[
https://issues.apache.org/jira/browse/BVAL-100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13198412#comment-13198412
]
Albert Lee commented on BVAL-100:
---------------------------------
After the first problem is fixed, there are a few more similar exceptions shown
below:
java.security.AccessControlException: Access denied (java.io.FilePermission
\C:\Users\leealber\tc\WASX\as\profiles\AppSrv01\installedApps\al
leetp2Node01Cell\ATestBean.ear\BVALTestBean.jar read)
at
java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at
com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:208)
at java.lang.SecurityManager.checkRead(SecurityManager.java:883)
at
com.ibm.ws.classloader.SinglePathClassProvider.check(SinglePathClassProvider.java:593)
at
com.ibm.ws.classloader.SinglePathClassProvider.checkURL(SinglePathClassProvider.java:577)
at
com.ibm.ws.classloader.SinglePathClassProvider.getResource(SinglePathClassProvider.java:569)
at
com.ibm.ws.classloader.CompoundClassLoader.findResources(CompoundClassLoader.java:1117)
at
com.ibm.ws.classloader.CompoundClassLoader.getResources(CompoundClassLoader.java:1081)
at
com.ibm.ws.classloader.CompoundClassLoader.getResources(CompoundClassLoader.java:1062)
at
org.apache.bval.jsr303.xml.ValidationParser.getInputStream(ValidationParser.java:121)
at
org.apache.bval.jsr303.xml.ValidationParser.applyMappingStreams(ValidationParser.java:252)
at
org.apache.bval.jsr303.xml.ValidationParser.applyConfig(ValidationParser.java:162)
at
org.apache.bval.jsr303.xml.ValidationParser.processValidationConfig(ValidationParser.java:82)
at
org.apache.bval.jsr303.ConfigurationImpl.parseValidationXml(ConfigurationImpl.java:262)
at
org.apache.bval.jsr303.ConfigurationImpl.prepare(ConfigurationImpl.java:252)
at
org.apache.bval.jsr303.ConfigurationImpl.buildValidatorFactory(ConfigurationImpl.java:242)
at
javax.validation.Validation.buildDefaultValidatorFactory(Validation.java:50)
at
com.ibm.websphere.beanvalidation.fat.app.utilities.BeanHelper.resolveValidatorfactory(BeanHelper.java:80)
java.security.AccessControlException: Access denied
(org.osgi.framework.AdminPermission (id=76) resolve,resource)
at
java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at
com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:208)
at
org.eclipse.osgi.framework.internal.core.BundleResourceHandler.checkAuthorization(BundleResourceHandler.java:289)
at
org.eclipse.osgi.framework.internal.core.BundleResourceHandler.parseURL(BundleResourceHandler.java:128)
at java.net.URL.<init>(URL.java:608)
at java.net.URL.<init>(URL.java:476)
at java.net.URL.<init>(URL.java:425)
at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown
Source)
at
org.apache.xerces.impl.XMLVersionDetector.determineDocVersion(Unknown Source)
at org.apache.xerces.impl.xs.opti.SchemaParsingConfig.parse(Unknown
Source)
at org.apache.xerces.impl.xs.opti.SchemaParsingConfig.parse(Unknown
Source)
at org.apache.xerces.impl.xs.opti.SchemaDOMParser.parse(Unknown Source)
at
org.apache.xerces.impl.xs.traversers.XSDHandler.getSchemaDocument(Unknown
Source)
at org.apache.xerces.impl.xs.traversers.XSDHandler.parseSchema(Unknown
Source)
at org.apache.xerces.impl.xs.XMLSchemaLoader.loadSchema(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaLoader.loadGrammar(Unknown Source)
at org.apache.xerces.impl.xs.XMLSchemaLoader.loadGrammar(Unknown Source)
at org.apache.xerces.jaxp.validation.XMLSchemaFactory.newSchema(Unknown
Source)
at javax.xml.validation.SchemaFactory.newSchema(Unknown Source)
at javax.xml.validation.SchemaFactory.newSchema(Unknown Source)
at
org.apache.bval.jsr303.xml.ValidationParser.getSchema(ValidationParser.java:159)
at
org.apache.bval.jsr303.xml.ValidationParser.getSchema(ValidationParser.java:145)
at
org.apache.bval.jsr303.xml.ValidationParser.parseXmlConfig(ValidationParser.java:99)
at
org.apache.bval.jsr303.xml.ValidationParser.processValidationConfig(ValidationParser.java:82)
at
org.apache.bval.jsr303.ConfigurationImpl.parseValidationXml(ConfigurationImpl.java:262)
at
org.apache.bval.jsr303.ConfigurationImpl.prepare(ConfigurationImpl.java:252)
at
org.apache.bval.jsr303.ConfigurationImpl.buildValidatorFactory(ConfigurationImpl.java:242)
at
javax.validation.Validation.buildDefaultValidatorFactory(Validation.java:50)
at
com.ibm.websphere.beanvalidation.fat.app.utilities.BeanHelper.resolveValidatorfactory(BeanHelper.java:80)
java.security.AccessControlException: Access denied (java.io.FilePermission
\C:\Users\leealber\tc\WASX\as\profiles\AppSrv01\installedApps\al
leetp2Node01Cell\ATestBean.ear\BVALTestBean.jar read)
at
java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at
com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:208)
at java.lang.SecurityManager.checkRead(SecurityManager.java:883)
at
