You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "kesava (Created) (JIRA)" <ji...@apache.org> on 2012/01/24 18:54:40 UTC
[jira] [Created] (OGNL-47) CLONE - Unable to use Struts 2.3.1.2
appliation with OGNL 3.0.3 by enabling security manager but same
application works with OGNL 3.0.4
CLONE - Unable to use Struts 2.3.1.2 appliation with OGNL 3.0.3 by enabling security manager but same application works with OGNL 3.0.4
---------------------------------------------------------------------------------------------------------------------------------------
Key: OGNL-47
URL: https://issues.apache.org/jira/browse/OGNL-47
Project: Commons OGNL
Issue Type: Bug
Reporter: kesava
Priority: Blocker
Unable to use Struts 2.3.1.1 application with OGNL 3.0.3 by enabling security manager but same application works with OGNL 3.0.2.
Steps to reproduce
1.Enable security manager
2.Load the app
Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
File: ObjectPropertyAccessor.java
Method: getPossibleProperty
Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
at ognl.SimpleNode.getValue(SimpleNode.java:258)
at ognl.Ognl.getValue(Ognl.java:494)
at ognl.Ognl.getValue(Ognl.java:458)
at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.Template.merge(Template.java:328)
at org.apache.velocity.Template.merge(Template.java:235)
at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:662)
Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
... 266 more
Caused by: java.lang.NullPointerException: permission can't be null
at java.security.AccessController.checkPermission(AccessController.java:517)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
... 270 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (OGNL-47) Unable to use Struts
2.3.1.2 application with OGNL 3.0.4 by enabling security manager
Posted by "Philippe Eymann (Issue Comment Edited) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196872#comment-13196872 ]
Philippe Eymann edited comment on OGNL-47 at 1/31/12 12:50 PM:
---------------------------------------------------------------
Hi Maurizio,
I think that this issue is mainly related to a problem with Struts 2.3.1, and the "official" OGNL release which is bundled with this version of Struts is the 3.0.4, see [this link on the Stuts official page|http://newverhost.com/pub//struts/library/struts-2.3.1.2-lib.zip]. The code extracts I provided are from the 3.0.4 version.
Is there any more recent released version of the OGNL jar which contains the current (SVN trunk) OgnlRuntime class ? I didn't find any download link on the Apache site.
Regards,
Philippe
was (Author: p.eymann):
Hi Maurizio,
I think that this issue is mainly related to a problem with Struts 2.3.1, and the "official" OGNL release which is bundled with this version of Struts is the 3.0.4, see [this link on the Stuts official page|http://newverhost.com/pub//struts/library/struts-2.3.1.2-lib.zip].
Is there any more recent released version of the OGNL jar which contains the current (SVN trunk) OgnlRuntime class ? I didn't find any download link on the Apache site.
Regards,
Philippe
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> --------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> {noformat}
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OGNL-47) Unable to use Struts 2.3.1.2
application with OGNL 3.0.4 by enabling security manager
Posted by "Philippe Eymann (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196803#comment-13196803 ]
Philippe Eymann commented on OGNL-47:
-------------------------------------
I think the problem comes from the "getPermission(Method method)" method in the OGNLRuntime class.
See comments in the code extract below :
{code:title=getPermission() method|borderStyle=solid}
public static Permission getPermission(Method method)
{
// #1 : result setup as null
Permission result = null;
Class mc = method.getDeclaringClass();
Map permissions = (Map) _invokePermissionCache.get(mc);
// #2 If permissions object is not null, then result is always null, see #3 below
if (permissions == null) { // start-if permissions == null
synchronized (_invokePermissionCache) {
permissions = (Map) _invokePermissionCache.get(mc);
if (permissions == null) {
_invokePermissionCache.put(mc, permissions = new HashMap(101));
}
// #3 This bloc is never called if permissions is not null
if ((result = (Permission) permissions.get(method.getName())) == null) {
result = new OgnlInvokePermission("invoke." + mc.getName() + "." + method.getName());
permissions.put(method.getName(), result);
}
}
} // end-if permissions = null
return result;
}
{code}
One way to solve this would be to code the following :
{code}
public static Permission getPermission(Method method)
{
Permission result = null;
Class mc = method.getDeclaringClass();
Map permissions = (Map) _invokePermissionCache.get(mc);
if (permissions == null) {
synchronized (_invokePermissionCache) {
permissions = (Map) _invokePermissionCache.get(mc);
if (permissions == null) {
_invokePermissionCache.put(mc, permissions = new HashMap(101));
}
}
}
synchronized (permissions) {
if ((result = (Permission) permissions.get(method.getName())) == null) {
result = new OgnlInvokePermission("invoke." + mc.getName() + "." + method.getName());
permissions.put(method.getName(), result);
}
}
return result;
}
{code}
Hope it helps.
Philippe
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> --------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> {noformat}
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OGNL-47) Unable to use Struts 2.3.1.2
application with OGNL 3.0.4 by enabling security manager
Posted by "kesava (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13197033#comment-13197033 ]
kesava commented on OGNL-47:
----------------------------
Basically, you need to enable security manager to reproduce the issue, so that you will be able to reproduce.By default security manager is disabled. Please enable on tomcat webapp as mentioned below ,
Stop all Tomcat instances/service. Open the "tomcat monitor" application and open the "configure" pop-up/window. Or open the "Configure Tomcat" application. On this window there is a "Java" tab, go there.
Within the Java tab there is a text box for Java Options, in this text box append the following:
-Djava.security.manager
-Djava.security.policy=<path_to_security_policy_file>
The standard Tomcat policy is located in Tomcat's conf/catalina.policy file, but you're free to specify whatever location you are using.
http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
http://www.coderanch.com/t/86057/Tomcat/enable-Security-Manager-per-web
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> --------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> {noformat}
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OGNL-47) Unable to use Struts 2.3.1.2
appliation with OGNL 3.0.4 by enabling security manager
Posted by "Maurizio Cucchiara (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13192843#comment-13192843 ]
Maurizio Cucchiara commented on OGNL-47:
----------------------------------------
Hi Kesave and thank you for the issue submission.
Could you provide some more details? like for example how did you enable security manager? Are you using tomcat?
> Unable to use Struts 2.3.1.2 appliation with OGNL 3.0.4 by enabling security manager
> -------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (OGNL-47) Unable to use Struts 2.3.1.2 application
with OGNL 3.0.4 by enabling security manager
Posted by "Maurizio Cucchiara (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maurizio Cucchiara updated OGNL-47:
-----------------------------------
Description:
Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
Steps to reproduce
1.Enable security manager
2.Load the app
{noformat}
Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
File: ObjectPropertyAccessor.java
Method: getPossibleProperty
Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
at ognl.SimpleNode.getValue(SimpleNode.java:258)
at ognl.Ognl.getValue(Ognl.java:494)
at ognl.Ognl.getValue(Ognl.java:458)
at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.Template.merge(Template.java:328)
at org.apache.velocity.Template.merge(Template.java:235)
at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:662)
Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
... 266 more
Caused by: java.lang.NullPointerException: permission can't be null
at java.security.AccessController.checkPermission(AccessController.java:517)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
... 270 more
{noformat}
was:
Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
Steps to reproduce
1.Enable security manager
2.Load the app
Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
File: ObjectPropertyAccessor.java
Method: getPossibleProperty
Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
at ognl.SimpleNode.getValue(SimpleNode.java:258)
at ognl.Ognl.getValue(Ognl.java:494)
at ognl.Ognl.getValue(Ognl.java:458)
at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.Template.merge(Template.java:328)
at org.apache.velocity.Template.merge(Template.java:235)
at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:662)
Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
... 266 more
Caused by: java.lang.NullPointerException: permission can't be null
at java.security.AccessController.checkPermission(AccessController.java:517)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
... 270 more
Summary: Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager (was: Unable to use Struts 2.3.1.2 appliation with OGNL 3.0.4 by enabling security manager )
Corrected typo and minor format
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> --------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> {noformat}
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OGNL-47) Unable to use Struts 2.3.1.2
application with OGNL 3.0.4 by enabling security manager
Posted by "Philippe Eymann (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196872#comment-13196872 ]
Philippe Eymann commented on OGNL-47:
-------------------------------------
Hi Maurizio,
I think that this issue is mainly related to a problem with Struts 2.3.1, and the "official" OGNL release which is bundled with this version of Struts is the 3.0.4, see [this link on the Stuts official page|http://newverhost.com/pub//struts/library/struts-2.3.1.2-lib.zip].
Is there any more recent released version of the OGNL jar which contains the current (SVN trunk) OgnlRuntime class ? I didn't find any download link on the Apache site.
Regards,
Philippe
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> --------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> {noformat}
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OGNL-47) Unable to use Struts 2.3.1.2
application with OGNL 3.0.4 by enabling security manager
Posted by "Maurizio Cucchiara (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13201235#comment-13201235 ]
Maurizio Cucchiara commented on OGNL-47:
----------------------------------------
OK,
I enabled the SecurityManager on Tomcat, but instead of following exactly your advice:
# I added to the default catalina.policy the following permission: {{permission java.security.AllPermission}} (sorry but I have no time to check all security vars to enable in order to allow Struts2 app to work out)
# I started tomcat with the following cmd: {{$(CATALINA_HOME)/bin/catalina.sh run -security}}
I used [the blank app|https://builds.apache.org/job/Struts2/lastBuild/org.apache.struts$struts2-blank/] present on the latest Struts2 snapshot.
Unfortunately I'm not still able to reproduce this issue.
It would seem something related with your environment/configuration.
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> --------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> {noformat}
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OGNL-47) Unable to use Struts 2.3.1.2
application with OGNL 3.0.4 by enabling security manager
Posted by "Maurizio Cucchiara (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13197010#comment-13197010 ]
Maurizio Cucchiara commented on OGNL-47:
----------------------------------------
Be aware that the 3.0.4 version of OGNL is not Commons OGNL. The old OGNL version is deprecated and will be replaced with the commons one ASAP.
So, again, the question is: is there a way to reproduce the issue, such that I can test if it affects the Commons version of OGNL?
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> --------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> {noformat}
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OGNL-47) Unable to use Struts 2.3.1.2
application with OGNL 3.0.4 by enabling security manager
Posted by "Maurizio Cucchiara (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196839#comment-13196839 ]
Maurizio Cucchiara commented on OGNL-47:
----------------------------------------
Hi Philippe,
unfortunately the solution you provided is not against the [current Commons OGNL version|http://svn.apache.org/viewvc/commons/proper/ognl/trunk/src/main/java/org/apache/commons/ognl/OgnlRuntime.java?view=markup].
This is the reason why I asked the OP for a way to reproduce the problem.
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> --------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> {noformat}
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (OGNL-177) Unable to use Struts 2.3.1.2
application with OGNL 3.0.4 by enabling security manager
Posted by "Lukasz Lenart (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13482964#comment-13482964 ]
Lukasz Lenart commented on OGNL-177:
------------------------------------
Is it related to WW-3746 ? If so the problem is already solved with OGNL 3.0.5 - https://github.com/jkuhnert/ognl
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> --------------------------------------------------------------------------------------
>
> Key: OGNL-177
> URL: https://issues.apache.org/jira/browse/OGNL-177
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> {noformat}
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (OGNL-47) CLONE - Unable to use Struts 2.3.1.2
appliation with OGNL 3.0.4 by enabling security manager
Posted by "kesava (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
kesava updated OGNL-47:
-----------------------
Description:
Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
Steps to reproduce
1.Enable security manager
2.Load the app
Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
File: ObjectPropertyAccessor.java
Method: getPossibleProperty
Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
at ognl.SimpleNode.getValue(SimpleNode.java:258)
at ognl.Ognl.getValue(Ognl.java:494)
at ognl.Ognl.getValue(Ognl.java:458)
at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.Template.merge(Template.java:328)
at org.apache.velocity.Template.merge(Template.java:235)
at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:662)
Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
... 266 more
Caused by: java.lang.NullPointerException: permission can't be null
at java.security.AccessController.checkPermission(AccessController.java:517)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
... 270 more
was:
Unable to use Struts 2.3.1.1 application with OGNL 3.0.3 by enabling security manager but same application works with OGNL 3.0.2.
