Re: (beanutils) possible problem with beanutils being used by geoserver
Thank you for the reply. Currently my permissions look like the following when I'm getting the stack trace previously given: //permissions to allow GeoServer to run grant codebase file:${com.sun.aas.instanceRoot}/applications/geoserver/- { permission java.lang.RuntimePermission getenv.*; permission com.sun.tools.attach.AttachPermission createAttachProvider; permission java.lang.RuntimePermission accessClassInPackage.com.sun.imageio.*; permission java.util.logging.LoggingPermission control; permission java.lang.RuntimePermission createClassLoader; permission java.lang.reflect.ReflectPermission suppressAccessChecks; permission java.io.FilePermission ${com.sun.aas.instanceRoot}/applications/geoserver/-, read, write, execute, delete; permission java.security.SecurityPermission putProviderProperty.BC; permission java.security.SecurityPermission insertProvider.BC; permission java.lang.RuntimePermission modifyThread; permission java.lang.RuntimePermission preferences; permission java.lang.RuntimePermission shutdownHooks; permission java.lang.RuntimePermission getClassLoader; permission java.io.SerializablePermission enableSubclassImplementation; permission java.io.SerializablePermission enableSubstitution; permission java.util.PropertyPermission *, read,write; permission org.apache.wicket.authorization.strategies.role.metadata.InstantiationPermissions authorizeAll; }; I came to a partial solution by adding: permission java.lang.RuntimePermission accessClassInPackage.*; Of course, I need to narrow down the packages it can access, but it moves me forward, thanks for the assist. On Fri, May 30, 2014 at 6:50 PM, Martin Gainty mgai...@hotmail.com wrote: you should ask this on glassfish-users but since I monitor both lists here is the solution when you enable security manager in Glassfish Changing Permissions for an ApplicationThe default policy for each domain limits the permissions of Java EE deployed applications to the minimal set of permissions required for these applications to operate correctly. Do not add extra permissions to the default set (the grant block with no codebase, which applies to all code). Instead, add a new grant block with a codebase specific to the applications requiring the extra permissions, and only add the minimally necessary permissions in that block. If you develop multiple applications that require more than this default set of permissions, you can add the custom permissions that your applications need. The com.sun.aas.instanceRoot variable refers to the domain-dir. For example: In general, you should add extra permissions only to the applications or modules that require them, not to all applications deployed to a domain. For example: //this assumes classes from listContainer are all located in /applications/MyApp/ e.g. component component-typelistContainer/component-type component-classcom.sun.enterprise.tools.admingui.jsf.component.Tail/component-class /component and we KNOW that com.sun.enterprise.tools.admingui.jsf.component.Tail containing jar is located off of /applications/MyApp grant codeBase file:${com.sun.aas.instanceRoot}/applications/MyApp/- {//choose the RuntimePermission which is appropriate permission java.lang.RuntimePermission accessClassInPackage.*; permission java.lang.RuntimePermission createClassLoader; permission java.lang.RuntimePermission defineClassInPackage.*; permission java.lang.RuntimePermission getClassLoader; permission java.lang.RuntimePermission accessDeclaredMembers; permission java.lang.RuntimePermission getenv.*; //OR go for all of the classes permission java.lang.RuntimePermission ALL FILES} http://docs.oracle.com/cd/E26576_01/doc.312/e24930/securing-apps.htm#beabz Martin Date: Fri, 30 May 2014 22:22:53 +0200 From: oliver.he...@oliver-heger.de To: user@commons.apache.org Subject: Re: (beanutils) possible problem with beanutils being used by geoserver Hello Joel, Am 29.05.2014 19:12, schrieb Joel Harris: Hello, I'm trying to utilize the Geoserver v2.5 application on glassfish v4 with security manager enabled. when I navigate to certain areas in the web application I get a beanutils exception (toward the bottom of the stack trace below), trying to call a getter that apparently doesn't exist. I'm not sure why this is aggravated by enabling security manager, but perhaps it is bubbling up? This exception does not show up with security manager disabled. I have to keep security manager enabled, and can not allow all permissions to the application. Any help would be appreciated. I am afraid I won't be a great help for your problem. It is completely new to me that the set of properties detected by beanutils depends on the existence of a security manager. One thing I noticed from the stack trace: Could it be the case that the class in question
Re: (beanutils) possible problem with beanutils being used by geoserver
Hello Joel, Am 29.05.2014 19:12, schrieb Joel Harris: Hello, I'm trying to utilize the Geoserver v2.5 application on glassfish v4 with security manager enabled. when I navigate to certain areas in the web application I get a beanutils exception (toward the bottom of the stack trace below), trying to call a getter that apparently doesn't exist. I'm not sure why this is aggravated by enabling security manager, but perhaps it is bubbling up? This exception does not show up with security manager disabled. I have to keep security manager enabled, and can not allow all permissions to the application. Any help would be appreciated. I am afraid I won't be a great help for your problem. It is completely new to me that the set of properties detected by beanutils depends on the existence of a security manager. One thing I noticed from the stack trace: Could it be the case that the class in question is a proxy? Maybe those are affected by a security manager? Oliver org.apache.wicket.WicketRuntimeException: Error attaching this container for rendering: [MarkupContainer [Component id = listContainer]] at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1765) at org.apache.wicket.Component.onBeforeRender(Component.java:3946) at org.apache.wicket.Component.internalBeforeRender(Component.java:1071) at org.apache.wicket.Component.beforeRender(Component.java:1105) at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1753) at org.apache.wicket.Component.onBeforeRender(Component.java:3946) at org.apache.wicket.Component.internalBeforeRender(Component.java:1071) at