com.ibm.ws.classloader.SinglePathClassProvider.check(SinglePathClassProvider.java:593)
at
com.ibm.ws.classloader.SinglePathClassProvider.checkURL(SinglePathClassProvider.java:577)
at
com.ibm.ws.classloader.SinglePathClassProvider.getResource(SinglePathClassProvider.java:569)
at
com.ibm.ws.classloader.CompoundClassLoader.findResource(CompoundClassLoader.java:1018)
at
com.ibm.ws.classloader.CompoundClassLoader.getResource(CompoundClassLoader.java:974)
at
com.ibm.ws.classloader.CompoundClassLoader.getResourceAsStream(CompoundClassLoader.java:1155)
at
org.apache.bval.jsr303.xml.ValidationParser.getInputStream(ValidationParser.java:119)
at
org.apache.bval.jsr303.xml.ValidationParser.applyMappingStreams(ValidationParser.java:263)
at
org.apache.bval.jsr303.xml.ValidationParser.applyConfig(ValidationParser.java:173)
at
org.apache.bval.jsr303.xml.ValidationParser.processValidationConfig(ValidationParser.java:84)
at
org.apache.bval.jsr303.ConfigurationImpl.parseValidationXml(ConfigurationImpl.java:262)
at
org.apache.bval.jsr303.ConfigurationImpl.prepare(ConfigurationImpl.java:252)
at
org.apache.bval.jsr303.ConfigurationImpl.buildValidatorFactory(ConfigurationImpl.java:242)
at
javax.validation.Validation.buildDefaultValidatorFactory(Validation.java:50)
at
com.ibm.websphere.beanvalidation.fat.app.utilities.BeanHelper.resolveValidatorfactory(BeanHelper.java:80)
at
com.ibm.websphere.beanvalidation.fat.app.utilities.BeanHelper.getValidatorFactory(BeanHelper.java:63)
at
com.ibm.websphere.beanvalidation.fat.app.utilities.BeanHelper.getValidator(BeanHelper.java:51)
at
com.ibm.websphere.beanvalidation.fat.app.utilities.BeanHelper.validate(BeanHelper.java:108)
at
com.ibm.websphere.beanvalidation.fat.app.ATestBean.checkValidation(ATestBean.java:95)
at
com.ibm.websphere.beanvalidation.fat.app.EJSRemote0SLATestBean_69fd99a1.checkValidation(EJSRemote0SLATestBean_69fd99a1.java)
at
com.ibm.websphere.beanvalidation.fat.app._EJSRemote0SLATestBean_69fd99a1_Tie.checkValidation(_EJSRemote0SLATestBean_69fd99a1_Tie.
java)
at
com.ibm.websphere.beanvalidation.fat.app._EJSRemote0SLATestBean_69fd99a1_Tie._invoke(_EJSRemote0SLATestBean_69fd99a1_Tie.java)
at
com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:661)
at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:515)
at com.ibm.rmi.iiop.ORB.process(ORB.java:517)
at com.ibm.CORBA.iiop.ORB.process(ORB.java:1575)
at com.ibm.rmi.iiop.Connection.doRequestWork(Connection.java:2965)
at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2848)
at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:64)
at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:118)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1783)
I have reworked and cleaned up a few parts to enable the doPriv in these
exception paths. I shall post another patch which fixed all of these exceptions.
> Java2 Security AccessControlException after moving to use common-lang3
> ----------------------------------------------------------------------
>
> Key: BVAL-100
> URL: https://issues.apache.org/jira/browse/BVAL-100
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.4-incubating
> Reporter: Albert Lee
> Priority: Minor
> Labels: security
> Fix For: 0.4-incubating
>
> Attachments: BVAL-100.patch
>
>
> Encountered the following exception when Java 2 security is enabled in an
> application server. This is caused after switching the use common-lang from
> 2.4 to 3.1 pacakge.
> java.security.AccessControlException: Access denied
> (java.lang.RuntimePermission getClassLoader)
> at
> java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at
> com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:208)
> at java.lang.Thread.getContextClassLoader(Thread.java:470)
> at org.apache.commons.lang3.StringUtils.<clinit>(StringUtils.java:717)
> at java.lang.J9VMInternals.initializeImpl(Native Method)
> at java.lang.J9VMInternals.initialize(J9VMInternals.java:228)
> at
> org.apache.commons.lang3.ClassUtils.toCanonicalName(ClassUtils.java:923)
> at org.apache.commons.lang3.ClassUtils.getClass(ClassUtils.java:792)
> at
> org.apache.bval.jsr303.resolver.DefaultTraversableResolver.initJpa(DefaultTraversableResolver.java:78)
> at
> org.apache.bval.jsr303.resolver.DefaultTraversableResolver.<init>(DefaultTraversableResolver.java:50)
> at
> org.apache.bval.jsr303.ConfigurationImpl.<init>(ConfigurationImpl.java:76)
> at
> org.apache.bval.jsr303.ApacheValidationProvider.createGenericConfiguration(ApacheValidationProvider.java:66)
> at
> javax.validation.Validation$GenericBootstrapImpl.configure(Validation.java:173)
> at
> javax.validation.Validation.buildDefaultValidatorFactory(Validation.java:50)
> at
> com.ibm.websphere.beanvalidation.fat.app.utilities.BeanHelper.resolveValidatorfactory(BeanHelper.java:80)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