Steps to reproduce
1.Enable security manager
2.Load the app
Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
File: ObjectPropertyAccessor.java
Method: getPossibleProperty
Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
at ognl.SimpleNode.getValue(SimpleNode.java:258)
at ognl.Ognl.getValue(Ognl.java:494)
at ognl.Ognl.getValue(Ognl.java:458)
at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
at org.apache.velocity.Template.merge(Template.java:328)
at org.apache.velocity.Template.merge(Template.java:235)
at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:662)
Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
... 266 more
Caused by: java.lang.NullPointerException: permission can't be null
at java.security.AccessController.checkPermission(AccessController.java:517)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
... 270 more
Summary: CLONE - Unable to use Struts 2.3.1.2 appliation with OGNL 3.0.4 by enabling security manager (was: CLONE - Unable to use Struts 2.3.1.2 appliation with OGNL 3.0.3 by enabling security manager but same application works with OGNL 3.0.4)
> CLONE - Unable to use Struts 2.3.1.2 appliation with OGNL 3.0.4 by enabling security manager
> ---------------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (OGNL-47) Unable to use Struts 2.3.1.2 appliation
with OGNL 3.0.4 by enabling security manager
Posted by "kesava (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
kesava updated OGNL-47:
-----------------------
Summary: Unable to use Struts 2.3.1.2 appliation with OGNL 3.0.4 by enabling security manager (was: CLONE - Unable to use Struts 2.3.1.2 appliation with OGNL 3.0.4 by enabling security manager )
> Unable to use Struts 2.3.1.2 appliation with OGNL 3.0.4 by enabling security manager
> -------------------------------------------------------------------------------------
>
> Key: OGNL-47
> URL: https://issues.apache.org/jira/browse/OGNL-47
> Project: Commons OGNL
> Issue Type: Bug
> Reporter: kesava
> Priority: Blocker
>
> Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
> Steps to reproduce
> 1.Enable security manager
> 2.Load the app
> Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor
> File: ObjectPropertyAccessor.java
> Method: getPossibleProperty
> Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
> at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
> at ognl.SimpleNode.getValue(SimpleNode.java:258)
> at ognl.Ognl.getValue(Ognl.java:494)
> at ognl.Ognl.getValue(Ognl.java:458)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222)
> at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284)
> at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286)
> at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843)
> at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222)
> at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507)
> at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263)
> at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175)
> at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
> at org.apache.velocity.Template.merge(Template.java:328)
> at org.apache.velocity.Template.merge(Template.java:235)
> at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79)
> at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:176)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.MessageStoreInterceptor.intercept(MessageStoreInterceptor.java:194)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
> at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.EntityActionInterceptor.intercept(EntityActionInterceptor.java:32)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.RolesSecurityInterceptor.intercept(RolesSecurityInterceptor.java:118)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:211)
> at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:190)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.exception.ExceptionWrapperInterceptor.intercept(ExceptionWrapperInterceptor.java:29)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at com.sony.sce.producttool.web.interceptor.HibernateValidationResponseInterceptor.intercept(HibernateValidationResponseInterceptor.java:64)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:243)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.interceptor.CookieInterceptor.intercept(CookieInterceptor.java:240)
> at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:249)
> at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
> at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:510)
> at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)
> at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)
> at sun.reflect.GeneratedMethodAccessor68.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:102)
> at sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369)
> at com.sony.sce.producttool.web.Log4jMDCFilter.doFilter(Log4jMDCFilter.java:71)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.snei.common.security.SessionIpBindingFilter.doFilter(SessionIpBindingFilter.java:114)
> at sun.reflect.GeneratedMethodAccessor63.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.LocaleFilter.doFilter(LocaleFilter.java:96)
> at sun.reflect.GeneratedMethodAccessor62.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.BaseTransactionInViewFilter.doFilter(BaseTransactionInViewFilter.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.util.hibernate.OpenLocalSessionInViewFilter.doFilter(OpenLocalSessionInViewFilter.java:106)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.sce.producttool.web.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:50)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at com.sony.soe.platform.common.web.i18n.UTF8Filter.doFilter(UTF8Filter.java:22)
> at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:52)
> at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:171)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:581)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:662)
> Caused by: ognl.OgnlException: serviceProviders [java.lang.NullPointerException: permission can't be null]
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:69)
> at ognl.ObjectPropertyAccessor.getProperty(ObjectPropertyAccessor.java:147)
> at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.getProperty(ObjectAccessor.java:17)
> at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303)
> at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:137)
> ... 266 more
> Caused by: java.lang.NullPointerException: permission can't be null
> at java.security.AccessController.checkPermission(AccessController.java:517)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:834)
> at ognl.OgnlRuntime.getMethodValue(OgnlRuntime.java:1441)
> at ognl.ObjectPropertyAccessor.getPossibleProperty(ObjectPropertyAccessor.java:60)
> ... 270 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira