Re: (beanutils) possible problem with beanutils being used by geoserver

2014-06-03 Thread Joel Harris
Thank you for the reply.

Currently my permissions look like the following when I'm getting the stack
trace previously given:

//permissions to allow GeoServer to run
grant codebase file:${com.sun.aas.instanceRoot}/applications/geoserver/-
{
permission java.lang.RuntimePermission getenv.*;
permission com.sun.tools.attach.AttachPermission
createAttachProvider;
permission java.lang.RuntimePermission
accessClassInPackage.com.sun.imageio.*;
permission java.util.logging.LoggingPermission control;
permission java.lang.RuntimePermission createClassLoader;
permission java.lang.reflect.ReflectPermission suppressAccessChecks;
permission java.io.FilePermission
${com.sun.aas.instanceRoot}/applications/geoserver/-, read, write,
execute, delete;
permission java.security.SecurityPermission putProviderProperty.BC;
permission java.security.SecurityPermission insertProvider.BC;
permission java.lang.RuntimePermission modifyThread;
permission java.lang.RuntimePermission preferences;
permission java.lang.RuntimePermission shutdownHooks;
permission java.lang.RuntimePermission getClassLoader;
permission java.io.SerializablePermission
enableSubclassImplementation;
permission java.io.SerializablePermission enableSubstitution;
permission java.util.PropertyPermission *, read,write;
permission
org.apache.wicket.authorization.strategies.role.metadata.InstantiationPermissions
authorizeAll;
};

I came to a partial solution by adding:

permission java.lang.RuntimePermission accessClassInPackage.*;

Of course, I need to narrow down the packages it can access, but it moves
me forward, thanks for the assist.


On Fri, May 30, 2014 at 6:50 PM, Martin Gainty mgai...@hotmail.com wrote:

 you should ask this on glassfish-users but since I monitor both lists here
 is the solution

 when you enable security manager in Glassfish
 Changing Permissions for an ApplicationThe default policy for each domain
 limits the permissions of Java EE deployed applications to the minimal set
 of permissions required for these applications to operate correctly. Do not
 add extra permissions to the default set (the grant block with no codebase,
 which applies to all code). Instead, add a new grant block with a codebase
 specific to the applications requiring the extra permissions, and only add
 the minimally necessary permissions in that block.
 If you develop multiple applications that require more than this default
 set of permissions, you can add the custom permissions that your
 applications need. The com.sun.aas.instanceRoot variable refers to the
 domain-dir. For example:

 In general, you should add extra permissions only to the applications or
 modules that require them, not to all applications deployed to a domain.
 For example:

 //this assumes classes from listContainer are all located in
 /applications/MyApp/ e.g.
 component
 component-typelistContainer/component-type

 component-classcom.sun.enterprise.tools.admingui.jsf.component.Tail/component-class
 /component

 and we KNOW that com.sun.enterprise.tools.admingui.jsf.component.Tail
 containing jar is located off of /applications/MyApp
 grant codeBase file:${com.sun.aas.instanceRoot}/applications/MyApp/-
 {//choose the RuntimePermission which is appropriate
  permission java.lang.RuntimePermission accessClassInPackage.*;
 permission java.lang.RuntimePermission createClassLoader;
 permission java.lang.RuntimePermission defineClassInPackage.*;
 permission java.lang.RuntimePermission getClassLoader;
 permission java.lang.RuntimePermission accessDeclaredMembers;
 permission java.lang.RuntimePermission getenv.*;
 //OR go for all of the classes permission java.lang.RuntimePermission
 ALL FILES}
 http://docs.oracle.com/cd/E26576_01/doc.312/e24930/securing-apps.htm#beabz

 Martin

  Date: Fri, 30 May 2014 22:22:53 +0200
  From: oliver.he...@oliver-heger.de
  To: user@commons.apache.org
  Subject: Re: (beanutils) possible problem with beanutils being used by
 geoserver
 
  Hello Joel,
 
  Am 29.05.2014 19:12, schrieb Joel Harris:
   Hello,
  
   I'm trying to utilize the Geoserver v2.5 application on glassfish v4
 with
   security manager enabled.
   when I navigate to certain areas in the web application I get a
 beanutils
   exception (toward the bottom of the stack trace below), trying to call
 a
   getter that apparently doesn't exist. I'm not sure why this is
 aggravated
   by enabling security manager, but perhaps it is bubbling up? This
 exception
   does not show up with security manager disabled.
  
   I have to keep security manager enabled, and can not allow all
   permissions to the application.
   Any help would be appreciated.
 
  I am afraid I won't be a great help for your problem. It is completely
  new to me that the set of properties detected by beanutils depends on
  the existence of a security manager.
 
  One thing I noticed from the stack trace: Could it be the case that the
  class in question

Re: (beanutils) possible problem with beanutils being used by geoserver

2014-05-30 Thread Oliver Heger
Hello Joel,

Am 29.05.2014 19:12, schrieb Joel Harris:
 Hello,
 
 I'm trying to utilize the Geoserver v2.5 application on glassfish v4 with
 security manager enabled.
 when I navigate to certain areas in the web application I get a beanutils
 exception (toward the bottom of the stack trace below), trying to call a
 getter that apparently doesn't exist. I'm not sure why this is aggravated
 by enabling security manager, but perhaps it is bubbling up? This exception
 does not show up with security manager disabled.
 
 I have to keep security manager enabled, and can not allow all
 permissions to the application.
 Any help would be appreciated.

I am afraid I won't be a great help for your problem. It is completely
new to me that the set of properties detected by beanutils depends on
the existence of a security manager.

One thing I noticed from the stack trace: Could it be the case that the
class in question is a proxy? Maybe those are affected by a security
manager?

Oliver

 
 org.apache.wicket.WicketRuntimeException: Error attaching this container
 for rendering: [MarkupContainer [Component id = listContainer]]
 at
 org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1765)
 
 at org.apache.wicket.Component.onBeforeRender(Component.java:3946)
 at org.apache.wicket.Component.internalBeforeRender(Component.java:1071)
 at org.apache.wicket.Component.beforeRender(Component.java:1105)
 at
 org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1753)
 
 at org.apache.wicket.Component.onBeforeRender(Component.java:3946)
 at org.apache.wicket.Component.internalBeforeRender(Component.java:1071)
 at org.apache.wicket.Component.beforeRender(Component.java:1105)
 at
 org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1753)
 
 at org.apache.wicket.Component.onBeforeRender(Component.java:3946)
 at org.apache.wicket.Page.onBeforeRender(Page.java:1531)
 at org.apache.wicket.Component.internalBeforeRender(Component.java:1071)
 at org.apache.wicket.Component.beforeRender(Component.java:1105)
 at org.apache.wicket.Component.prepareForRender(Component.java:2292)
 at org.apache.wicket.Page.prepareForRender(Page.java:1521)
 at org.apache.wicket.Component.prepareForRender(Component.java:2329)
 at org.apache.wicket.Page.renderPage(Page.java:892)
 at
 org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.respond(BookmarkablePageRequestTarget.java:261)
 
 at
 org.apache.wicket.request.AbstractRequestCycleProcessor.respond(AbstractRequestCycleProcessor.java:105)
 
 at
 org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1258)
 
 at org.apache.wicket.RequestCycle.step(RequestCycle.java:1329)
 at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1436)
 at org.apache.wicket.RequestCycle.request(RequestCycle.java:545)
 at
 org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:484)
 at
 org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:138)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
 at
 org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:159)
 
 at
 org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
 
 at
 org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
 
 at
 org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
 
 at
 org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
 
 at
 org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
 
 at
 org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
 
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
 at sun.reflect.GeneratedMethodAccessor159.invoke(Unknown Source)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
 at java.lang.reflect.Method.invoke(Method.java:606) at
 org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:323)
 at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:321)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.Subject.doAsPrivileged(Subject.java:536)
 at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:356)
 at
 org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:214)
 
 at
 org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1676)
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:344)
 
 at
 org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:90)
 
 at
 

RE: (beanutils) possible problem with beanutils being used by geoserver

2014-05-30 Thread Martin Gainty
you should ask this on glassfish-users but since I monitor both lists here is 
the solution

when you enable security manager in Glassfish
Changing Permissions for an ApplicationThe default policy for each domain 
limits the permissions of Java EE deployed applications to the minimal set of 
permissions required for these applications to operate correctly. Do not add 
extra permissions to the default set (the grant block with no codebase, which 
applies to all code). Instead, add a new grant block with a codebase specific 
to the applications requiring the extra permissions, and only add the minimally 
necessary permissions in that block.
If you develop multiple applications that require more than this default set of 
permissions, you can add the custom permissions that your applications need. 
The com.sun.aas.instanceRoot variable refers to the domain-dir. For example:

In general, you should add extra permissions only to the applications or 
modules that require them, not to all applications deployed to a domain. For 
example:
 
//this assumes classes from listContainer are all located in 
/applications/MyApp/ e.g.
component
component-typelistContainer/component-type

component-classcom.sun.enterprise.tools.admingui.jsf.component.Tail/component-class
/component
 
and we KNOW that com.sun.enterprise.tools.admingui.jsf.component.Tail 
containing jar is located off of /applications/MyApp
grant codeBase file:${com.sun.aas.instanceRoot}/applications/MyApp/- 
{//choose the RuntimePermission which is appropriate
 permission java.lang.RuntimePermission accessClassInPackage.*;
permission java.lang.RuntimePermission createClassLoader;
permission java.lang.RuntimePermission defineClassInPackage.*;
permission java.lang.RuntimePermission getClassLoader;
permission java.lang.RuntimePermission accessDeclaredMembers;
permission java.lang.RuntimePermission getenv.*;
//OR go for all of the classes permission java.lang.RuntimePermission ALL 
FILES}http://docs.oracle.com/cd/E26576_01/doc.312/e24930/securing-apps.htm#beabz

Martin
 
 Date: Fri, 30 May 2014 22:22:53 +0200
 From: oliver.he...@oliver-heger.de
 To: user@commons.apache.org
 Subject: Re: (beanutils) possible problem with beanutils being used by 
 geoserver
 
 Hello Joel,
 
 Am 29.05.2014 19:12, schrieb Joel Harris:
  Hello,
  
  I'm trying to utilize the Geoserver v2.5 application on glassfish v4 with
  security manager enabled.
  when I navigate to certain areas in the web application I get a beanutils
  exception (toward the bottom of the stack trace below), trying to call a
  getter that apparently doesn't exist. I'm not sure why this is aggravated
  by enabling security manager, but perhaps it is bubbling up? This exception
  does not show up with security manager disabled.
  
  I have to keep security manager enabled, and can not allow all
  permissions to the application.
  Any help would be appreciated.
 
 I am afraid I won't be a great help for your problem. It is completely
 new to me that the set of properties detected by beanutils depends on
 the existence of a security manager.
 
 One thing I noticed from the stack trace: Could it be the case that the
 class in question is a proxy? Maybe those are affected by a security
 manager?
 
 Oliver
 
  
  org.apache.wicket.WicketRuntimeException: Error attaching this container
  for rendering: [MarkupContainer [Component id = listContainer]]
  at
  org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1765)
  
  at org.apache.wicket.Component.onBeforeRender(Component.java:3946)
  at org.apache.wicket.Component.internalBeforeRender(Component.java:1071)
  at org.apache.wicket.Component.beforeRender(Component.java:1105)
  at
  org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1753)
  
  at org.apache.wicket.Component.onBeforeRender(Component.java:3946)
  at org.apache.wicket.Component.internalBeforeRender(Component.java:1071)
  at org.apache.wicket.Component.beforeRender(Component.java:1105)
  at
  org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1753)
  
  at org.apache.wicket.Component.onBeforeRender(Component.java:3946)
  at org.apache.wicket.Page.onBeforeRender(Page.java:1531)
  at org.apache.wicket.Component.internalBeforeRender(Component.java:1071)
  at org.apache.wicket.Component.beforeRender(Component.java:1105)
  at org.apache.wicket.Component.prepareForRender(Component.java:2292)
  at org.apache.wicket.Page.prepareForRender(Page.java:1521)
  at org.apache.wicket.Component.prepareForRender(Component.java:2329)
  at org.apache.wicket.Page.renderPage(Page.java:892)
  at
  org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.respond(BookmarkablePageRequestTarget.java:261)
  
  at
  org.apache.wicket.request.AbstractRequestCycleProcessor.respond(AbstractRequestCycleProcessor.java:105)
  
  at
  org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1258