You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by "Wolfgang Klaus (JIRA)" <my...@incubator.apache.org> on 2005/07/12 22:10:12 UTC
[jira] Created: (MYFACES-324) WebXmlParser throws AccessControlException in secure Tomcat
WebXmlParser throws AccessControlException in secure Tomcat
------------------------------------------------------------
Key: MYFACES-324
URL: http://issues.apache.org/jira/browse/MYFACES-324
Project: MyFaces
Type: Bug
Versions: 1.0.9 beta
Environment: java 1.5.0_04
tomcat 5.5.9
Reporter: Wolfgang Klaus
Using MyfFaces in a secure tomcat throws AccessControlException in WebXmlParser
Here the Stacktrace:
18:41:53,664 FATAL WebXmlParser:105 - Unable to parse web.xml
java.security.AccessControlException: access denied (java.net.SocketPermission java.sun.com:80 connect,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:459)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:214)
at sun.net.www.http.HttpClient.New(HttpClient.java:287)
at sun.net.www.http.HttpClient.New(HttpClient.java:299)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:792)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:744)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:669)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:973)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startEntity(XMLEntityManager.java:905)
at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startDTDEntity(XMLEntityManager.java:872)
at com.sun.org.apache.xerces.internal.impl.XMLDTDScannerImpl.setInputSource(XMLDTDScannerImpl.java:282)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDispatcher.dispatch(XMLDocumentScannerImpl.java:102
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.ja
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:250)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:292)
at org.apache.myfaces.webapp.webxml.WebXmlParser.parse(WebXmlParser.java:90)
at org.apache.myfaces.webapp.webxml.WebXml.init(WebXml.java:143)
After adding the following line to catalina.policy
permission java.net.SocketPermission "java.sun.com:80", "connect";
Parsing of web.xml works if the computer, on which tomcat is runnig, can make connects to the internet.
But if the computer is not able to connect to internet (e.g. after a proxy) then the above Excpetion is thrown again.
If you run in an not secure Tomcat you get an UnknownHostException.
The parser allways trys to connect to http://java.sun.com.
The following changes in WebXmlParser solves the problem.
disable Validating for the parser. (dbf.setValidating(false))
Do we have to validate the web.xml file. Tomcat already parses and validates the web.xml. So if an
error in web.xml tomcat already before get an error.
The _EntityResolver try's to load the dtd-file and that is the problem.
With following _EntityResolver everything works fine.
private class _EntityResolver implements EntityResolver
{
public InputSource resolveEntity(String publicId, String systemId) throws IOException
{
return new InputSource(new StringReader(""));
}
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (MYFACES-324) WebXmlParser throws
AccessControlException in secure Tomcat
Posted by "Wolfgang Klaus (JIRA)" <de...@myfaces.apache.org>.
[ http://issues.apache.org/jira/browse/MYFACES-324?page=comments#action_12364062 ]
Wolfgang Klaus commented on MYFACES-324:
----------------------------------------
The problem as described above is still present in MyFaces 1.1.1
When replacing the _EntityResolver everything works fine.
Can some please replace the _EntityResolver as described before.
You can reproduce this error very simple.
Remove your network cable from your computer and try to start Tomcat in Security-Mode.
Thanks
> WebXmlParser throws AccessControlException in secure Tomcat
> -----------------------------------------------------------
>
> Key: MYFACES-324
> URL: http://issues.apache.org/jira/browse/MYFACES-324
> Project: MyFaces
> Type: Bug
> Versions: 1.0.9m9
> Environment: java 1.5.0_04
> tomcat 5.5.9
> Reporter: Wolfgang Klaus
> Fix For: 1.1.0
>
> Using MyfFaces in a secure tomcat throws AccessControlException in WebXmlParser
> Here the Stacktrace:
> 18:41:53,664 FATAL WebXmlParser:105 - Unable to parse web.xml
> java.security.AccessControlException: access denied (java.net.SocketPermission java.sun.com:80 connect,resolve)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
> at java.security.AccessController.checkPermission(AccessController.java:427)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:459)
> at sun.net.www.http.HttpClient.<init>(HttpClient.java:214)
> at sun.net.www.http.HttpClient.New(HttpClient.java:287)
> at sun.net.www.http.HttpClient.New(HttpClient.java:299)
> at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:792)
> at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:744)
> at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:669)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:973)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startEntity(XMLEntityManager.java:905)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startDTDEntity(XMLEntityManager.java:872)
> at com.sun.org.apache.xerces.internal.impl.XMLDTDScannerImpl.setInputSource(XMLDTDScannerImpl.java:282)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDispatcher.dispatch(XMLDocumentScannerImpl.java:102
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.ja
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148)
> at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:250)
> at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:292)
> at org.apache.myfaces.webapp.webxml.WebXmlParser.parse(WebXmlParser.java:90)
> at org.apache.myfaces.webapp.webxml.WebXml.init(WebXml.java:143)
> After adding the following line to catalina.policy
> permission java.net.SocketPermission "java.sun.com:80", "connect";
> Parsing of web.xml works if the computer, on which tomcat is runnig, can make connects to the internet.
> But if the computer is not able to connect to internet (e.g. after a proxy) then the above Excpetion is thrown again.
> If you run in an not secure Tomcat you get an UnknownHostException.
> The parser allways trys to connect to http://java.sun.com.
> The following changes in WebXmlParser solves the problem.
> disable Validating for the parser. (dbf.setValidating(false))
> Do we have to validate the web.xml file. Tomcat already parses and validates the web.xml. So if an
> error in web.xml tomcat already before get an error.
> The _EntityResolver try's to load the dtd-file and that is the problem.
> With following _EntityResolver everything works fine.
> private class _EntityResolver implements EntityResolver
> {
> public InputSource resolveEntity(String publicId, String systemId) throws IOException
> {
> return new InputSource(new StringReader(""));
> }
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Closed: (MYFACES-324) WebXmlParser throws AccessControlException in secure Tomcat
Posted by "Sylvain Vieujot (JIRA)" <my...@incubator.apache.org>.
[ http://issues.apache.org/jira/browse/MYFACES-324?page=all ]
Sylvain Vieujot closed MYFACES-324:
-----------------------------------
Fix Version: Nightly Build
Resolution: Fixed
On line 80 of the WebXmlParser, we already had the validation disabled.
I just made it more clear.
I think it's sufficient so I maked this bug as fixed.
Please confirm that it works without changing the EntityResolver.
Thanks
> WebXmlParser throws AccessControlException in secure Tomcat
> -----------------------------------------------------------
>
> Key: MYFACES-324
> URL: http://issues.apache.org/jira/browse/MYFACES-324
> Project: MyFaces
> Type: Bug
> Versions: 1.0.9 beta
> Environment: java 1.5.0_04
> tomcat 5.5.9
> Reporter: Wolfgang Klaus
> Fix For: Nightly Build
>
> Using MyfFaces in a secure tomcat throws AccessControlException in WebXmlParser
> Here the Stacktrace:
> 18:41:53,664 FATAL WebXmlParser:105 - Unable to parse web.xml
> java.security.AccessControlException: access denied (java.net.SocketPermission java.sun.com:80 connect,resolve)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
> at java.security.AccessController.checkPermission(AccessController.java:427)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:459)
> at sun.net.www.http.HttpClient.<init>(HttpClient.java:214)
> at sun.net.www.http.HttpClient.New(HttpClient.java:287)
> at sun.net.www.http.HttpClient.New(HttpClient.java:299)
> at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:792)
> at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:744)
> at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:669)
> at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:973)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startEntity(XMLEntityManager.java:905)
> at com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startDTDEntity(XMLEntityManager.java:872)
> at com.sun.org.apache.xerces.internal.impl.XMLDTDScannerImpl.setInputSource(XMLDTDScannerImpl.java:282)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDispatcher.dispatch(XMLDocumentScannerImpl.java:102
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.ja
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148)
> at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:250)
> at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:292)
> at org.apache.myfaces.webapp.webxml.WebXmlParser.parse(WebXmlParser.java:90)
> at org.apache.myfaces.webapp.webxml.WebXml.init(WebXml.java:143)
> After adding the following line to catalina.policy
> permission java.net.SocketPermission "java.sun.com:80", "connect";
> Parsing of web.xml works if the computer, on which tomcat is runnig, can make connects to the internet.
> But if the computer is not able to connect to internet (e.g. after a proxy) then the above Excpetion is thrown again.
> If you run in an not secure Tomcat you get an UnknownHostException.
> The parser allways trys to connect to http://java.sun.com.
> The following changes in WebXmlParser solves the problem.
> disable Validating for the parser. (dbf.setValidating(false))
> Do we have to validate the web.xml file. Tomcat already parses and validates the web.xml. So if an
> error in web.xml tomcat already before get an error.
> The _EntityResolver try's to load the dtd-file and that is the problem.
> With following _EntityResolver everything works fine.
> private class _EntityResolver implements EntityResolver
> {
> public InputSource resolveEntity(String publicId, String systemId) throws IOException
> {
> return new InputSource(new StringReader(""));
> }
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira