You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Ulrich Stärk <ul...@spielviel.de> on 2009/02/11 10:28:59 UTC
T5 and restrictive policies
Hi,
I've got a Tomcat 5.5 installation with a very restrictive security
policy in place. When I try to access my application, I get a nasty
security exception: java.security.AccessControlException: access denied
(java.io.FilePermission
/var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class
read) (see below for the full exception).
But I have a policy that should grant everything below
/var/lib/tomcat5.5/webapps/mailadmin/ (and hence also the tapestry jars
in WEB-INF/lib) the AllPermission:
grant codeBase "file:/var/lib/tomcat5.5/webapps/mywebapp/-" {
permission java.security.AllPermission;
};
This doesn't seem to work though. Does anyone have an idea what's wrong
here?
TIA,
Uli
java.security.AccessControlException: access denied
(java.io.FilePermission
/var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class
read)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
java.security.AccessController.checkPermission(AccessController.java:546)
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
java.lang.SecurityManager.checkRead(SecurityManager.java:871)
java.io.File.exists(File.java:731)
org.apache.naming.resources.FileDirContext.file(FileDirContext.java:828)
org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:211)
org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:294)
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1925)
org.apache.catalina.loader.WebappClassLoader.findResource(WebappClassLoader.java:937)
org.apache.catalina.loader.WebappClassLoader.getResource(WebappClassLoader.java:1072)
java.lang.ClassLoader.getResource(ClassLoader.java:972)
java.lang.ClassLoader.getResource(ClassLoader.java:972)
org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.addClassFileToChangeTracker(ComponentInstantiatorSourceImpl.java:246)
org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.onLoad(ComponentInstantiatorSourceImpl.java:192)
javassist.Loader.findClass(Loader.java:340)
org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl$PackageAwareLoader.findClass(ComponentInstantiatorSourceImpl.java:94)
javassist.Loader.loadClass(Loader.java:311)
java.lang.ClassLoader.loadClass(ClassLoader.java:251)
java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
org.apache.tapestry5.corelib.components.Loop.<clinit>(Loop.java:42)
$Instantiator_11f648c8ff4.newInstance($Instantiator_11f648c8ff4.java)
org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl.<init>(InternalComponentResourcesImpl.java:132)
org.apache.tapestry5.internal.structure.ComponentPageElementImpl.<init>(ComponentPageElementImpl.java:559)
org.apache.tapestry5.internal.structure.ComponentPageElementImpl.newChild(ComponentPageElementImpl.java:637)
org.apache.tapestry5.internal.services.PageElementFactoryImpl.newComponentElement(PageElementFactoryImpl.java:229)
$PageElementFactory_11f648c8fc7.newComponentElement($PageElementFactory_11f648c8fc7.java)
org.apache.tapestry5.internal.services.PageLoaderProcessor.startComponent(PageLoaderProcessor.java:699)
org.apache.tapestry5.internal.services.PageLoaderProcessor.loadTemplateForComponent(PageLoaderProcessor.java:497)
org.apache.tapestry5.internal.services.PageLoaderProcessor.workComponentQueue(PageLoaderProcessor.java:851)
org.apache.tapestry5.internal.services.PageLoaderProcessor.loadPage(PageLoaderProcessor.java:390)
org.apache.tapestry5.internal.services.PageLoaderImpl.loadPage(PageLoaderImpl.java:53)
$PageLoader_11f648c8fbc.loadPage($PageLoader_11f648c8fbc.java)
org.apache.tapestry5.internal.services.PagePoolCache.checkout(PagePoolCache.java:210)
org.apache.tapestry5.internal.services.PagePoolImpl.checkout(PagePoolImpl.java:99)
$PagePool_11f648c8fbb.checkout($PagePool_11f648c8fbb.java)
org.apache.tapestry5.internal.services.RequestPageCacheImpl.get(RequestPageCacheImpl.java:51)
$RequestPageCache_11f648c8fba.get($RequestPageCache_11f648c8fba.java)
$RequestPageCache_11f648c8fb9.get($RequestPageCache_11f648c8fb9.java)
org.apache.tapestry5.internal.services.DefaultRequestExceptionHandler.handleRequestException(DefaultRequestExceptionHandler.java:69)
$RequestExceptionHandler_11f648c8fa4.handleRequestException($RequestExceptionHandler_11f648c8fa4.java)
org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:42)
$RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
org.apache.tapestry5.services.TapestryModule$4.service(TapestryModule.java:759)
$RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:749)
$RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85)
$RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:90)
org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:81)
org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:103)
$RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
$RequestHandler_11f648c8f9f.service($RequestHandler_11f648c8f9f.java)
org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:193)
org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
$HttpServletRequestFilter_11f648c8f9e.service($HttpServletRequestFilter_11f648c8f9e.java)
$HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java)
org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:711)
$HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java)
$HttpServletRequestHandler_11f648c8f9c.service($HttpServletRequestHandler_11f648c8f9c.java)
org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:127)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5 and restrictive policies
Posted by Howard Lewis Ship <hl...@gmail.com>.
Please open an issue.
I've also been thinking that Tapestry should be making use of
AccessController.doPrivileged() ... I'm just not sure exactly what
things need it. Certainly, creating a ClassLoader.
On Wed, Feb 11, 2009 at 2:57 AM, Ulrich Stärk <ul...@spielviel.de> wrote:
> This has come up before (for example here:
> http://markmail.org/thread/as67xcjkw2s2pbiw) and at the moment the only
> solution according to Howard is to completely deactivate security which I'm
> not very happy with.
>
> Howard, should I open an issue for specifying the access rights Tapestry
> needs or do you already have something up your sleeve?
>
> Cheers,
>
> Uli
>
> Ulrich Stärk schrieb:
>>
>> The policy is of course
>>
>> grant codeBase "file:/var/lib/tomcat5.5/webapps/mailadmin/-" {
>> permission java.security.AllPermission;
>> };
>>
>> Uli
>>
>> Ulrich Stärk schrieb:
>>>
>>> Hi,
>>>
>>> I've got a Tomcat 5.5 installation with a very restrictive security
>>> policy in place. When I try to access my application, I get a nasty security
>>> exception: java.security.AccessControlException: access denied
>>> (java.io.FilePermission
>>> /var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class
>>> read) (see below for the full exception).
>>>
>>> But I have a policy that should grant everything below
>>> /var/lib/tomcat5.5/webapps/mailadmin/ (and hence also the tapestry jars in
>>> WEB-INF/lib) the AllPermission:
>>>
>>> grant codeBase "file:/var/lib/tomcat5.5/webapps/mywebapp/-" {
>>> permission java.security.AllPermission;
>>> };
>>>
>>> This doesn't seem to work though. Does anyone have an idea what's wrong
>>> here?
>>>
>>> TIA,
>>>
>>> Uli
>>>
>>> java.security.AccessControlException: access denied
>>> (java.io.FilePermission
>>> /var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class
>>> read)
>>>
>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>>
>>> java.security.AccessController.checkPermission(AccessController.java:546)
>>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>> java.lang.SecurityManager.checkRead(SecurityManager.java:871)
>>> java.io.File.exists(File.java:731)
>>>
>>> org.apache.naming.resources.FileDirContext.file(FileDirContext.java:828)
>>>
>>> org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:211)
>>>
>>> org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:294)
>>>
>>> org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1925)
>>>
>>> org.apache.catalina.loader.WebappClassLoader.findResource(WebappClassLoader.java:937)
>>>
>>> org.apache.catalina.loader.WebappClassLoader.getResource(WebappClassLoader.java:1072)
>>> java.lang.ClassLoader.getResource(ClassLoader.java:972)
>>> java.lang.ClassLoader.getResource(ClassLoader.java:972)
>>>
>>> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.addClassFileToChangeTracker(ComponentInstantiatorSourceImpl.java:246)
>>>
>>> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.onLoad(ComponentInstantiatorSourceImpl.java:192)
>>> javassist.Loader.findClass(Loader.java:340)
>>>
>>> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl$PackageAwareLoader.findClass(ComponentInstantiatorSourceImpl.java:94)
>>> javassist.Loader.loadClass(Loader.java:311)
>>> java.lang.ClassLoader.loadClass(ClassLoader.java:251)
>>> java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
>>> org.apache.tapestry5.corelib.components.Loop.<clinit>(Loop.java:42)
>>> $Instantiator_11f648c8ff4.newInstance($Instantiator_11f648c8ff4.java)
>>>
>>> org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl.<init>(InternalComponentResourcesImpl.java:132)
>>>
>>> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.<init>(ComponentPageElementImpl.java:559)
>>>
>>> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.newChild(ComponentPageElementImpl.java:637)
