You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openwebbeans.apache.org by "Jacquelle Leggett (JIRA)" <ji...@apache.org> on 2010/03/02 16:54:27 UTC
[jira] Created: (OWB-312) Add dopriv's to allow OWB to function
with java 2 security enabled
Add dopriv's to allow OWB to function with java 2 security enabled
------------------------------------------------------------------
Key: OWB-312
URL: https://issues.apache.org/jira/browse/OWB-312
Project: OpenWebBeans
Issue Type: Bug
Reporter: Jacquelle Leggett
Assignee: Gurkan Erdogdu
When using OWB with java 2 security enabled, my application requires the following permissions:
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
The associated errors do not appear to be strategic security exceptions; therefore, dopriv blocks should be added to the appropriate sections of code. Adding dopriv blocks to AnnotationUtil and ClassUtil, will resolve most of the issues based on the SecurityExceptions I saw.
java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
at java.lang.Class.checkMemberAccess(Class.java:109)
at java.lang.Class.getDeclaredMethods(Class.java:668)
at org.apache.webbeans.util.AnnotationUtil.hasAnnotationMember(AnnotationUtil.java:457)
at org.apache.webbeans.container.InjectionResolver.findByQualifier(InjectionResolver.java:523)
at org.apache.webbeans.container.InjectionResolver.implResolveByType(InjectionResolver.java:410)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (OWB-312) Add dopriv's to allow OWB to function
with java 2 security enabled
Posted by "YING WANG (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OWB-312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
YING WANG reassigned OWB-312:
-----------------------------
Assignee: YING WANG (was: Gurkan Erdogdu)
> Add dopriv's to allow OWB to function with java 2 security enabled
> ------------------------------------------------------------------
>
> Key: OWB-312
> URL: https://issues.apache.org/jira/browse/OWB-312
> Project: OpenWebBeans
> Issue Type: Bug
> Components: Core
> Affects Versions: M4
> Reporter: Jacquelle Leggett
> Assignee: YING WANG
> Fix For: 1.0.0
>
>
> When using OWB with java 2 security enabled, my application requires the following permissions:
> permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> permission java.lang.RuntimePermission "getClassLoader";
> permission java.lang.RuntimePermission "getProtectionDomain";
> The associated errors do not appear to be strategic security exceptions; therefore, dopriv blocks should be added to the appropriate sections of code. Adding dopriv blocks to AnnotationUtil and ClassUtil, will resolve most of the issues based on the SecurityExceptions I saw.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:109)
> at java.lang.Class.getDeclaredMethods(Class.java:668)
> at org.apache.webbeans.util.AnnotationUtil.hasAnnotationMember(AnnotationUtil.java:457)
> at org.apache.webbeans.container.InjectionResolver.findByQualifier(InjectionResolver.java:523)
> at org.apache.webbeans.container.InjectionResolver.implResolveByType(InjectionResolver.java:410)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OWB-312) Add dopriv's to allow OWB to function
with java 2 security enabled
Posted by "Gurkan Erdogdu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OWB-312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gurkan Erdogdu updated OWB-312:
-------------------------------
Component/s: Core
Affects Version/s: M4
Fix Version/s: 1.0.0
> Add dopriv's to allow OWB to function with java 2 security enabled
> ------------------------------------------------------------------
>
> Key: OWB-312
> URL: https://issues.apache.org/jira/browse/OWB-312
> Project: OpenWebBeans
> Issue Type: Bug
> Components: Core
> Affects Versions: M4
> Reporter: Jacquelle Leggett
> Assignee: Gurkan Erdogdu
> Fix For: 1.0.0
>
>
> When using OWB with java 2 security enabled, my application requires the following permissions:
> permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> permission java.lang.RuntimePermission "getClassLoader";
> permission java.lang.RuntimePermission "getProtectionDomain";
> The associated errors do not appear to be strategic security exceptions; therefore, dopriv blocks should be added to the appropriate sections of code. Adding dopriv blocks to AnnotationUtil and ClassUtil, will resolve most of the issues based on the SecurityExceptions I saw.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:109)
> at java.lang.Class.getDeclaredMethods(Class.java:668)
> at org.apache.webbeans.util.AnnotationUtil.hasAnnotationMember(AnnotationUtil.java:457)
> at org.apache.webbeans.container.InjectionResolver.findByQualifier(InjectionResolver.java:523)
> at org.apache.webbeans.container.InjectionResolver.implResolveByType(InjectionResolver.java:410)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OWB-312) Add dopriv's to allow OWB to function
with java 2 security enabled
Posted by "Gurkan Erdogdu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OWB-312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12858648#action_12858648 ]
Gurkan Erdogdu commented on OWB-312:
------------------------------------
Great! thanks. Yes you could create an issue for Geronimo specs and attach patch.
> Add dopriv's to allow OWB to function with java 2 security enabled
> ------------------------------------------------------------------
>
> Key: OWB-312
> URL: https://issues.apache.org/jira/browse/OWB-312
> Project: OpenWebBeans
> Issue Type: Bug
> Components: Core
> Affects Versions: M4
> Reporter: Jacquelle Leggett
> Assignee: YING WANG
> Fix For: 1.0.0
>
>
> When using OWB with java 2 security enabled, my application requires the following permissions:
> permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> permission java.lang.RuntimePermission "getClassLoader";
> permission java.lang.RuntimePermission "getProtectionDomain";
> The associated errors do not appear to be strategic security exceptions; therefore, dopriv blocks should be added to the appropriate sections of code. Adding dopriv blocks to AnnotationUtil and ClassUtil, will resolve most of the issues based on the SecurityExceptions I saw.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:109)
> at java.lang.Class.getDeclaredMethods(Class.java:668)
> at org.apache.webbeans.util.AnnotationUtil.hasAnnotationMember(AnnotationUtil.java:457)
> at org.apache.webbeans.container.InjectionResolver.findByQualifier(InjectionResolver.java:523)
> at org.apache.webbeans.container.InjectionResolver.implResolveByType(InjectionResolver.java:410)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OWB-312) Add dopriv's to allow OWB to function
with java 2 security enabled
Posted by "YING WANG (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OWB-312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12858614#action_12858614 ]
YING WANG commented on OWB-312:
-------------------------------
To avoid this annoying "Access denied" Exceptions when java2 security enabled, does anyone mind if I delegate invocations of following methods to some SecurityUtil class and add doPrivileged guard around them?
Method.setAccess(boolean) ==> SecurityUtil.doPrivilegedSetAccess(Method, boolean)
Class.setAccess(boolean) ==> SecurityUtil.doPrivilegedSetAccess(Class, boolean)
Class.getDeclaredConstructors() ==> SecurityUtil.doPrivilegedGetDeclaredConstructors(Class)
Class.getDeclaredConstructor(...) ==> SecurityUtil.doPrivilegedSGetDeclaredConstructor(Class..)
Class.getDeclaredMethods() ==> SecurityUtil.doPrivilegedGetDeclaredMethods(Class)
Class.getDeclaredMethod(...) ==> SecurityUtil.doPrivilegedGetDeclaredMethods(Class..)
Class.getDeclaredFields() ==> SecurityUtil.doPrivilegedGetDeclaredFields(Class)
Class.getDeclaredField(...) ==> SecurityUtil.doPrivilegedGetDeclaredField(Class..)
ProxyFactory.createClass() ==> SecurityUtil.doPrivilegedGetProxyClass(ProxyFactory..)
One problem I have is the setAcess()/getDeclaredMethods() invocations in javax.enterprise.util.AnnotationLiteral, which is now part of geronimo jcdi api. Should we open a bug against geronimo?
> Add dopriv's to allow OWB to function with java 2 security enabled
> ------------------------------------------------------------------
>
> Key: OWB-312
> URL: https://issues.apache.org/jira/browse/OWB-312
> Project: OpenWebBeans
> Issue Type: Bug
> Components: Core
> Affects Versions: M4
> Reporter: Jacquelle Leggett
> Assignee: YING WANG
> Fix For: 1.0.0
>
>
> When using OWB with java 2 security enabled, my application requires the following permissions:
> permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> permission java.lang.RuntimePermission "getClassLoader";
> permission java.lang.RuntimePermission "getProtectionDomain";
> The associated errors do not appear to be strategic security exceptions; therefore, dopriv blocks should be added to the appropriate sections of code. Adding dopriv blocks to AnnotationUtil and ClassUtil, will resolve most of the issues based on the SecurityExceptions I saw.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:109)
> at java.lang.Class.getDeclaredMethods(Class.java:668)
> at org.apache.webbeans.util.AnnotationUtil.hasAnnotationMember(AnnotationUtil.java:457)
> at org.apache.webbeans.container.InjectionResolver.findByQualifier(InjectionResolver.java:523)
> at org.apache.webbeans.container.InjectionResolver.implResolveByType(InjectionResolver.java:410)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (OWB-312) Add dopriv's to allow OWB to function with
java 2 security enabled
Posted by "Gurkan Erdogdu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OWB-312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gurkan Erdogdu closed OWB-312.
------------------------------
Resolution: Fixed
> Add dopriv's to allow OWB to function with java 2 security enabled
> ------------------------------------------------------------------
>
> Key: OWB-312
> URL: https://issues.apache.org/jira/browse/OWB-312
> Project: OpenWebBeans
> Issue Type: Bug
> Components: Core
> Affects Versions: M4
> Reporter: Jacquelle Leggett
> Assignee: YING WANG
> Fix For: 1.0.0
>
>
> When using OWB with java 2 security enabled, my application requires the following permissions:
> permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> permission java.lang.RuntimePermission "getClassLoader";
> permission java.lang.RuntimePermission "getProtectionDomain";
> The associated errors do not appear to be strategic security exceptions; therefore, dopriv blocks should be added to the appropriate sections of code. Adding dopriv blocks to AnnotationUtil and ClassUtil, will resolve most of the issues based on the SecurityExceptions I saw.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:109)
> at java.lang.Class.getDeclaredMethods(Class.java:668)
> at org.apache.webbeans.util.AnnotationUtil.hasAnnotationMember(AnnotationUtil.java:457)
> at org.apache.webbeans.container.InjectionResolver.findByQualifier(InjectionResolver.java:523)
> at org.apache.webbeans.container.InjectionResolver.implResolveByType(InjectionResolver.java:410)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.