Re: RPC host mode fine --- RPC deployed web mode fails

Tue, 23 Sep 2008 19:57:37 -0700 

OK, then ... for the record, the Security Manager settings that
control this in Tomcat 5.5 are:

// These permissions should be inserted into the catalina.policy file
in the conf directory
grant codeBase "file:${catalina.home}/webapps/-" {
    permission java.lang.reflect.ReflectPermission
"suppressAccessChecks";
};

Note that the way this is written, the permission is granted for all
webapps. To refine it further, change the codeBase clause.

Whew!


On Sep 19, 1:38 pm, Jason Essington <[EMAIL PROTECTED]> wrote:
> I thought there was some talk previously about the serializers using  
> the getters/setters rather than directly molesting the fields to get  
> around the security policy issues like you were having ... though that  
> discussion was quite a while ago, and I don't remember the details now.
>
> -jason
>
> On Sep 19, 2008, at 2:25 PM,Barrywrote:
>
>
>
> > Yes, it does, Jason.
>
> > The public getters and setters are there to protect the private member
> > variables. Since I made the member variables public (see reply to
> > Lothar above), I'm having no trouble serializing.
>
> > Why do you ask about the getters and setters???
>
> > Thanks!
>
> > On Sep 19, 8:10 am, Jason Essington <[EMAIL PROTECTED]> wrote:
> >> does your object have public getters and setters?
>
> >> -jason
> >> On Sep 19, 2008, at 12:27 AM,Barrywrote:
>
> >>> Hi ...
>
> >>> I have a (relatively) simple project that demonstrates an RPC  
> >>> failure
> >>> that I don't know how to fix. There are two remote calls. SimpleCall
> >>> returns an integer and succeeds both in host mode and in deployed  
> >>> web
> >>> mode. ClassReturnCall returns a class instance and succeeds in host
> >>> mode but _fails_ in deployed web mode.
>
> >>> The failure message is: Class Return Call Failure:
> >>> com.google.gwt.user.client.rpc.StatusCodeException: The call  
> >>> failed on
> >>> the server; see server log for details.
>
> >>> I built this project from scratch to show this, and haven't used or
> >>> done anything exotic. I created the SimpleService and
> >>> ClassReturnService using the wizards, created the .WAR file using a
> >>> menu item, and deployed with a straight copy into Tomcat 5.5's
> >>> application directory.
>
> >>> The return class is defined in its own class file, is a simple bean,
> >>> and implements IsSerializable.
>
> >>> Can someone take a look at this and give some suggestions/
> >>> reasons?? I
> >>> don't know what to do from here. Could this be some sort of security
> >>> manager problem???
>
> >>> Below are the log details, but the project (as simple as it is) is  
> >>> too
> >>> much to post, so I have put it on the 
> >>> web:http://www.tpsoft.com/RemoteServiceTest.zip
>
> >>> The server log says:
>
> >>> Sep 19, 2008 6:15:31 AM org.apache.catalina.core.ApplicationContext
> >>> log
> >>> INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain:
> >>> [org.apache.webapp.balancer.RuleChain:
> >>> [org.apache.webapp.balancer.rules.URLStringMatchRule: Target string:
> >>> News / Redirect URL:http://www.cnn.com],
> >>> [org.apache.webapp.balancer.rules.RequestParameterRule: Target param
> >>> name: paramName / Target param value: paramValue / Redirect URL:
> >>>http://www.yahoo.com],
> >>> [org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect  
> >>> URL:
> >>>http://jakarta.apache.org]]
> >>> Sep 19, 2008 6:16:11 AM org.apache.catalina.core.ApplicationContext
> >>> log
> >>> SEVERE: Exception while dispatching incoming RPC call
> >>> java.security.AccessControlException: access denied
> >>> (java.lang.reflect.ReflectPermission suppressAccessChecks)
> >>>    at
> >>> java
> >>> .security
> >>> .AccessControlContext.checkPermission(AccessControlContext.java:
> >>> 323)
> >>>    at
> >>> java
> >>> .security.AccessController.checkPermission(AccessController.java:
> >>> 546)
> >>>    at  
> >>> java.lang.SecurityManager.checkPermission(SecurityManager.java:
> >>> 532)
> >>>    at
> >>> java
> >>> .lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:
> >>> 107)
> >>>    at
> >>> com
> >>> .google
> >>> .gwt
> >>> .user
> >>> .server
> >>> .rpc
> >>> .impl
> >>> .ServerSerializationStreamWriter
> >>> .serializeClass(ServerSerializationStreamWriter.java:
> >>> 619)
> >>>    at
> >>> com
> >>> .google
