[ http://issues.apache.org/jira/browse/TAPESTRY-1011?page=comments#action_12449539 ] lionel gomez commented on TAPESTRY-1011: ----------------------------------------
Proposed fix in bug TAPESTRY-1148 > Securyty violation in secure JVM > -------------------------------- > > Key: TAPESTRY-1011 > URL: http://issues.apache.org/jira/browse/TAPESTRY-1011 > Project: Tapestry > Issue Type: Bug > Components: Framework > Affects Versions: 4.0.1 > Environment: IBM WebSphere 5.0 with J2EE Security ON and Enforce Java > Security > Reporter: Renat Zubairov > > I have a serious issue with Tapestry/HiveMind classloading, when new classes > are created with Javaassist and loaded, protection domain is not associated > with them, this significant issue prevents Tapestry/HiveMind application from > working in the secure environments like WebSphere (security ON) and I guess > we will have the same problems in secure Tomcat as well. > After some invistigations I've found similar problems were reported against > Tap 3.0: > http://issues.apache.org/bugzilla/show_bug.cgi?id=28202 > http://mail-archives.apache.org/mod_mbox/jakarta-tapestry-dev/200404.mbox/[EMAIL > PROTECTED] > I think it was fixed but most probably this fix wasn't transfered to the Tap > 4. > I have seen this problem in many cases like OGLN expression validation, > Loading resources from the ZIP files, etc. What is common is that WebSphere > can't find a protection domain for given classes because I think it wasn't > associated with them during class loading time. > Could you plase check it. Thank you. > For more information please see the stack trace (quite long one) > [7/15/06 15:22:41:049 CEST] 6642251f SecurityManag W SECJ0314W: Current Java > 2 Security policy reported a potential violation of Java 2 Security > Permission. > Please refer to Problem Determination Guide for further information. > Permission: > > /opt/WebSphere/AppServer/installedApps/servernameNetwork/sjrthr.ear/sjrtpg.war/WEB-INF/lib/tapestry-4.1.jar > : access denied (java.io.FilePermission /opt/We > bSphere/AppServer/installedApps/servernameNetwork/sjrthr.ear/sjrtpg.war/WEB-INF/lib/tapestry-4.1.jar > read) > Code: > $ApplicationInitializer_10c725a4dba in {null code URL} > Stack Trace: > java.security.AccessControlException: access denied (java.io.FilePermission > /opt/WebSphere/AppServer/installedApps/servernameNetwork/sjrthr.ear/sjrtpg.war/WEB-IN > F/lib/tapestry-4.1.jar read) > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java(Compiled > Code)) > at > java.security.AccessController.checkPermission(AccessController.java(Compiled > Code)) > at > java.lang.SecurityManager.checkPermission(SecurityManager.java(Compiled Code)) > at > com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java(Compiled > Code)) > at java.lang.SecurityManager.checkRead(SecurityManager.java(Compiled > Code)) > at java.util.zip.ZipFile.<init>(ZipFile.java(Compiled Code)) > at java.util.zip.ZipFile.<init>(ZipFile.java(Inlined Compiled Code)) > at > com.ibm.ws.classloader.Handler$ClassLoaderURLConnection.getInputStream(Handler.java(Compiled > Code)) > at java.net.URL.openStream(URL.java(Inlined Compiled Code)) > at > com.ibm.ws.classloader.SinglePathClassProvider.getResourceAsStream(SinglePathClassProvider.java(Inlined > Compiled Code)) > at > com.ibm.ws.classloader.CompoundClassLoader.localGetResourceAsStream(CompoundClassLoader.java(Compiled > Code)) > at > com.ibm.ws.classloader.CompoundClassLoader.getResourceAsStream(CompoundClassLoader.java(Compiled > Code)) > at javassist.LoaderClassPath.openClassfile(LoaderClassPath.java:70) > at javassist.ClassPoolTail.openClassfile(ClassPoolTail.java:283) > at javassist.ClassPool.openClassfile(ClassPool.java(Inlined Compiled > Code)) > at javassist.CtClassType.getClassFile2(CtClassType.java(Compiled > Code)) > at javassist.CtClassType.subtypeOf(CtClassType.java:267) > at > javassist.compiler.MemberResolver.compareSignature(MemberResolver.java:203) > at > javassist.compiler.MemberResolver.lookupMethod(MemberResolver.java:97) > at > javassist.compiler.TypeChecker.atMethodCallCore(TypeChecker.java:637) > at javassist.compiler.TypeChecker.atCallExpr(TypeChecker.java:614) > at > javassist.compiler.JvstTypeChecker.atCallExpr(JvstTypeChecker.java:156) > at javassist.compiler.ast.CallExpr.accept(CallExpr.java:45) > at javassist.compiler.CodeGen.doTypeCheck(CodeGen.java:235) > at javassist.compiler.CodeGen.atStmnt(CodeGen.java:323) > at javassist.compiler.ast.Stmnt.accept(Stmnt.java:49) > at javassist.compiler.CodeGen.atIfStmnt(CodeGen.java:384) > at javassist.compiler.CodeGen.atStmnt(CodeGen.java:348) > at javassist.compiler.ast.Stmnt.accept(Stmnt.java:49) > at javassist.compiler.CodeGen.atStmnt(CodeGen.java:344) > at javassist.compiler.ast.Stmnt.accept(Stmnt.java:49) > at javassist.compiler.CodeGen.atMethodBody(CodeGen.java:285) > at javassist.compiler.Javac.compileBody(Javac.java:208) > at javassist.CtBehavior.setBody(CtBehavior.java:188) > at javassist.CtBehavior.setBody(CtBehavior.java:163) > at > org.apache.hivemind.service.impl.ClassFabImpl.addMethod(ClassFabImpl.java:288) > at > org.apache.hivemind.service.impl.LoggingInterceptorFactory.addServiceMethodImplementation(LoggingInterceptorFactory.java:120) > at > org.apache.hivemind.service.impl.LoggingInterceptorFactory.addServiceMethods(LoggingInterceptorFactory.java:159) > at > org.apache.hivemind.service.impl.LoggingInterceptorFactory.constructInterceptorClass(LoggingInterceptorFactory.java:214) > at > org.apache.hivemind.service.impl.LoggingInterceptorFactory.createInterceptor(LoggingInterceptorFactory.java:251) > at > org.apache.hivemind.impl.ServiceInterceptorContributionImpl.createInterceptor(ServiceInterceptorContributionImpl.java:95) > at > org.apache.hivemind.impl.InterceptorStackImpl.process(InterceptorStackImpl.java:116) > at > org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.addInterceptors(AbstractServiceModelImpl.java:85) > at > org.apache.hivemind.impl.servicemodel.PooledServiceModel.constructServiceProxy(PooledServiceModel.java:154) > at > org.apache.hivemind.impl.servicemodel.PooledServiceModel.<init>(PooledServiceModel.java:130) > at > org.apache.hivemind.impl.servicemodel.PooledServiceModelFactory.createServiceModelForService(PooledServiceModelFactory.java:26) > at > org.apache.hivemind.impl.ServicePointImpl.getService(ServicePointImpl.java:208) > at > org.apache.hivemind.impl.ServicePointImpl.getService(ServicePointImpl.java:223) > at > org.apache.hivemind.impl.RegistryInfrastructureImpl.getService(RegistryInfrastructureImpl.java:207) > at org.apache.hivemind.impl.ModuleImpl.getService(ModuleImpl.java:105) > at > org.apache.hivemind.schema.rules.ServiceTranslator.translate(ServiceTranslator.java:40) > at > org.apache.hivemind.service.impl.BuilderPropertyFacet.getFacetValue(BuilderPropertyFacet.java:55) > at > org.apache.hivemind.service.impl.BuilderFactoryLogic.wireProperty(BuilderFactoryLogic.java:357) > at > org.apache.hivemind.service.impl.BuilderFactoryLogic.setProperties(BuilderFactoryLogic.java:320) > at > org.apache.hivemind.service.impl.BuilderFactoryLogic.createService(BuilderFactoryLogic.java:77) > at > org.apache.hivemind.service.impl.BuilderFactory.createCoreServiceImplementation(BuilderFactory.java:42) > at > org.apache.hivemind.impl.InvokeFactoryServiceConstructor.constructCoreServiceImplementation(InvokeFactoryServiceConstructor.java:62) > at > org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructCoreServiceImplementation(AbstractServiceModelImpl.java:108) > at > org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructNewServiceImplementation(AbstractServiceModelImpl.java:158) > at > org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructServiceImplementation(AbstractServiceModelImpl.java:140) > at > org.apache.hivemind.impl.servicemodel.SingletonServiceModel.getActualServiceImplementation(SingletonServiceModel.java:69) > at > $ApplicationInitializer_10c725a4dba._service($ApplicationInitializer_10c725a4dba.java) > at > $ApplicationInitializer_10c725a4dba.initialize($ApplicationInitializer_10c725a4dba.java) > at > $ApplicationInitializer_10c725a4db9.initialize($ApplicationInitializer_10c725a4db9.java) > at > $ApplicationInitializer_10c725a4dbd.initialize($ApplicationInitializer_10c725a4dbd.java) > at > $ApplicationInitializer_10c725a4db2.initialize($ApplicationInitializer_10c725a4db2.java) > at > $ApplicationInitializer_10c725a4db1.initialize($ApplicationInitializer_10c725a4db1.java) > at > org.apache.tapestry.ApplicationServlet.initializeApplication(ApplicationServlet.java:299) > at > org.apache.tapestry.ApplicationServlet.init(ApplicationServlet.java:198) > at > com.ibm.ws.webcontainer.servlet.StrictServletInstance.doInit(StrictServletInstance.java:82) > at > com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._init(StrictLifecycleServlet.java:147) > at > com.ibm.ws.webcontainer.servlet.PreInitializedServletState.init(StrictLifecycleServlet.java:270) > at > com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.init(StrictLifecycleServlet.java:113) > at > com.ibm.ws.webcontainer.servlet.ServletInstance.init(ServletInstance.java:189) > at javax.servlet.GenericServlet.init(GenericServlet.java:258) > ... -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