org.apache.wicket.Component.beforeRender(Component.java:1105) at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1753) at org.apache.wicket.Component.onBeforeRender(Component.java:3946) at org.apache.wicket.Page.onBeforeRender(Page.java:1531) at org.apache.wicket.Component.internalBeforeRender(Component.java:1071) at org.apache.wicket.Component.beforeRender(Component.java:1105) at org.apache.wicket.Component.prepareForRender(Component.java:2292) at org.apache.wicket.Page.prepareForRender(Page.java:1521) at org.apache.wicket.Component.prepareForRender(Component.java:2329) at org.apache.wicket.Page.renderPage(Page.java:892) at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.respond(BookmarkablePageRequestTarget.java:261) at org.apache.wicket.request.AbstractRequestCycleProcessor.respond(AbstractRequestCycleProcessor.java:105) at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1258) at org.apache.wicket.RequestCycle.step(RequestCycle.java:1329) at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1436) at org.apache.wicket.RequestCycle.request(RequestCycle.java:545) at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:484) at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:138) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:159) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at sun.reflect.GeneratedMethodAccessor159.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:323) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:321) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:536) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:356) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:214) at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1676) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:344) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:90) at
RE: (beanutils) possible problem with beanutils being used by geoserver
you should ask this on glassfish-users but since I monitor both lists here is the solution when you enable security manager in Glassfish Changing Permissions for an ApplicationThe default policy for each domain limits the permissions of Java EE deployed applications to the minimal set of permissions required for these applications to operate correctly. Do not add extra permissions to the default set (the grant block with no codebase, which applies to all code). Instead, add a new grant block with a codebase specific to the applications requiring the extra permissions, and only add the minimally necessary permissions in that block. If you develop multiple applications that require more than this default set of permissions, you can add the custom permissions that your applications need. The com.sun.aas.instanceRoot variable refers to the domain-dir. For example: In general, you should add extra permissions only to the applications or modules that require them, not to all applications deployed to a domain. For example: //this assumes classes from listContainer are all located in /applications/MyApp/ e.g. component component-typelistContainer/component-type component-classcom.sun.enterprise.tools.admingui.jsf.component.Tail/component-class /component and we KNOW that com.sun.enterprise.tools.admingui.jsf.component.Tail containing jar is located off of /applications/MyApp grant codeBase file:${com.sun.aas.instanceRoot}/applications/MyApp/- {//choose the RuntimePermission which is appropriate permission java.lang.RuntimePermission accessClassInPackage.*; permission java.lang.RuntimePermission createClassLoader; permission java.lang.RuntimePermission defineClassInPackage.*; permission java.lang.RuntimePermission getClassLoader; permission java.lang.RuntimePermission accessDeclaredMembers; permission java.lang.RuntimePermission getenv.*; //OR go for all of the classes permission java.lang.RuntimePermission ALL FILES}http://docs.oracle.com/cd/E26576_01/doc.312/e24930/securing-apps.htm#beabz Martin Date: Fri, 30 May 2014 22:22:53 +0200 From: oliver.he...@oliver-heger.de To: user@commons.apache.org Subject: Re: (beanutils) possible problem with beanutils being used by geoserver Hello Joel, Am 29.05.2014 19:12, schrieb Joel Harris: Hello, I'm trying to utilize the Geoserver v2.5 application on glassfish v4 with security manager enabled. when I navigate to certain areas in the web application I get a beanutils exception (toward the bottom of the stack trace below), trying to call a getter that apparently doesn't exist. I'm not sure why this is aggravated by enabling security manager, but perhaps it is bubbling up? This exception does not show up with security manager disabled. I have to keep security manager enabled, and can not allow all permissions to the application. Any help would be appreciated. I am afraid I won't be a great help for your problem. It is completely new to me that the set of properties detected by beanutils depends on the existence of a security manager. One thing I noticed from the stack trace: Could it be the case that the class in question is a proxy? Maybe those are affected by a security manager? Oliver org.apache.wicket.WicketRuntimeException: Error attaching this container for rendering: [MarkupContainer [Component id = listContainer]] at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1765) at org.apache.wicket.Component.onBeforeRender(Component.java:3946) at org.apache.wicket.Component.internalBeforeRender(Component.java:1071) at org.apache.wicket.Component.beforeRender(Component.java:1105) at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1753) at org.apache.wicket.Component.onBeforeRender(Component.java:3946) at org.apache.wicket.Component.internalBeforeRender(Component.java:1071) at org.apache.wicket.Component.beforeRender(Component.java:1105) at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1753) at org.apache.wicket.Component.onBeforeRender(Component.java:3946) at org.apache.wicket.Page.onBeforeRender(Page.java:1531) at org.apache.wicket.Component.internalBeforeRender(Component.java:1071) at org.apache.wicket.Component.beforeRender(Component.java:1105) at org.apache.wicket.Component.prepareForRender(Component.java:2292) at org.apache.wicket.Page.prepareForRender(Page.java:1521) at org.apache.wicket.Component.prepareForRender(Component.java:2329) at org.apache.wicket.Page.renderPage(Page.java:892) at org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.respond(BookmarkablePageRequestTarget.java:261) at org.apache.wicket.request.AbstractRequestCycleProcessor.respond(AbstractRequestCycleProcessor.java:105) at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1258