[jira] Commented: (WW-2568) Problems activating java 2 security in a struts 2 application running on Websphere 6.1.0.15

Tue, 28 Oct 2008 15:31:08 -0700 

    [ 
https://issues.apache.org/struts/browse/WW-2568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=44885#action_44885
 ] 

Eddy Chan commented on WW-2568:
-------------------------------

I'm having the same issue with Tomcat 5.5.x.  I believe the issue here is not 
that Tomcat/WebSphere does not grant the proper permissions, but that the code 
is trying to create a file within a Jar improperly.  In this example, the URL 
is:

jar:file:\C:\ALERTAS\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\SistAlertasEAR.ear\SistAlertas.war\WEB-INF\lib\struts2-core-2.0.11.jar!\struts-default.xml

com.opensymphony.xwork2.util.FileManager.loadFile(URL) attempts to create a 
file by calling "new File(fileUrl.getFile()) to check if the file exists and is 
readable.  This just strips off the "jar:" prefix leaving a invalid pathname to 
pass to File as there is a "file:" prefix as well as a "!/..." suffix.  The 
SecurityException occurs here, because the "file:" prefix does not match the 
grant to the webapp, which is "C:\ALERTAS\.metadata\...".  I tried passing in a 
URI instead, but that doesn't work either.

In conclusion, I don't believe it is possible to create a valid java.io.File 
specifying a filename within a Jar.  As a solution, the code needs to either 
use the JarFile.getJarEntry(String) interface or open a connection using the 
URL and getting the InputStream.


> Problems activating java 2 security in a struts 2 application running on 
> Websphere 6.1.0.15 
> --------------------------------------------------------------------------------------------
>
>                 Key: WW-2568
>                 URL: https://issues.apache.org/struts/browse/WW-2568
>             Project: Struts 2
>          Issue Type: Bug
>            Reporter: Sabela Fdez. de la Vega
>
> I have my java 1.5 application that uses struts 2 running on Websphere 
> 6.1.0.15 without problems, but when I try checking java2 security on the 
> webshpere administration console I get the following error. I need java2 
> security because it's used on the production environment. 
> I'd appreciate any help. Thanks.
> [Filter [struts2]: could not be initialized]: Caught exception while loading 
> file struts-default.xml - Class: java.security.AccessController
> File: AccessController.java
> Method: checkPermission
> Line: 104 - java/security/AccessController.java:104:-1
> at 
> com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadConfigurationFiles(XmlConfigurationProvider.java:839)
>       at 
> com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadDocuments(XmlConfigurationProvider.java:131)
>       at 
> com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.init(XmlConfigurationProvider.java:100)
>       at 
> com.opensymphony.xwork2.config.impl.DefaultConfiguration.reload(DefaultConfiguration.java:130)
>       at 
> com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:52)
>       at 
> org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.java:395)
>       at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:452)
>       at 
> org.apache.struts2.dispatcher.FilterDispatcher.init(FilterDispatcher.java:201)
>       at 
> com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.init(FilterInstanceWrapper.java:142)
>       at 
> com.ibm.ws.webcontainer.filter.WebAppFilterManager._loadFilter(WebAppFilterManager.java:471)
>       at 
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.loadFilter(WebAppFilterManager.java:385)
>       at 
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.getFilterInstanceWrapper(WebAppFilterManager.java:244)
>       at 
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.getFilterChain(WebAppFilterManager.java:302)
>       at 
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:731)
>       at 
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:679)
>       at 
> com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:694)
>       at 
> com.ibm.ws.wswebcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:101)
>       at 
> com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.invokeFilters(DefaultExtensionProcessor.java:791)
>       at 
> com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.handleRequest(DefaultExtensionProcessor.java:741)
>       at 
> com.ibm.ws.wswebcontainer.extension.DefaultExtensionProcessor.handleRequest(DefaultExtensionProcessor.java:113)
>       at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3357)
>       at 
> com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267)
>       at 
> com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
>       at 
> com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455)
>       at 
> com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:115)
>       at 
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
>       at 
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:383)
>       at 
> com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:263)
>       at 
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
>       at 
> com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
>       at 
> com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
>       at 
> com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
>       at 
> com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
>       at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
>       at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
>       at 
> com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
>       at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
>       at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
> Caused by: java.security.AccessControlException: Access denied 
> (java.io.FilePermission 
> file:\C:\ALERTAS\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\SistAlertasEAR.ear\SistAlertas.war\WEB-INF\lib\struts2-core-2.0.11.jar!\struts-default.xml
>  read)
>       at 
> java.security.AccessController.checkPermission(AccessController.java:104)
>       at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
>       at 
> com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
>       at java.lang.SecurityManager.checkRead(SecurityManager.java:886)
>       at java.io.File.exists(File.java:726)
>       at 
> com.opensymphony.xwork2.util.FileManager.loadFile(FileManager.java:106)
>       at 
> com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadConfigurationFiles(XmlConfigurationProvider.java:824)
>       ... 37 more

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to