You are viewing a plain text version of this content. The canonical link for it is here.
Posted to j-users@xalan.apache.org by Guy McArthur <gu...@arizona.edu> on 2005/08/19 19:13:47 UTC
security exception when in web start
Greetings, I've having trouble debugging a peculiar issue.
I'm developing a Java Web Start application that makes extensive use of
XSLT. My XSL templates are packaged in a Jar file with the application.
I'm testing with Java 1.5.0_04, though the app should work in Java 1.4
and higher. All the Jars distributed with the application are signed,
and the JNLP specifies to give the application all permissions.
So far, so good. However, when performing a particular XSL transform
(which happens to be particularly large), I get a security exception. Is
there a workaround? The exception is:
com.sun.org.apache.xalan.internal.xsltc.TransletException:
java.security.AccessControlException: access denied
(java.io.FilePermission C:\Documents and Settings\guym\Application
Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.edu\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
read)
All my transforms are done like this:
URL xsl = getClass().getResource(template);
InputStream is = xsl.openStream();
Source source = new StreamSource(is, xsl.toExternalForm());
TransformerFactory factory =
TransformerFactory.newInstance();
Transformer trans = factory.newTransformer(source);
trans.transform(new DOMSource(document), new StreamResult(output));
Here is the stack trace:
RROR: 'java.security.AccessControlException: access denied
(java.io.FilePermission C:\Documents and Settings\guym\Application
Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.edu\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
read)'
javax.xml.transform.TransformerException:
com.sun.org.apache.xalan.internal.xsltc.TransletException:
java.security.AccessControlException: access denied
(java.io.FilePermission C:\Documents and Settings\guym\Application
Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.edu\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
read)
at
com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(Unknown
Source)
at
com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(Unknown
Source)
at grs.apps.pdsdriver.PdsArchiver.label(PdsArchiver.java:388)
at grs.apps.pdsdriver.EdrArchiver.archive(EdrArchiver.java:591)
at grs.apps.pdsdriver.PdsArchiverApp$5.run(PdsArchiverApp.java:236)
Caused by: com.sun.org.apache.xalan.internal.xsltc.TransletException:
java.security.AccessControlException: access denied
(java.io.FilePermission C:\Documents and Settings\guym\Application
Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.edu\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
read)
at
com.sun.org.apache.xalan.internal.xsltc.dom.LoadDocument.documentF(Unknown
Source)
at chan_data.template$dot$0()
at chan_data.applyTemplates()
at chan_data.applyTemplates()
at chan_data.transform()
at
com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet.transform(Unknown
Source)
... 5 more
---------
com.sun.org.apache.xalan.internal.xsltc.TransletException:
java.security.AccessControlException: access denied
(java.io.FilePermission C:\Documents and Settings\guym\Application
Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.edu\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
read)
at
com.sun.org.apache.xalan.internal.xsltc.dom.LoadDocument.documentF(Unknown
Source)
at chan_data.template$dot$0()
at chan_data.applyTemplates()
at chan_data.applyTemplates()
at chan_data.transform()
at
com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet.transform(Unknown
Source)
at
com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(Unknown
Source)
at
com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(Unknown
Source)
at grs.apps.pdsdriver.PdsArchiver.label(PdsArchiver.java:388)
at grs.apps.pdsdriver.EdrArchiver.archive(EdrArchiver.java:591)
at grs.apps.pdsdriver.PdsArchiverApp$5.run(PdsArchiverApp.java:236)
RE: security exception when in web start
Posted by Gary L Peskin <ga...@firstech.com>.
Guy --
I could be wrong but I really don't think the problem is in Xalan. It was
mentioned before that you are using
com.sun.org.apache.xalan.internal.xsltc.dom.LoadDocument.documentF which is
not an Apache Xalan class but a Sun adaptation of it for inclusion into the
JDK. I'm wondering if there is a bug in the JVM or Web Start implementation
in terms of permissions for this class in the Web Start environment since it
doesn't start with java or javax.
As a test, I wonder if you could download the true xalan.jar and
serializer.jar and then set up TransformerFactory.newInstance() to return a
true XalanJ TransformerFactory as opposed to the version of Xalan built into
the JDK. This is done by including an element in the JNLP like
<property name="javax.xml.transform.TransformerFactory"
value="org.apache.xalan.processor.TransformerFactoryImpl" />
Gary
> -----Original Message-----
> From: Guy McArthur [mailto:guym@arizona.edu]
> Sent: Friday, August 19, 2005 1:36 PM
> Cc: xalan-j-users@xml.apache.org
> Subject: Re: security exception when in web start
>
> Gary L Peskin wrote:
>
> >4. If you add the following to one of your initial classes:
> > System.err.println("SecurityManager = " +
> >System.getSecurityManager());
> > what does it show?
> >
> >
>
> It is com.sun.javaws.security.JavaWebStartSecurity.
>
> What's apparently happening is that the combination of
> a) Java Web Start
> b) XSL templates in Jar files
> and
> c) using the document() Xpath function
>
> is a bug in JAXP (Xalan implementation).
>
>
Re: security exception when in web start
Posted by Guy McArthur <gu...@arizona.edu>.
Gary L Peskin wrote:
>4. If you add the following to one of your initial classes:
> System.err.println("SecurityManager = " +
>System.getSecurityManager());
> what does it show?
>
>
It is com.sun.javaws.security.JavaWebStartSecurity.
What's apparently happening is that the combination of
a) Java Web Start
b) XSL templates in Jar files
and
c) using the document() Xpath function
is a bug in JAXP (Xalan implementation).
Re: security exception when in web start
Posted by Guy McArthur <gu...@arizona.edu>.
Gary L Peskin wrote:
>The classes that are in the stack trace don't explicitly invoke the
>SecurityManager. They just seem to do ordinary stuff. I have a few
>questions:
>
>1. Does your JNLP file specify an application-desc element? If possible,
>can you send your JNLP file?
>
>
Yes, I'll include it below.
>2. Does your security element specify <all-permissions/>?
>
>
Definitely, and it (and all jars) are signed.
>3. Does your Xalan application run okay from the command line (ie not in
>the Web Start environment)?
>
>
Yes.
>4. If you add the following to one of your initial classes:
> System.err.println("SecurityManager = " +
>System.getSecurityManager());
> what does it show?
>
>
>
I'll get back to you on that one.
What I've found out is that using document() in a template causes Xalan
to cache the document.
That's where this is bombing. Everything else, other templates, file
writes, etc, is working fine.
Apparently the processing instruction xalan-doc-cache-off can disable
this caching, but only
in an xsl:for-each. I tried that, but the issue remained. I'm re-writing
the template to not use document().
Basically, the XSL had a lookup table in it, that I refered to with
document(''), and I'm re-writing that part to instead be a massive
xsl:choose.
Here is the JNLP.
<?xml version="1.0" encoding="utf-8"?>
<!-- JNLP File for GRS DataViewer -->
<jnlp spec="1.0+"
codebase="http://grs.lpl.arizona.edu/grs2001/sw/pds/"
href="archiver.jnlp">
<information>
<vendor>GRS Software</vendor>
<title>GRS Archiver</title>
<shortcut online="false">
<desktop/>
<menu submenu="GRS Applications"/>
</shortcut>
<description>
The GRS Archiver creates delivery-ready archives of GRS
data products.
</description>
<description kind="short">
PDS Archiver application.
</description>
<icon href="gammas_64x64.jpg"/>
<offline-allowed/>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.4+"/>
<jar href="archiver.jar"/>
<jar href="classes12_g.jar"/>
<property name="user.timezone" value="UTC"/>
</resources>
<resources os="SunOS" arch="sparc">
<nativelib href="solaris_sparc.jar"/>
</resources>
<resources os="Linux" arch="x86">
<nativelib href="linux_x86.jar"/>
</resources>
<resources os="Windows" arch="x86">
<nativelib href="windows_x86.jar"/>
</resources>
<application-desc main-class="grs.apps.pdsdriver.PdsArchiverApp">
</application-desc>
</jnlp>
RE: security exception when in web start
Posted by Gary L Peskin <ga...@firstech.com>.
The classes that are in the stack trace don't explicitly invoke the
SecurityManager. They just seem to do ordinary stuff. I have a few
questions:
1. Does your JNLP file specify an application-desc element? If possible,
can you send your JNLP file?
2. Does your security element specify <all-permissions/>?
3. Does your Xalan application run okay from the command line (ie not in
the Web Start environment)?
4. If you add the following to one of your initial classes:
System.err.println("SecurityManager = " +
System.getSecurityManager());
what does it show?
This seems more like a JNLP problem than a Xalan problem but I confess that
I am no JNLP guru. However, depending on the answers to the above
questions, it seems like you are not getting the Web Start to launch in the
application environment but just in an applet-type sandbox environment.
Please let me know the answers to the above questions and I will try to help
from there.
Gary
> -----Original Message-----
> From: Guy McArthur [mailto:guym@arizona.edu]
> Sent: Friday, August 19, 2005 10:14 AM
> To: xalan-j-users@xml.apache.org
> Subject: security exception when in web start
>
> Greetings, I've having trouble debugging a peculiar issue.
>
> I'm developing a Java Web Start application that makes
> extensive use of
> XSLT. My XSL templates are packaged in a Jar file with the
> application.
> I'm testing with Java 1.5.0_04, though the app should work in
> Java 1.4
> and higher. All the Jars distributed with the application are signed,
> and the JNLP specifies to give the application all permissions.
>
> So far, so good. However, when performing a particular XSL transform
> (which happens to be particularly large), I get a security
> exception. Is
> there a workaround? The exception is:
>
> com.sun.org.apache.xalan.internal.xsltc.TransletException:
> java.security.AccessControlException: access denied
> (java.io.FilePermission C:\Documents and Settings\guym\Application
> Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.ed
> u\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
> read)
>
> All my transforms are done like this:
>
> URL xsl = getClass().getResource(template);
>
> InputStream is = xsl.openStream();
> Source source = new StreamSource(is, xsl.toExternalForm());
> TransformerFactory factory =
> TransformerFactory.newInstance();
> Transformer trans = factory.newTransformer(source);
> trans.transform(new DOMSource(document), new
> StreamResult(output));
>
> Here is the stack trace:
>
> RROR: 'java.security.AccessControlException: access denied
> (java.io.FilePermission C:\Documents and Settings\guym\Application
> Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.ed
> u\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
> read)'
> javax.xml.transform.TransformerException:
> com.sun.org.apache.xalan.internal.xsltc.TransletException:
> java.security.AccessControlException: access denied
> (java.io.FilePermission C:\Documents and Settings\guym\Application
> Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.ed
> u\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
> read)
> at
> com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.t
> ransform(Unknown
> Source)
> at
> com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.t
> ransform(Unknown
> Source)
> at grs.apps.pdsdriver.PdsArchiver.label(PdsArchiver.java:388)
> at grs.apps.pdsdriver.EdrArchiver.archive(EdrArchiver.java:591)
> at grs.apps.pdsdriver.PdsArchiverApp$5.run(PdsArchiverApp.java:236)
> Caused by: com.sun.org.apache.xalan.internal.xsltc.TransletException:
> java.security.AccessControlException: access denied
> (java.io.FilePermission C:\Documents and Settings\guym\Application
> Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.ed
> u\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
> read)
> at
> com.sun.org.apache.xalan.internal.xsltc.dom.LoadDocument.docum
> entF(Unknown
> Source)
> at chan_data.template$dot$0()
> at chan_data.applyTemplates()
> at chan_data.applyTemplates()
> at chan_data.transform()
> at
> com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTransl
> et.transform(Unknown
> Source)
> ... 5 more
> ---------
> com.sun.org.apache.xalan.internal.xsltc.TransletException:
> java.security.AccessControlException: access denied
> (java.io.FilePermission C:\Documents and Settings\guym\Application
> Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.ed
> u\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
> read)
> at
> com.sun.org.apache.xalan.internal.xsltc.dom.LoadDocument.docum
> entF(Unknown
> Source)
> at chan_data.template$dot$0()
> at chan_data.applyTemplates()
> at chan_data.applyTemplates()
> at chan_data.transform()
> at
> com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTransl
> et.transform(Unknown
> Source)
> at
> com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.t
> ransform(Unknown
> Source)
> at
> com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.t
> ransform(Unknown
> Source)
> at grs.apps.pdsdriver.PdsArchiver.label(PdsArchiver.java:388)
> at grs.apps.pdsdriver.EdrArchiver.archive(EdrArchiver.java:591)
> at grs.apps.pdsdriver.PdsArchiverApp$5.run(PdsArchiverApp.java:236)
>
>
>
Re: security exception when in web start
Posted by Brian Minchau <mi...@ca.ibm.com>.
Guy,
your traceback is showing classes like com.sun.org.apache... not
org.apache..., so this looks like might be a problem with a version of the
Apache code distributed by Sun. Of course it could be environmental too.
Sorry that I can't be more helpful.
- Brian
Guy McArthur
<guym@arizona.edu
> To
xalan-j-users@xml.apache.org
08/19/2005 01:13 cc
PM
Subject
security exception when in web
start
Greetings, I've having trouble debugging a peculiar issue.
I'm developing a Java Web Start application that makes extensive use of
XSLT. My XSL templates are packaged in a Jar file with the application.
I'm testing with Java 1.5.0_04, though the app should work in Java 1.4
and higher. All the Jars distributed with the application are signed,
and the JNLP specifies to give the application all permissions.
So far, so good. However, when performing a particular XSL transform
(which happens to be particularly large), I get a security exception. Is
there a workaround? The exception is:
com.sun.org.apache.xalan.internal.xsltc.TransletException:
java.security.AccessControlException: access denied
(java.io.FilePermission C:\Documents and Settings\guym\Application
Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.edu\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
read)
All my transforms are done like this:
URL xsl = getClass().getResource(template);
InputStream is = xsl.openStream();
Source source = new StreamSource(is, xsl.toExternalForm());
TransformerFactory factory =
TransformerFactory.newInstance();
Transformer trans = factory.newTransformer(source);
trans.transform(new DOMSource(document), new StreamResult(output));
Here is the stack trace:
RROR: 'java.security.AccessControlException: access denied
(java.io.FilePermission C:\Documents and Settings\guym\Application
Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.edu\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
read)'
javax.xml.transform.TransformerException:
com.sun.org.apache.xalan.internal.xsltc.TransletException:
java.security.AccessControlException: access denied
(java.io.FilePermission C:\Documents and Settings\guym\Application
Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.edu\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
read)
at
com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(Unknown
Source)
at
com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(Unknown
Source)
at grs.apps.pdsdriver.PdsArchiver.label(PdsArchiver.java:388)
at grs.apps.pdsdriver.EdrArchiver.archive(EdrArchiver.java:591)
at grs.apps.pdsdriver.PdsArchiverApp$5.run(PdsArchiverApp.java:236)
Caused by: com.sun.org.apache.xalan.internal.xsltc.TransletException:
java.security.AccessControlException: access denied
(java.io.FilePermission C:\Documents and Settings\guym\Application
Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.edu\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
read)
at
com.sun.org.apache.xalan.internal.xsltc.dom.LoadDocument.documentF(Unknown
Source)
at chan_data.template$dot$0()
at chan_data.applyTemplates()
at chan_data.applyTemplates()
at chan_data.transform()
at
com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet.transform(Unknown
Source)
... 5 more
---------
com.sun.org.apache.xalan.internal.xsltc.TransletException:
java.security.AccessControlException: access denied
(java.io.FilePermission C:\Documents and Settings\guym\Application
Data\Sun\Java\Deployment\cache\javaws\http\Dgrs.lpl.arizona.edu\P80\DMgrs2001\DMsw\DMpds\RMarchiver.jar
read)
at
com.sun.org.apache.xalan.internal.xsltc.dom.LoadDocument.documentF(Unknown
Source)
at chan_data.template$dot$0()
at chan_data.applyTemplates()
at chan_data.applyTemplates()
at chan_data.transform()
at
com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet.transform(Unknown
Source)
at
com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(Unknown
Source)
at
com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(Unknown
Source)
at grs.apps.pdsdriver.PdsArchiver.label(PdsArchiver.java:388)
at grs.apps.pdsdriver.EdrArchiver.archive(EdrArchiver.java:591)
at grs.apps.pdsdriver.PdsArchiverApp$5.run(PdsArchiverApp.java:236)