You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Eric Schneider <er...@centralparksoftware.com> on 2005/02/01 17:53:27 UTC
java.security.policy woes
Hi,
I'm testing a little Tapestry 3.0.1 app running on Sunone 7 app server
(Servlet spec 2.3).
The app server instance makes use of a policy file that stomps all over
what Tapestry needs to do at Runtime. The app throws in
ApplicationServlet.init() when trying to create a class pool (trace
below).
Just as a test, I tried removing the JVM option (-Djava.security.policy=/
<BLAH>/config/server.policy), but it looks like sunone uses a default
policy file if one isn't provided (I get the same exception).
Unfortunately, I don't have a ton of experience with these policy files.
There are a few different flavors of entries:
grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {
permission java.security.AllPermission;
};
grant {
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.net.SocketPermission "*", "connect";
permission java.io.FilePermission "<<ALL FILES>>", "read,write";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "modifyThreadGroup";
};
grant {
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
Does anyone know how to format an entry to make the app server Tapestry
friendly? I'd like to avoid putting my Tapestry related jars in a shared
location.
Thanks in advance.
e.
Type: Exception Report
Message: Internal Server Error
Exception
javax.servlet.ServletException: Servlet execution threw an exception
at
org.apache.catalina.core.StandardWrapperValve.invokeServletService(Standar
dWrapperValve.java:742)
at
org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperVa
lve.java:118)
at
org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.j
ava:278)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.
java:274)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.
java:212)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
203)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.
java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
Root Cause
java.lang.ExceptionInInitializerError
at
org.apache.tapestry.enhance.javassist.EnhancedClassFactory.createClassPool
(EnhancedClassFactory.java:57)
at
org.apache.tapestry.enhance.javassist.EnhancedClassFactory.reset(EnhancedC
lassFactory.java:69)
at
org.apache.tapestry.enhance.javassist.EnhancedClassFactory.(EnhancedClassF
actory.java:49)
at
org.apache.tapestry.enhance.DefaultComponentClassEnhancer.createEnhancedCl
assFactory(DefaultComponentClassEnhancer.java:72)
at
org.apache.tapestry.enhance.DefaultComponentClassEnhancer.(DefaultComponen
tClassEnhancer.java:66)
at
org.apache.tapestry.engine.AbstractEngine.createComponentClassEnhancer(Abs
tractEngine.java:2207)
at
org.apache.tapestry.engine.AbstractEngine.setupForRequest(AbstractEngine.j
ava:1262)
at
org.apache.tapestry.engine.AbstractEngine.service(AbstractEngine.java:824)
at
org.apache.tapestry.ApplicationServlet.doService(ApplicationServlet.java:
197)
at
org.apache.tapestry.ApplicationServlet.doGet(ApplicationServlet.java:158)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.catalina.core.StandardWrapperValve.invokeServletService(Standar
dWrapperValve.java:720)
at
org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperVa
lve.java:118)
at
org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.j
ava:278)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.
java:274)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.
java:212)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
203)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.
java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission createClassLoader)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.ja
va:270)
at
java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:
542)
at
java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:607)
at java.lang.ClassLoader.(ClassLoader.java:243)
at javassist.ClassPool$LocalClassLoader.(ClassPool.java:347)
at javassist.ClassPool.(ClassPool.java:357)
... 24 more
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: java.security.policy woes [a little further]
Posted by Eric Schneider <er...@centralparksoftware.com>.
Hi,
It seems like i'm getting a little further.
After adding the following lines to the server's policy file:
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
I looks like the app is making it to the home page. Now, it's throwing a
new exception related to ognl.
Any Ideas on this one?
Thanks,
e.
Type: Exception Report
Message: Internal Server ErrorException
javax.servlet.ServletException: Unable to update expression '' of
org.apache.tapestry.link.ServiceLink$Enhance_1@6acad2[framework:Exception/
restart] to ExpressionBinding[framework:Exception
@org.apache.tapestry.Tapestry@RESTART_SERVICE].
at
org.apache.tapestry.engine.AbstractEngine.activateExceptionPage(AbstractEn
gine.java:480)
at
org.apache.tapestry.engine.AbstractEngine.service(AbstractEngine.java:914)
at
org.apache.tapestry.ApplicationServlet.doService(ApplicationServlet.java:
197)
at
org.apache.tapestry.ApplicationServlet.doGet(ApplicationServlet.java:158)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.catalina.core.StandardWrapperValve.invokeServletService(Standar
dWrapperValve.java:720)
at
org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperVa
lve.java:118)
at
org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.j
ava:278)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.
java:274)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.
java:212)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
203)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.
java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
Root Cause
org.apache.tapestry.ApplicationRuntimeException: Unable to update
expression '' of
org.apache.tapestry.link.ServiceLink$Enhance_1@6acad2[framework:Exception/
restart] to ExpressionBinding[framework:Exception
@org.apache.tapestry.Tapestry@RESTART_SERVICE].
at org.apache.tapestry.util.prop.OgnlUtils.set(OgnlUtils.java:105)
at org.apache.tapestry.util.prop.OgnlUtils.set(OgnlUtils.java:84)
at
org.apache.tapestry.AbstractComponent.setBinding(AbstractComponent.java:
654)
at org.apache.tapestry.pageload.PageLoader.bind(PageLoader.java:
354)
at
org.apache.tapestry.pageload.PageLoader.constructComponent(PageLoader.java
:498)
at
org.apache.tapestry.pageload.PageLoader.loadPage(PageLoader.java:764)
at
org.apache.tapestry.pageload.PageSource.getPage(PageSource.java:152)
at
org.apache.tapestry.engine.RequestCycle.getPage(RequestCycle.java:195)
at
org.apache.tapestry.engine.AbstractEngine.activateExceptionPage(AbstractEn
gine.java:453)
at
org.apache.tapestry.engine.AbstractEngine.service(AbstractEngine.java:914)
at
org.apache.tapestry.ApplicationServlet.doService(ApplicationServlet.java:
197)
at
org.apache.tapestry.ApplicationServlet.doGet(ApplicationServlet.java:158)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.catalina.core.StandardWrapperValve.invokeServletService(Standar
dWrapperValve.java:720)
at
org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperVa
lve.java:118)
at
org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.j
ava:278)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.
java:274)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.
java:212)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
203)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
505)
at
com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.
java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
Caused by: ognl.MethodFailedException: Method "setServiceBinding" failed
for object
org.apache.tapestry.link.ServiceLink$Enhance_1@6acad2[framework:Exception/
restart] [java.lang.IllegalAccessException: Method [public void
org.apache.tapestry.link.ServiceLink$Enhance_1.setServiceBinding(org.apach
e.tapestry.IBinding)] cannot be accessed.]
at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:561)
at ognl.OgnlRuntime.setMethodValue(OgnlRuntime.java:684)
at
ognl.ObjectPropertyAccessor.setPossibleProperty(ObjectPropertyAccessor.jav
a:76)
at
ognl.ObjectPropertyAccessor.setProperty(ObjectPropertyAccessor.java:132)
at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:1235)
at ognl.ASTProperty.setValueBody(ASTProperty.java:117)
at ognl.SimpleNode.setValue(SimpleNode.java:153)
at ognl.Ognl.setValue(Ognl.java:478)
at org.apache.tapestry.util.prop.OgnlUtils.set(OgnlUtils.java:101)
... 25 more
Quoting Eric Schneider <er...@centralparksoftware.com>:
> Hi,
>
> I'm testing a little Tapestry 3.0.1 app running on Sunone 7 app
> server
> (Servlet spec 2.3).
>
> The app server instance makes use of a policy file that stomps all
> over
> what Tapestry needs to do at Runtime. The app throws in
> ApplicationServlet.init() when trying to create a class pool (trace
> below).
>
> Just as a test, I tried removing the JVM option
> (-Djava.security.policy=/
> <BLAH>/config/server.policy), but it looks like sunone uses a default
>
> policy file if one isn't provided (I get the same exception).
>
> Unfortunately, I don't have a ton of experience with these policy
> files.
> There are a few different flavors of entries:
>
> grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {
> permission java.security.AllPermission;
> };
>
> grant {
> permission java.lang.RuntimePermission "loadLibrary.*";
> permission java.lang.RuntimePermission "queuePrintJob";
> permission java.net.SocketPermission "*", "connect";
> permission java.io.FilePermission "<<ALL FILES>>",
> "read,write";
> permission java.util.PropertyPermission "*", "read";
> permission java.lang.RuntimePermission "modifyThreadGroup";
> };
>
> grant {
> permission java.lang.RuntimePermission "accessDeclaredMembers";
> };
>
> Does anyone know how to format an entry to make the app server
> Tapestry
> friendly? I'd like to avoid putting my Tapestry related jars in a
> shared
> location.
>
> Thanks in advance.
> e.
>
> Type: Exception Report
>
> Message: Internal Server Error
>
>
> Exception
> javax.servlet.ServletException: Servlet execution threw an exception
> at
>
org.apache.catalina.core.StandardWrapperValve.invokeServletService(Standar
> dWrapperValve.java:742)
> at
>
org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperVa
> lve.java:118)
> at
>
org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.j
> ava:278)
> at java.security.AccessController.doPrivileged(Native
> Method)
> at
>
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.
> java:274)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
> 505)
> at
>
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.
> java:212)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
> 505)
> at
>
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
> 203)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
> 505)
> at
>
com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.
> java:157)
> at
> com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
>
>
>
> Root Cause
> java.lang.ExceptionInInitializerError
> at
>
org.apache.tapestry.enhance.javassist.EnhancedClassFactory.createClassPool
> (EnhancedClassFactory.java:57)
> at
>
org.apache.tapestry.enhance.javassist.EnhancedClassFactory.reset(EnhancedC
> lassFactory.java:69)
> at
>
org.apache.tapestry.enhance.javassist.EnhancedClassFactory.(EnhancedClassF
> actory.java:49)
> at
>
org.apache.tapestry.enhance.DefaultComponentClassEnhancer.createEnhancedCl
> assFactory(DefaultComponentClassEnhancer.java:72)
> at
>
org.apache.tapestry.enhance.DefaultComponentClassEnhancer.(DefaultComponen
> tClassEnhancer.java:66)
> at
>
org.apache.tapestry.engine.AbstractEngine.createComponentClassEnhancer(Abs
> tractEngine.java:2207)
> at
>
org.apache.tapestry.engine.AbstractEngine.setupForRequest(AbstractEngine.j
> ava:1262)
> at
> org.apache.tapestry.engine.AbstractEngine.service(AbstractEngine.java:
824)
> at
>
org.apache.tapestry.ApplicationServlet.doService(ApplicationServlet.java:
> 197)
> at
> org.apache.tapestry.ApplicationServlet.doGet(ApplicationServlet.java:
158)
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> at
>
org.apache.catalina.core.StandardWrapperValve.invokeServletService(Standar
> dWrapperValve.java:720)
> at
>
org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperVa
> lve.java:118)
> at
>
org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.j
> ava:278)
> at java.security.AccessController.doPrivileged(Native
> Method)
> at
>
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.
> java:274)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
> 505)
> at
>
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.
> java:212)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
> 505)
> at
>
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
> 203)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:
> 505)
> at
>
com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.
> java:157)
> at
> com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
> Caused by: java.security.AccessControlException: access denied
> (java.lang.RuntimePermission createClassLoader)
> at
>
java.security.AccessControlContext.checkPermission(AccessControlContext.ja
> va:270)
> at
> java.security.AccessController.checkPermission(AccessController.java:
401)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:
> 542)
> at
> java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:
607)
> at java.lang.ClassLoader.(ClassLoader.java:243)
> at javassist.ClassPool$LocalClassLoader.(ClassPool.java:347)
> at javassist.ClassPool.(ClassPool.java:357)
> ... 24 more
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tapestry-user-help@jakarta.apache.org
> --
Eric Schneider
Central Park Software, Inc.
http://www.centralparksoftware.com
eric@centralparksoftware.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org