><br/>1 :
52 : [cfquery datasource="oracle_psdb_upper" name="test">

63 :     SELECT SYSDATE
74 :     FROM    DUAL<br/><br/>java.security.AccessControlException: access denied (coldfusion.sql.DataSourcePermission oracle_psdb_upper)
8    at java.security.AccessControlContext.checkPermission(Unknown Source)
9...


Change the code to use the same case as the datasource definition in the CFAdmin.


2) File Uploads require SBS permission on a temp directory
Forms that submit multipart/form-data file uploads to ColdFusion pages using CFFILE action="upload" will require read and write permission to an intermediate directory where ColdFusion initially stores the uploaded file before moving it to a final destination according to the CFFILE tag. On Server Configuration on Windows, for example, the sandbox must contain a read/write rule for C:CFusionMX7 untimeserverscoldfusionSERVER-INF empwwwroot-tmp, and Multiserver Configuration must contain a rule for C:JRun4serverscfusionSERVER-INF empcfusion-war-tmp for the initial server instance of cfusion.

A single rule added to the sandbox files/dir tab ending in an asterisk like one of these should suffice:

C:JRun4serverscfusionSERVER-INF empcfusion-war-tmp*
C:CFusionMX7 untimeserverscoldfusionSERVER-INF empwwwroot-tmp*

Of course if the file upload is destined for a location outside the sandbox directory tree, then you will also need write or readwrite rules for that target location as well.

The error that occurs when the intermediate temp directory is not accessible is:

view plain print about
1Security: The requested template has been denied access to C:JRun4serverscfusionSERVER-INF    empcfusion-war-tmp
2eotmp10130.tmp.
3The following is the internal exception message: access denied (java.io.FilePermission C:JRun4serverscfusionSERVER-INF    empcfusion-war-tmp
4eotmp10130.tmp read)<br/><br/>java.security.AccessControlException: access denied (java.io.FilePermission C:JRun4serverscfusionSERVER-INF    empcfusion-war-tmp
5eotmp10130.tmp read) at cfupload2ecfm1069950295.runPage(C:JRun4serverscfusioncfusion-earcfusion-warsandbox1sub1sub2upload.cfm:16)<br/><br/>java.security.AccessControlException: access denied (java.io.FilePermission C:JRun4serverscfusionSERVER-INF    empcfusion-war-tmp
6eotmp10130.tmp read)
7    at java.security.AccessControlContext.checkPermission(Unknown Source)
8...


3) CFDOCUMENT requires SBS permission to System Fonts
Starting in ColdFusion MX 7.0 there is a Fonts Management page in the ColdFusion Administrator for use with dynamically generated forms created with CFDOCUMENT. Those Fonts need to be accessible to code in a sandbox. A read rule for c:windowsfonts* should suffice, for example. The error might look like this:

view plain print about
1access denied (java.io.FilePermission c:windowsfonts    ahoma.ttf read)<br/><br/>ExceptionConverter: java.security.AccessControlException: access denied (java.io.FilePermission c:windowsfonts    ahoma.ttf read)
2    at java.security.AccessControlContext.checkPermission(Unknown Source)
3...




4) Multiserver Configuration requires manual edit to jvm.config
Simply turning on SBS in CFMX 7.0x Multiserver Configuration and restarting the JRun server instance cfusion will cause ColdFusion server to fail to deploy, producing errors like those at the bottom of this post. Some required arguments for the Java Security Manager are not written to the jvm.config as they should be. The wording of the technote implies that SBS is not even enabled, but in fact the sandbox is enabled and ColdFusion server is denied permission to load its own jar files.

While there is a technote with a workaround, the article is not fully accurate regarding the use of quotes at this time and is being republished. The article shows the following:

view plain print about
1For Multiserver configuration:<br/><br/>Stop ColdFusion.
2Locate the jvm.config file in jrun_root/bin.
3Back up the file.
4Open the file in a text editor.
5Add the following lines to the java.args section:
6-Djava.security.manager
7-Djava.security.policy="cf_webapp_root/WEB-INF/cfusion/lib/coldfusion.policy"
8-Djava.security.auth.policy="cf_webapp_root/WEB-INF/cfusion/lib/neo_jaas.policy"


The quotes are incorrectly placed in that example and it should read as follows:

view plain print about
1For Multiserver configuration:<br/><br/>Stop ColdFusion.
2Locate the jvm.config file in jrun_root/bin.
3Back up the file.
4Open the file in a text editor.
5Add the following lines to the java.args section:
6-Djava.security.manager
7"-Djava.security.policy=cf_webapp_root/WEB-INF/cfusion/lib/coldfusion.policy"
8"-Djava.security.auth.policy=cf_webapp_root/WEB-INF/cfusion/lib/neo_jaas.policy"


Note that cf_webapp_root should be changed to the appropriate path for your OS and configuration, such as this final example from a jvm.config for a Multiserver config on Windows (no line wrap):

view plain print about
1# Arguments to VM
2java.args=-server -Xmx512m -Dsun.io.useCanonCaches=false -XX:MaxPermSize=128m -XX:+UseParallelGC -DJINTEGRA_NATIVE_MODE -DJINTEGRA_PREFETCH_ENUMS -Dcoldfusion.rootDir={application.home}/ -Djava.security.manager "-Djava.security.policy=C:/JRun4/servers/cfusion/cfusion-ear/cfusion-war/WEB-INF/cfusion/lib/coldfusion.policy" "-Djava.security.auth.policy=C:/JRun4/servers/cfusion/cfusion-ear/cfusion-war/WEB-INF/cfusion/lib/neo_jaas.policy"


If the incorrect placement of quotes is used, the JRun server will not even start, let alone deploy ColdFusion, and the error will be:

view plain print about
1C:JRun4in>jrun -start cfusion
2Exception in thread "main" java.lang.ExceptionInInitializerError
3Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission jrun.home read)
4 at java.security.AccessControlContext.checkPermission(Unknown Source)
5 at java.security.AccessController.checkPermission(Unknown Source)
6 at java.lang.SecurityManager.checkPermission(Unknown Source)
7 at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
8 at java.lang.System.getProperty(Unknown Source)
9 at jrunx.kernel.JRun.<clinit>(JRun.java:52)


If the 3 security manager arguments are missing entirely, the default (bug) in Multiserver, then when ColdFusion server fails to deploy there will be a long series of error messages in the JRun cfusion-err.log, such as these few examples:

view plain print about
107/11 16:09:19 error Could not pre-load servlet: ColdFusionStartUpServlet
2[1]java.util.MissingResourceException: Can't find resource for base name coldfusion/server/j2ee/resource.properties
3    at coldfusion.util.RB.loadProperties(RB.java:183)
4    at coldfusion.util.RB.<init>(RB.java:115)
5    at coldfusion.util.RB.getMessage(RB.java:606)
6    at coldfusion.util.RB.getString(RB.java:361)
7    at coldfusion.server.CFService.start(CFService.java:305)
8    at coldfusion.server.j2ee.CFStartUpServlet.startCFService(CFStartUpServlet.java:102)
9    at coldfusion.server.j2ee.CFStartUpServlet.init(CFStartUpServlet.java:78)
10    at javax.servlet.GenericServlet.init(GenericServlet.java:258)
11    at coldfusion.bootstrap.ClassloaderHelper.initServletClass(ClassloaderHelper.java:96)
12    at coldfusion.bootstrap.BootstrapServlet.init(BootstrapServlet.java:48)
13    at jrun.servlet.WebApplicationService.loadServlet(WebApplicationService.java:1242)
14    at jrun.servlet.WebApplicationService.preloadServlets(WebApplicationService.java:789)
15    at jrun.servlet.WebApplicationService.postStart(WebApplicationService.java:291)
16    at jrun.ea.EnterpriseApplication.start(EnterpriseApplication.java:203)
17    at jrun.deployment.DeployerService.initModules(DeployerService.java:710)
18    at jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.java:242)
19    at jrun.deployment.DeployerService.deploy(DeployerService.java:430)
20    at jrun.deployment.DeployerService.checkWatchedDirectories(DeployerService.java:179)
21    at jrun.deployment.DeployerService.run(DeployerService.java:891)
22    at jrunx.scheduler.SchedulerService.invokeRunnable(SchedulerService.java:223)
23    at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:426)
24    at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
25[0]javax.servlet.ServletException: Can't find resource for base name coldfusion/server/j2ee/resource.properties
26    at coldfusion.bootstrap.ClassloaderHelper.initServletClass(ClassloaderHelper.java:104)
27    at coldfusion.bootstrap.BootstrapServlet.init(BootstrapServlet.java:48)
28    at jrun.servlet.WebApplicationService.loadServlet(WebApplicationService.java:1242)
29    at jrun.servlet.WebApplicationService.preloadServlets(WebApplicationService.java:789)
30    at jrun.servlet.WebApplicationService.postStart(WebApplicationService.java:291)
31    at jrun.ea.EnterpriseApplication.start(EnterpriseApplication.java:203)
32    at jrun.deployment.DeployerService.initModules(DeployerService.java:710)
33    at jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.java:242)
34    at jrun.deployment.DeployerService.deploy(DeployerService.java:430)
35    at jrun.deployment.DeployerService.checkWatchedDirectories(DeployerService.java:179)
36    at jrun.deployment.DeployerService.run(DeployerService.java:891)
37    at jrunx.scheduler.SchedulerService.invokeRunnable(SchedulerService.java:223)
38    at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:426)
39    at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)<br/><br/>java.security.AccessControlException: access denied (java.io.FilePermission C:JRun4serverscfusioncfusion-earcfusion-war read)
40    at java.security.AccessControlContext.checkPermission(Unknown Source)
41    at java.security.AccessController.checkPermission(Unknown Source)
42    at java.lang.SecurityManager.checkPermission(Unknown Source)
43    at java.lang.SecurityManager.checkRead(Unknown Source)
44    at java.io.File.exists(Unknown Source)
45    at flex.util.ServletPathResolver.<init>(ServletPathResolver.java:23)
46    at flex.compiler.MxmlBaseServlet.init(MxmlBaseServlet.java:89)
47    at flex.server.j2ee.SwfServlet.init(SwfServlet.java:72)
48    at javax.servlet.GenericServlet.init(GenericServlet.java:258)
49    at coldfusion.bootstrap.ClassloaderHelper.initServletClass(ClassloaderHelper.java:96)
50    at coldfusion.bootstrap.BootstrapServlet.init(BootstrapServlet.java:48)
51    at jrun.servlet.WebApplicationService.loadServlet(WebApplicationService.java:1242)
52    at jrun.servlet.WebApplicationService.preloadServlets(WebApplicationService.java:789)
53    at jrun.servlet.WebApplicationService.postStart(WebApplicationService.java:291)
54    at jrun.ea.EnterpriseApplication.start(EnterpriseApplication.java:203)
55    at jrun.deployment.DeployerService.initModules(DeployerService.java:710)
56    at jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.java:242)
57    at jrun.deployment.DeployerService.deploy(DeployerService.java:430)
58    at jrun.deployment.DeployerService.checkWatchedDirectories(DeployerService.java:179)
59    at jrun.deployment.DeployerService.run(DeployerService.java:891)
60    at jrunx.scheduler.SchedulerService.invokeRunnable(SchedulerService.java:223)
61    at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:426)
62    at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)