>>>
>>> org.apache.tapestry5.internal.services.PageElementFactoryImpl.newComponentElement(PageElementFactoryImpl.java:229)
>>>
>>> $PageElementFactory_11f648c8fc7.newComponentElement($PageElementFactory_11f648c8fc7.java)
>>>
>>> org.apache.tapestry5.internal.services.PageLoaderProcessor.startComponent(PageLoaderProcessor.java:699)
>>>
>>> org.apache.tapestry5.internal.services.PageLoaderProcessor.loadTemplateForComponent(PageLoaderProcessor.java:497)
>>>
>>> org.apache.tapestry5.internal.services.PageLoaderProcessor.workComponentQueue(PageLoaderProcessor.java:851)
>>>
>>> org.apache.tapestry5.internal.services.PageLoaderProcessor.loadPage(PageLoaderProcessor.java:390)
>>>
>>> org.apache.tapestry5.internal.services.PageLoaderImpl.loadPage(PageLoaderImpl.java:53)
>>> $PageLoader_11f648c8fbc.loadPage($PageLoader_11f648c8fbc.java)
>>>
>>> org.apache.tapestry5.internal.services.PagePoolCache.checkout(PagePoolCache.java:210)
>>>
>>> org.apache.tapestry5.internal.services.PagePoolImpl.checkout(PagePoolImpl.java:99)
>>> $PagePool_11f648c8fbb.checkout($PagePool_11f648c8fbb.java)
>>>
>>> org.apache.tapestry5.internal.services.RequestPageCacheImpl.get(RequestPageCacheImpl.java:51)
>>> $RequestPageCache_11f648c8fba.get($RequestPageCache_11f648c8fba.java)
>>> $RequestPageCache_11f648c8fb9.get($RequestPageCache_11f648c8fb9.java)
>>>
>>> org.apache.tapestry5.internal.services.DefaultRequestExceptionHandler.handleRequestException(DefaultRequestExceptionHandler.java:69)
>>>
>>> $RequestExceptionHandler_11f648c8fa4.handleRequestException($RequestExceptionHandler_11f648c8fa4.java)
>>>
>>> org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:42)
>>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
>>>
>>> org.apache.tapestry5.services.TapestryModule$4.service(TapestryModule.java:759)
>>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
>>>
>>> org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:749)
>>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
>>>
>>> org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85)
>>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
>>>
>>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:90)
>>>
>>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:81)
>>>
>>> org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
>>>
>>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:103)
>>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
>>> $RequestHandler_11f648c8f9f.service($RequestHandler_11f648c8f9f.java)
>>>
>>> org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:193)
>>>
>>> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
>>>
>>> $HttpServletRequestFilter_11f648c8f9e.service($HttpServletRequestFilter_11f648c8f9e.java)
>>>
>>> $HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java)
>>>
>>> org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:711)
>>>
>>> $HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java)
>>>
>>> $HttpServletRequestHandler_11f648c8f9c.service($HttpServletRequestHandler_11f648c8f9c.java)
>>> org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:127)
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>> java.lang.reflect.Method.invoke(Method.java:597)
>>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
>>> java.security.AccessController.doPrivileged(Native Method)
>>> javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
>>>
>>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
>>>
>>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Howard M. Lewis Ship
Creator Apache Tapestry and Apache HiveMind
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5 and restrictive policies
Posted by Ulrich Stärk <ul...@spielviel.de>.
This has come up before (for example here:
http://markmail.org/thread/as67xcjkw2s2pbiw) and at the moment the only
solution according to Howard is to completely deactivate security which
I'm not very happy with.
Howard, should I open an issue for specifying the access rights Tapestry
needs or do you already have something up your sleeve?
Cheers,
Uli
Ulrich Stärk schrieb:
> The policy is of course
>
> grant codeBase "file:/var/lib/tomcat5.5/webapps/mailadmin/-" {
> permission java.security.AllPermission;
> };
>
> Uli
>
> Ulrich Stärk schrieb:
>> Hi,
>>
>> I've got a Tomcat 5.5 installation with a very restrictive security
>> policy in place. When I try to access my application, I get a nasty
>> security exception: java.security.AccessControlException: access
>> denied (java.io.FilePermission
>> /var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class
>> read) (see below for the full exception).
>>
>> But I have a policy that should grant everything below
>> /var/lib/tomcat5.5/webapps/mailadmin/ (and hence also the tapestry
>> jars in WEB-INF/lib) the AllPermission:
>>
>> grant codeBase "file:/var/lib/tomcat5.5/webapps/mywebapp/-" {
>> permission java.security.AllPermission;
>> };
>>
>> This doesn't seem to work though. Does anyone have an idea what's
>> wrong here?
>>
>> TIA,
>>
>> Uli
>>
>> java.security.AccessControlException: access denied
>> (java.io.FilePermission
>> /var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class
>> read)
>>
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>
>>
>> java.security.AccessController.checkPermission(AccessController.java:546)
>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>> java.lang.SecurityManager.checkRead(SecurityManager.java:871)
>> java.io.File.exists(File.java:731)
>>
>> org.apache.naming.resources.FileDirContext.file(FileDirContext.java:828)
>>
>> org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:211)
>>
>>
>> org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:294)
>>
>>
>> org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1925)
>>
>>
>> org.apache.catalina.loader.WebappClassLoader.findResource(WebappClassLoader.java:937)
>>
>>
>> org.apache.catalina.loader.WebappClassLoader.getResource(WebappClassLoader.java:1072)
>>
>> java.lang.ClassLoader.getResource(ClassLoader.java:972)
>> java.lang.ClassLoader.getResource(ClassLoader.java:972)
>>
>> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.addClassFileToChangeTracker(ComponentInstantiatorSourceImpl.java:246)
>>
>>
>> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.onLoad(ComponentInstantiatorSourceImpl.java:192)
>>
>> javassist.Loader.findClass(Loader.java:340)
>>
>> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl$PackageAwareLoader.findClass(ComponentInstantiatorSourceImpl.java:94)
>>
>> javassist.Loader.loadClass(Loader.java:311)
>> java.lang.ClassLoader.loadClass(ClassLoader.java:251)
>> java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
>> org.apache.tapestry5.corelib.components.Loop.<clinit>(Loop.java:42)
>> $Instantiator_11f648c8ff4.newInstance($Instantiator_11f648c8ff4.java)
>>
>> org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl.<init>(InternalComponentResourcesImpl.java:132)
>>
>>
>> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.<init>(ComponentPageElementImpl.java:559)
>>
>>
>> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.newChild(ComponentPageElementImpl.java:637)
>>
>>
>> org.apache.tapestry5.internal.services.PageElementFactoryImpl.newComponentElement(PageElementFactoryImpl.java:229)
>>
>>
>> $PageElementFactory_11f648c8fc7.newComponentElement($PageElementFactory_11f648c8fc7.java)
>>
>>
>> org.apache.tapestry5.internal.services.PageLoaderProcessor.startComponent(PageLoaderProcessor.java:699)
>>
>>
>> org.apache.tapestry5.internal.services.PageLoaderProcessor.loadTemplateForComponent(PageLoaderProcessor.java:497)
>>
>>
>> org.apache.tapestry5.internal.services.PageLoaderProcessor.workComponentQueue(PageLoaderProcessor.java:851)
>>
>>
>> org.apache.tapestry5.internal.services.PageLoaderProcessor.loadPage(PageLoaderProcessor.java:390)
>>
>>
>> org.apache.tapestry5.internal.services.PageLoaderImpl.loadPage(PageLoaderImpl.java:53)
>>
>> $PageLoader_11f648c8fbc.loadPage($PageLoader_11f648c8fbc.java)
>>
>> org.apache.tapestry5.internal.services.PagePoolCache.checkout(PagePoolCache.java:210)
>>
>>
>> org.apache.tapestry5.internal.services.PagePoolImpl.checkout(PagePoolImpl.java:99)
>>
>> $PagePool_11f648c8fbb.checkout($PagePool_11f648c8fbb.java)
>>
>> org.apache.tapestry5.internal.services.RequestPageCacheImpl.get(RequestPageCacheImpl.java:51)
>>
>> $RequestPageCache_11f648c8fba.get($RequestPageCache_11f648c8fba.java)
>> $RequestPageCache_11f648c8fb9.get($RequestPageCache_11f648c8fb9.java)
>>
>> org.apache.tapestry5.internal.services.DefaultRequestExceptionHandler.handleRequestException(DefaultRequestExceptionHandler.java:69)
>>
>>
>> $RequestExceptionHandler_11f648c8fa4.handleRequestException($RequestExceptionHandler_11f648c8fa4.java)
>>
>>
>> org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:42)
>>
>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
>>
>> org.apache.tapestry5.services.TapestryModule$4.service(TapestryModule.java:759)
>>
>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
>>
>> org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:749)
>>
>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
>>
>> org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85)
>>
>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
>>
>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:90)
>>
>>
>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:81)
>>
>>
>> org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
>>
>>
>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:103)
>>
>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
>> $RequestHandler_11f648c8f9f.service($RequestHandler_11f648c8f9f.java)
>>
>> org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:193)
>>
>>
>> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
>>
>>
>> $HttpServletRequestFilter_11f648c8f9e.service($HttpServletRequestFilter_11f648c8f9e.java)
>>
>>
>> $HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java)
>>
>>
>> org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:711)
>>
>>
>> $HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java)
>>
>>
>> $HttpServletRequestHandler_11f648c8f9c.service($HttpServletRequestHandler_11f648c8f9c.java)
>>
>> org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:127)
>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>
>>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>
>> java.lang.reflect.Method.invoke(Method.java:597)
>>
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
>> java.security.AccessController.doPrivileged(Native Method)
>> javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
>>
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
>>
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5 and restrictive policies
Posted by Ulrich Stärk <ul...@spielviel.de>.
The policy is of course
grant codeBase "file:/var/lib/tomcat5.5/webapps/mailadmin/-" {
permission java.security.AllPermission;
};
Uli
Ulrich Stärk schrieb:
> Hi,
>
> I've got a Tomcat 5.5 installation with a very restrictive security
> policy in place. When I try to access my application, I get a nasty
> security exception: java.security.AccessControlException: access denied
> (java.io.FilePermission
> /var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class
> read) (see below for the full exception).
>
> But I have a policy that should grant everything below
> /var/lib/tomcat5.5/webapps/mailadmin/ (and hence also the tapestry jars
> in WEB-INF/lib) the AllPermission:
>
> grant codeBase "file:/var/lib/tomcat5.5/webapps/mywebapp/-" {
> permission java.security.AllPermission;
> };
>
> This doesn't seem to work though. Does anyone have an idea what's wrong
> here?
>
> TIA,
>
> Uli
>
> java.security.AccessControlException: access denied
> (java.io.FilePermission
> /var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class
> read)
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>
> java.security.AccessController.checkPermission(AccessController.java:546)
>
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> java.lang.SecurityManager.checkRead(SecurityManager.java:871)
> java.io.File.exists(File.java:731)
> org.apache.naming.resources.FileDirContext.file(FileDirContext.java:828)
>
> org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:211)
>
> org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:294)
>
> org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1925)
>
> org.apache.catalina.loader.WebappClassLoader.findResource(WebappClassLoader.java:937)
>
> org.apache.catalina.loader.WebappClassLoader.getResource(WebappClassLoader.java:1072)
>
> java.lang.ClassLoader.getResource(ClassLoader.java:972)
> java.lang.ClassLoader.getResource(ClassLoader.java:972)
> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.addClassFileToChangeTracker(ComponentInstantiatorSourceImpl.java:246)
>
> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.onLoad(ComponentInstantiatorSourceImpl.java:192)
>
> javassist.Loader.findClass(Loader.java:340)
> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl$PackageAwareLoader.findClass(ComponentInstantiatorSourceImpl.java:94)
>
> javassist.Loader.loadClass(Loader.java:311)
> java.lang.ClassLoader.loadClass(ClassLoader.java:251)
> java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
> org.apache.tapestry5.corelib.components.Loop.<clinit>(Loop.java:42)
> $Instantiator_11f648c8ff4.newInstance($Instantiator_11f648c8ff4.java)
> org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl.<init>(InternalComponentResourcesImpl.java:132)
>
> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.<init>(ComponentPageElementImpl.java:559)
>
> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.newChild(ComponentPageElementImpl.java:637)
>
> org.apache.tapestry5.internal.services.PageElementFactoryImpl.newComponentElement(PageElementFactoryImpl.java:229)
>
> $PageElementFactory_11f648c8fc7.newComponentElement($PageElementFactory_11f648c8fc7.java)
>
> org.apache.tapestry5.internal.services.PageLoaderProcessor.startComponent(PageLoaderProcessor.java:699)
>
> org.apache.tapestry5.internal.services.PageLoaderProcessor.loadTemplateForComponent(PageLoaderProcessor.java:497)
>
> org.apache.tapestry5.internal.services.PageLoaderProcessor.workComponentQueue(PageLoaderProcessor.java:851)
>
> org.apache.tapestry5.internal.services.PageLoaderProcessor.loadPage(PageLoaderProcessor.java:390)
>
> org.apache.tapestry5.internal.services.PageLoaderImpl.loadPage(PageLoaderImpl.java:53)
>
> $PageLoader_11f648c8fbc.loadPage($PageLoader_11f648c8fbc.java)
> org.apache.tapestry5.internal.services.PagePoolCache.checkout(PagePoolCache.java:210)
>
> org.apache.tapestry5.internal.services.PagePoolImpl.checkout(PagePoolImpl.java:99)
>
> $PagePool_11f648c8fbb.checkout($PagePool_11f648c8fbb.java)
> org.apache.tapestry5.internal.services.RequestPageCacheImpl.get(RequestPageCacheImpl.java:51)
>
> $RequestPageCache_11f648c8fba.get($RequestPageCache_11f648c8fba.java)
> $RequestPageCache_11f648c8fb9.get($RequestPageCache_11f648c8fb9.java)
> org.apache.tapestry5.internal.services.DefaultRequestExceptionHandler.handleRequestException(DefaultRequestExceptionHandler.java:69)
>
> $RequestExceptionHandler_11f648c8fa4.handleRequestException($RequestExceptionHandler_11f648c8fa4.java)
>
> org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:42)
>
> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
> org.apache.tapestry5.services.TapestryModule$4.service(TapestryModule.java:759)
>
> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
> org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:749)
>
> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
> org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85)
>
> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:90)
>
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:81)
>
> org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
>
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:103)
>
> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
> $RequestHandler_11f648c8f9f.service($RequestHandler_11f648c8f9f.java)
> org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:193)
>
> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
>
> $HttpServletRequestFilter_11f648c8f9e.service($HttpServletRequestFilter_11f648c8f9e.java)
>
> $HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java)
>
> org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:711)
>
> $HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java)
>
> $HttpServletRequestHandler_11f648c8f9c.service($HttpServletRequestHandler_11f648c8f9c.java)
>
> org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:127)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> java.lang.reflect.Method.invoke(Method.java:597)
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> java.security.AccessController.doPrivileged(Native Method)
> javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
>
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org