> >>> .gwt
> >>> .user
> >>> .server
> >>> .rpc
> >>> .impl
> >>> .ServerSerializationStreamWriter
> >>> .serializeImpl(ServerSerializationStreamWriter.java:
> >>> 655)
> >>>    at
> >>> com
> >>> .google
> >>> .gwt
> >>> .user
> >>> .server
> >>> .rpc
> >>> .impl
> >>> .ServerSerializationStreamWriter
> >>> .serialize(ServerSerializationStreamWriter.java:
> >>> 582)
> >>>    at
> >>> com
> >>> .google
> >>> .gwt
> >>> .user
> >>> .client
> >>> .rpc
> >>> .impl
> >>> .AbstractSerializationStreamWriter
> >>> .writeObject(AbstractSerializationStreamWriter.java:
> >>> 105)
> >>>    at
> >>> com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter
> >>> $ValueWriter$8.write(ServerSerializationStreamWriter.java:146)
> >>>    at
> >>> com
> >>> .google
> >>> .gwt
> >>> .user
> >>> .server
> >>> .rpc
> >>> .impl
> >>> .ServerSerializationStreamWriter
> >>> .serializeValue(ServerSerializationStreamWriter.java:
> >>> 520)
> >>>    at com.google.gwt.user.server.rpc.RPC.encodeResponse(RPC.java:
> >>> 573)
> >>>    at
> >>> com
> >>> .google.gwt.user.server.rpc.RPC.encodeResponseForSuccess(RPC.java:
> >>> 441)
> >>>    at
> >>> com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:
> >>> 529)
> >>>    at
> >>> com
> >>> .google
> >>> .gwt
> >>> .user
> >>> .server
> >>> .rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:
> >>> 163)
> >>>    at
> >>> com
> >>> .google
> >>> .gwt
> >>> .user
> >>> .server.rpc.RemoteServiceServlet.doPost(RemoteServiceServlet.java:
> >>> 85)
> >>>    at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> >>>    at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> >>>    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >>>    at
> >>> sun
> >>> .reflect
> >>> .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> >>> 39)
> >>>    at
> >>> sun
> >>> .reflect
> >>> .DelegatingMethodAccessorImpl
> >>> .invoke(DelegatingMethodAccessorImpl.java:
> >>> 25)
> >>>    at java.lang.reflect.Method.invoke(Method.java:597)
> >>>    at org.apache.catalina.security.SecurityUtil
> >>> $1.run(SecurityUtil.java:
> >>> 244)
> >>>    at java.security.AccessController.doPrivileged(Native Method)
> >>>    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> >>>    at
> >>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:
> >>> 276)
> >>>    at
> >>> org
> >>> .apache
> >>> .catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:
> >>> 162)
> >>>    at
> >>> org
> >>> .apache
> >>> .catalina
> >>> .core
> >>> .ApplicationFilterChain
> >>> .internalDoFilter(ApplicationFilterChain.java:
> >>> 262)
> >>>    at org.apache.catalina.core.ApplicationFilterChain.access
> >>> $0(ApplicationFilterChain.java:192)
> >>>    at org.apache.catalina.core.ApplicationFilterChain
> >>> $1.run(ApplicationFilterChain.java:171)
> >>>    at java.security.AccessController.doPrivileged(Native Method)
> >>>    at
> >>> org
> >>> .apache
> >>> .catalina
> >>> .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:
> >>> 167)
> >>>    at
> >>> org
> >>> .apache
> >>> .catalina
> >>> .core.StandardWrapperValve.invoke(StandardWrapperValve.java:
> >>> 213)
> >>>    at
> >>> org
> >>> .apache
> >>> .catalina
> >>> .core.StandardContextValve.invoke(StandardContextValve.java:
> >>> 174)
> >>>    at
> >>> org
> >>> .apache
> >>> .catalina.core.StandardHostValve.invoke(StandardHostValve.java:
> >>> 127)
> >>>    at
> >>> org
> >>> .apache
> >>> .catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
> >>> 117)
> >>>    at
> >>> org
> >>> .apache
> >>> .catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
> >>> 108)
> >>>    at
> >>> org
> >>> .apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
> >>> 151)
> >>>    at
> >>> org
> >>> .apache.coyote.http11.Http11Processor.process(Http11Processor.java:
> >>> 874)
> >>>    at org.apache.coyote.http11.Http11BaseProtocol
> >>> $Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:
> >>> 665)
> >>>    at
> >>> org
> >>> .apache
> >>> .tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:
> >>> 528)
> >>>    at
> >>> org
> >>> .apache
> >>> .tomcat
> >>> .util
> >>> .net
> >>> .LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:
> >>> 81)
> >>>    at org.apache.tomcat.util.threads.ThreadPool
> >>> $ControlRunnable.run(ThreadPool.java:689)
> >>>    at java.lang.Thread.run(Thread.java:619)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to