You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@beehive.apache.org by "Rich Feit (JIRA)" <be...@incubator.apache.org> on 2005/06/14 23:07:49 UTC
[jira] Created: (BEEHIVE-815) Nested controls: cannot initialize a public control field when using a Java security manager
Nested controls: cannot initialize a public control field when using a Java security manager
--------------------------------------------------------------------------------------------
Key: BEEHIVE-815
URL: http://issues.apache.org/jira/browse/BEEHIVE-815
Project: Beehive
Type: Bug
Components: Controls
Versions: V1
Reporter: Rich Feit
Fix For: TBD
Attachments: jira815.zip
This bug involves using a *public* @Control field, which should be possible even if "suppressAccessChecks" is not set in the security policy.
Repro (the easiest way to reproduce this):
- cd to $CATALINA_HOME/bin.
- create a file called mysecurity.policy (and REPLACE my c:/prog/... tomcat/jdk directories with ones of your own):
---
grant codeBase "file:///c:/prog/jakarta-tomcat-5.0.25/-"{
permission java.security.AllPermission;
};
grant codeBase "file:///c:/prog/jdk1.5.0/-"{
permission java.security.AllPermission;
};
grant {
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
---
- set the JAVA_OPTS environment variable:
(windows) set JAVA_OPTS=-Djava.security.manager -Djava.security.policy=mysecurity.policy
(linux) export JAVA_OPTS="-Djava.security.manager -Djava.security.policy=mysecurity.policy"
- start tomcat:
(windows) .\startup.bat
(linux) ./startup.sh
- Overlay the attached page flow and controls onto a webapp, and deploy it to the running tomcat.
- Hit the page flow (/usecontrol/Controller.jpf):
EXPECTED: see the message "hello there" in the displayed page.
ACTUAL: a series of exceptions, with this root cause:
Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
at usecontrol.ControllerClientInitializer.<clinit>(ControllerClientInitializer.java:21)
... 85 more
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (BEEHIVE-815) Nested controls: cannot initialize a public control field when using a Java security manager
Posted by "Rich Feit (JIRA)" <be...@incubator.apache.org>.
[ http://issues.apache.org/jira/browse/BEEHIVE-815?page=comments#action_12313642 ]
Rich Feit commented on BEEHIVE-815:
-----------------------------------
The fix for this one isn't as clear as it was for http://issues.apache.org/jira/browse/BEEHIVE-813 (the NetUI issue). In this case, src/runtime/org/apache/beehive/controls/runtime/generator/ClientInitializer.vm and src/runtime/org/apache/beehive/controls/runtime/generator/ImplInitializer.vm can be modified like this:
#foreach ($field in $init.reflectFields)
$field.reflectField = ${client.className}.class.getDeclaredField("$field.name");
- ${field.reflectField}.setAccessible(true);
+ if (! Modifier.isPublic(${field.reflectField}.getModifiers()))
+ {
+ ${field.reflectField}.setAccessible(true);
+ }
#end
However, the generated nested control Field object always has package protected access, even if the actual control field is public in the control implementation, e.g.,
static final Field __containedField;
> Nested controls: cannot initialize a public control field when using a Java security manager
> --------------------------------------------------------------------------------------------
>
> Key: BEEHIVE-815
> URL: http://issues.apache.org/jira/browse/BEEHIVE-815
> Project: Beehive
> Type: Bug
> Components: Controls
> Versions: V1
> Reporter: Rich Feit
> Fix For: TBD
> Attachments: jira815.zip
>
> This bug involves using a *public* @Control field, which should be possible even if "suppressAccessChecks" is not set in the security policy.
> Repro (the easiest way to reproduce this):
> - cd to $CATALINA_HOME/bin.
> - create a file called mysecurity.policy (and REPLACE my c:/prog/... tomcat/jdk directories with ones of your own):
> ---
> grant codeBase "file:///c:/prog/jakarta-tomcat-5.0.25/-"{
> permission java.security.AllPermission;
> };
> grant codeBase "file:///c:/prog/jdk1.5.0/-"{
> permission java.security.AllPermission;
> };
> grant {
> permission java.util.PropertyPermission "*", "read";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> };
> ---
> - set the JAVA_OPTS environment variable:
> (windows) set JAVA_OPTS=-Djava.security.manager -Djava.security.policy=mysecurity.policy
> (linux) export JAVA_OPTS="-Djava.security.manager -Djava.security.policy=mysecurity.policy"
> - start tomcat:
> (windows) .\startup.bat
> (linux) ./startup.sh
> - Overlay the attached page flow and controls onto a webapp, and deploy it to the running tomcat.
> - Hit the page flow (/usecontrol/Controller.jpf):
> EXPECTED: see the message "hello there" in the displayed page.
> ACTUAL: a series of exceptions, with this root cause:
> Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
> at java.security.AccessController.checkPermission(AccessController.java:427)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
> at usecontrol.ControllerClientInitializer.<clinit>(ControllerClientInitializer.java:21)
> ... 85 more
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (BEEHIVE-815) Nested controls: cannot initialize a public control field when using a Java security manager
Posted by "Rich Feit (JIRA)" <be...@incubator.apache.org>.
[ http://issues.apache.org/jira/browse/BEEHIVE-815?page=all ]
Rich Feit updated BEEHIVE-815:
------------------------------
Attachment: jira815.zip
Repro page flow and controls.
> Nested controls: cannot initialize a public control field when using a Java security manager
> --------------------------------------------------------------------------------------------
>
> Key: BEEHIVE-815
> URL: http://issues.apache.org/jira/browse/BEEHIVE-815
> Project: Beehive
> Type: Bug
> Components: Controls
> Versions: V1
> Reporter: Rich Feit
> Fix For: TBD
> Attachments: jira815.zip
>
> This bug involves using a *public* @Control field, which should be possible even if "suppressAccessChecks" is not set in the security policy.
> Repro (the easiest way to reproduce this):
> - cd to $CATALINA_HOME/bin.
> - create a file called mysecurity.policy (and REPLACE my c:/prog/... tomcat/jdk directories with ones of your own):
> ---
> grant codeBase "file:///c:/prog/jakarta-tomcat-5.0.25/-"{
> permission java.security.AllPermission;
> };
> grant codeBase "file:///c:/prog/jdk1.5.0/-"{
> permission java.security.AllPermission;
> };
> grant {
> permission java.util.PropertyPermission "*", "read";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> };
> ---
> - set the JAVA_OPTS environment variable:
> (windows) set JAVA_OPTS=-Djava.security.manager -Djava.security.policy=mysecurity.policy
> (linux) export JAVA_OPTS="-Djava.security.manager -Djava.security.policy=mysecurity.policy"
> - start tomcat:
> (windows) .\startup.bat
> (linux) ./startup.sh
> - Overlay the attached page flow and controls onto a webapp, and deploy it to the running tomcat.
> - Hit the page flow (/usecontrol/Controller.jpf):
> EXPECTED: see the message "hello there" in the displayed page.
> ACTUAL: a series of exceptions, with this root cause:
> Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
> at java.security.AccessController.checkPermission(AccessController.java:427)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
> at usecontrol.ControllerClientInitializer.<clinit>(ControllerClientInitializer.java:21)
> ... 85 more
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (BEEHIVE-815) Nested controls: cannot initialize a public control field when using a Java security manager
Posted by "Kyle Marvin (JIRA)" <be...@incubator.apache.org>.
[ http://issues.apache.org/jira/browse/BEEHIVE-815?page=comments#action_12313648 ]
Kyle Marvin commented on BEEHIVE-815:
-------------------------------------
Sounds like a bug in the codegen of the client initializer, as the failure has setAccessible() on the stack. It should be code-genning a direct field assignment if it is public.
> Nested controls: cannot initialize a public control field when using a Java security manager
> --------------------------------------------------------------------------------------------
>
> Key: BEEHIVE-815
> URL: http://issues.apache.org/jira/browse/BEEHIVE-815
> Project: Beehive
> Type: Bug
> Components: Controls
> Versions: V1
> Reporter: Rich Feit
> Fix For: TBD
> Attachments: jira815.zip
>
> This bug involves using a *public* @Control field, which should be possible even if "suppressAccessChecks" is not set in the security policy.
> Repro (the easiest way to reproduce this):
> - cd to $CATALINA_HOME/bin.
> - create a file called mysecurity.policy (and REPLACE my c:/prog/... tomcat/jdk directories with ones of your own):
> ---
> grant codeBase "file:///c:/prog/jakarta-tomcat-5.0.25/-"{
> permission java.security.AllPermission;
> };
> grant codeBase "file:///c:/prog/jdk1.5.0/-"{
> permission java.security.AllPermission;
> };
> grant {
> permission java.util.PropertyPermission "*", "read";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> };
> ---
> - set the JAVA_OPTS environment variable:
> (windows) set JAVA_OPTS=-Djava.security.manager -Djava.security.policy=mysecurity.policy
> (linux) export JAVA_OPTS="-Djava.security.manager -Djava.security.policy=mysecurity.policy"
> - start tomcat:
> (windows) .\startup.bat
> (linux) ./startup.sh
> - Overlay the attached page flow and controls onto a webapp, and deploy it to the running tomcat.
> - Hit the page flow (/usecontrol/Controller.jpf):
> EXPECTED: see the message "hello there" in the displayed page.
> ACTUAL: a series of exceptions, with this root cause:
> Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
> at java.security.AccessController.checkPermission(AccessController.java:427)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
> at usecontrol.ControllerClientInitializer.<clinit>(ControllerClientInitializer.java:21)
> ... 85 more
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira