You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by bu...@apache.org on 2003/05/07 00:28:29 UTC
DO NOT REPLY [Bug 19709] New: -
Struts fails to start with SecurityException on ENSIM linux box
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19709>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19709
Struts fails to start with SecurityException on ENSIM linux box
Summary: Struts fails to start with SecurityException on ENSIM
linux box
Product: Struts
Version: 1.1 RC1
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: Controller
AssignedTo: struts-dev@jakarta.apache.org
ReportedBy: denis.balazuc@videotron.ca
I am deploying a Struts 1.1 application on an ENSIM-based Linux box,
and Struts action servlet fails to start for a SecurityException reason.
This only happens on an ENSIM box. Same settings
First, I am not sure this bug report is sent to the relevant group since the
error happens in org.apache.commons.beanutils.MappedPropertyDescriptor
from a getPublicDeclaredMethod() (apparently).
Since it happened after I switched from Struts 1.02 to 1.1RC1, and during a
Struts action servlet init(), I have posted it here.
Then, I am not even sure it is a Struts or Commons related bug.
but I have found no literature about that particular issue, either through docs
or searching the internet. So...
SUMMARY
It *seems* that the MappedPropertyDescriptor does some introspection on some
classes installed by the web engine.
On the box I am using, there is apparently some security restrictions imposed
on this (since the JVM is shared probably...), which makes the Struts action
servlet init() method to fail and propagate a SecurityException.
(STACKTRACE SNIPPET)
>>at org.apache.struts.action.ActionServlet.initModulePlugIns
(ActionServlet.java:1096)
>>at org.apache.struts.action.ActionServlet.init(ActionServlet.java:468)
I don't know what the JSP specifications say about this, but I believe that it
is either a usual security rule enforced on the JVM (hence a bug)
or, on the other way around, a security rule that should not be there
(you can close this ticket right away in this case).
Moreover it is only reproduceable using this particular linux flavor.
Please dont hesitate to contact me for further details or any help I can
provide.
(details follow)
SYSTEM SPECS:
-- Since I dont have root access, I am not exactly sure about the whole box but:
ENSIM v3.1.1-10 (http://www.ensim.com).
Installed Tomcat is 4.0.?
java version "1.4.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92)
Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode)
Struts 1.1 RC1 with Tiles
-- Note the same exact webapp works fine on a local env with no particular JVM
or Tomcat settings:
Win32 (Win2K)
Tomcat 4.0.6
JDK 1.4.0
Struts 1.1 RC1
WEB.XML (not of great interest...)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>Traquenard</display-name>
<description>Traquenard.Net</description>
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>validating</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
<taglib>
<taglib-uri>/WEB-INF/xtags.tld</taglib-uri>
<taglib-location>/WEB-INF/xtags.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-html.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-templates.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-templates.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-tiles.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-tiles.tld</taglib-location>
</taglib>
</web-app>
STRUTS-CONFIG.XML (Module : Tiles)
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE struts-config PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
"http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd" [
<!ENTITY amp "&">
]
>
<struts-config>
<form-beans>
</form-beans>
<global-forwards type="org.apache.struts.action.ActionForward">
</global-forwards>
<action-mappings>
<action path="/home"
forward="page.traquenard.index"/>
<action path="/calvin"
forward="page.traquenard.calvin"/>
<action path="/members"
forward="page.traquenard.members"/>
</action-mappings>
<controller
processorClass="org.apache.struts.action.RequestProcessor"
debug="1"
locale="true"
contentType="text/html"/>
<message-resources
parameter="traquenard"
key="traquenard"
null="false"/>
<plug-in className="org.apache.struts.tiles.TilesPlugin" >
<set-property property="definitions-config" value="/WEB-INF/tiles-
config.xml" />
<set-property property="definitions-parser-validate" value="true" />
<set-property property="definitions-debug" value="2" />
<set-property property="moduleAware" value="true" />
</plug-in>
</struts-config>
TILES-CONFIG.XML
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE tiles-definitions PUBLIC
"-//Apache Software Foundation//DTD Tiles Configuration 1.1//EN"
"http://jakarta.apache.org/struts/dtds/tiles-config_1_1.dtd">
<tiles-definitions>
<definition name="page.traquenard.template" path="/WEB-
INF/jsp/template.jsp">
<put name="title" value=""/>
<put name="stylesheet" value="traquenard.css"/>
<put name="top" value="/WEB-INF/jsp/top.jsp"/>
<put name="bottom" value="/WEB-INF/jsp/team/content.jsp"/>
<put name="ticker" value="/WEB-INF/jsp/team/ticker.jsp"/>
<put name="menu" value="/WEB-INF/jsp/menu.jsp"/>
</definition>
<definition name="page.traquenard.index" extends="page.traquenard.template">
<put name="title" value="page.index.title"/>
<put name="body" value="/WEB-INF/jsp/index.jsp"/>
<put name="menu-xml" value="/WEB-INF/jsp/index.xml" direct="true"/>
</definition>
<definition name="page.traquenard.quotes"
extends="page.traquenard.template">
<put name="title" value="page.quotes.title"/>
<put name="body" value="/WEB-INF/jsp/calvin/quotes.jsp"/>
<put name="menu-xml" value="/WEB-INF/jsp/index.xml" direct="true"/>
</definition>
<definition name="page.traquenard.members"
extends="page.traquenard.template">
<put name="title" value="page.members.title"/>
<put name="body" value="/WEB-INF/jsp/members.jsp"/>
<put name="menu-xml" value="/WEB-INF/jsp/index.xml" direct="true"/>
</definition>
</tiles-definitions>
FULL STACKTRACE
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:270)
at java.security.AccessController.checkPermission
(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkMemberAccess
(SecurityManager.java:1662)
at java.lang.Class.checkMemberAccess(Class.java:1401)
at java.lang.Class.getDeclaredMethods(Class.java:1101)
at org.apache.commons.beanutils.MappedPropertyDescriptor$1.run
(MappedPropertyDescriptor.java:386)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.commons.beanutils.MappedPropertyDescriptor.getPublicDeclaredMethods
(MappedPropertyDescriptor.java:383)
at
org.apache.commons.beanutils.MappedPropertyDescriptor.internalFindMethod
(MappedPropertyDescriptor.java:453)
at org.apache.commons.beanutils.MappedPropertyDescriptor.findMethod
(MappedPropertyDescriptor.java:527)
at org.apache.commons.beanutils.MappedPropertyDescriptor.<init>
(MappedPropertyDescriptor.java:149)
at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor
(PropertyUtils.java:907)
at org.apache.commons.beanutils.BeanUtils.setProperty
(BeanUtils.java:934)
at org.apache.commons.beanutils.BeanUtils.populate(BeanUtils.java:808)
at org.apache.struts.action.ActionServlet.initModulePlugIns
(ActionServlet.java:1096)
at org.apache.struts.action.ActionServlet.init(ActionServlet.java:468)
at javax.servlet.GenericServlet.init(GenericServlet.java:258)
at org.apache.catalina.core.StandardWrapper.loadServlet
(StandardWrapper.java:916)
at org.apache.catalina.core.StandardWrapper.load
(StandardWrapper.java:808)
at org.apache.catalina.core.StandardContext.loadOnStartup
(StandardContext.java:3266)
at org.apache.catalina.core.StandardContext.start
(StandardContext.java:3395)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:614)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
at org.apache.catalina.core.StandardEngine.start
(StandardEngine.java:343)
at org.apache.catalina.core.StandardService.start
(StandardService.java:388)
at org.apache.catalina.core.StandardServer.start
(StandardServer.java:506)
at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
2003-05-06 08:58:58 StandardWrapper[:action]: Marking servlet action as
unavailable
2003-05-06 08:58:58 StandardContext[]: Servlet threw load() exception
javax.servlet.UnavailableException
at org.apache.struts.action.ActionServlet.initModulePlugIns
(ActionServlet.java:1112)
at org.apache.struts.action.ActionServlet.init(ActionServlet.java:468)
at javax.servlet.GenericServlet.init(GenericServlet.java:258)
at org.apache.catalina.core.StandardWrapper.loadServlet
(StandardWrapper.java:916)
at org.apache.catalina.core.StandardWrapper.load
(StandardWrapper.java:808)
at org.apache.catalina.core.StandardContext.loadOnStartup
(StandardContext.java:3266)
at org.apache.catalina.core.StandardContext.start
(StandardContext.java:3395)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:614)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
at org.apache.catalina.core.StandardEngine.start
(StandardEngine.java:343)
at org.apache.catalina.core.StandardService.start
(StandardService.java:388)
at org.apache.catalina.core.StandardServer.start
(StandardServer.java:506)
at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-dev-help@jakarta.apache.org