My guess: you need to add java.io.FilePermission for your application in the conf/catalina.policy file. Actually I have never tried running Wink with security manager, but it uses a lot of code that may be rejected by the security manager (reflections, access to private methods, etc), so you better grant your application with java.security.AllPermission.
On Wed, Jul 27, 2011 at 1:33 PM, March, Verdi <[email protected]> wrote: > Hi, > > I encountered a permission error when deploying my application on > Tomcat 7 with security manager enabled. > > My application (TestWink.war) consists of only 1 REST resource (the > TestResource.class) which is basically a hello world. The complete > structure of TestWink.war is: > > META-INF/ > MANIFEST.MF > WEB-INF/ > classes/ > my/test/packages/TestResource.class > lib/ > activation-1.1.jar > commons-lang-2.3.jar > jaxb-api-2.2.jar > jaxb-impl-2.2.1.1.jar > jsr311-api-1.1.1.jar > slf4j-api-1.6.1.jar > slf4j-simple-1.6.1.jar > stax-api-1.0-2.jar > wink-1.1.3-incubating.jar > wink-common-1.1.3-incubating.jar > wink-server-1.1.3-incubating.jar > resources > web.xml > > The error I got (stack trace is at the end of this message) is about > permission error on META-INF/wink-default.properties. > > I'm a bit puzzled about the error. The offending file is part of > wink-1.1.3-incubating.jar which Tomcat deploys under TestWink's servlet > context (i.e., ${tomcat.home}/webaps/TestWink). And as I understand, > Tomcat's security policy should enable TestResource to access any > thing under this servlet context (CMIIW). > > Another thing I notice from observing the log, when debug is on for > the Java security manager, is that META-INF/wink-default.properties > is the only file accessed with its relative path. All the other files > are accessed using their full path. I'm not sure if this points out > anything. > > Any insight on what's happening? > > > ===== Stack trace ==================== > Jul 27, 2011 4:58:35 PM org.apache.catalina.startup.HostConfig deployWAR > INFO: Deploying web application archive TestWink.war > 18 ["http-bio-8080"-exec-12] ERROR > org.apache.wink.server.internal.servlet.RestServlet - access denied > (java.io.FilePermission META-INF/wink-default.properties read) > java.security.AccessControlException: access denied (java.io.FilePermission > META-INF/wink-default.properties read) > at > java.security.AccessControlContext.checkPermission(AccessControlContext.java:393) > at > java.security.AccessController.checkPermission(AccessController.java:553) > at > java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at java.io.File.isFile(File.java:793) > at > org.apache.wink.common.internal.utils.FileLoader.loadFileAsStream(FileLoader.java:87) > at > org.apache.wink.server.internal.utils.ServletFileLoader.loadFileAsStream(ServletFileLoader.java:52) > at > org.apache.wink.server.internal.servlet.RestServlet.loadProperties(RestServlet.java:295) > at > org.apache.wink.server.internal.servlet.RestServlet.getProperties(RestServlet.java:190) > at > org.apache.wink.server.internal.servlet.RestServlet.getDeploymentConfiguration(RestServlet.java:178) > at > org.apache.wink.server.internal.servlet.RestServlet.createRequestProcessor(RestServlet.java:124) > at > org.apache.wink.server.internal.servlet.RestServlet.init(RestServlet.java:94) > at javax.servlet.GenericServlet.init(GenericServlet.java:160) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:616) > at > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273) > at > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:270) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) > at > org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:305) > at > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165) > at > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:119) > at > org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1195) > at > org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1114) > at > org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:824) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:135) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:301) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:162) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:140) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) > at java.lang.Thread.run(Thread.java:679) > > Regards, > Verdi > >
