beehive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rich Feit (JIRA)" <beehive-...@incubator.apache.org>
Subject [jira] Resolved: (BEEHIVE-813) Cannot hit page flow actions under certain Java security policies
Date Tue, 14 Jun 2005 21:07:51 GMT
     [ http://issues.apache.org/jira/browse/BEEHIVE-813?page=all ]
     
Rich Feit resolved BEEHIVE-813:
-------------------------------

    Resolution: Fixed
     Assign To: Alejandro Ramirez  (was: Rich Feit)

Fixed with revision 190656.

> Cannot hit page flow actions under certain Java security policies
> -----------------------------------------------------------------
>
>          Key: BEEHIVE-813
>          URL: http://issues.apache.org/jira/browse/BEEHIVE-813
>      Project: Beehive
>         Type: Bug
>   Components: NetUI
>     Versions: V1
>     Reporter: Rich Feit
>     Assignee: Alejandro Ramirez
>      Fix For: TBD

>
> This bug involves hitting a *public* page flow action with a Java security policy enabled.
 You should be able to hit the action if it's public, even if the policy restricts access
to private and protected members.
> Repro (the easiest way to reproduce this):
>     - cd to $CATALINA_HOME/bin.
>     - create a file called mysecurity.policy (and REPLACE my c:/prog/... tomcat/jdk directories
with ones of your own):
>        ---
>        grant codeBase "file:///c:/prog/jakarta-tomcat-5.0.25/-"{
>        permission java.security.AllPermission;
>        };
>        grant codeBase "file:///c:/prog/jdk1.5.0/-"{
>        permission java.security.AllPermission;
>        };
>        grant {
>        permission java.util.PropertyPermission "*", "read";
>        permission java.lang.RuntimePermission "accessDeclaredMembers";
>        };
>        ---
>     - set the JAVA_OPTS environment variable:
>         (windows) set JAVA_OPTS=-Djava.security.manager -Djava.security.policy=mysecurity.policy
>         (linux) export JAVA_OPTS="-Djava.security.manager -Djava.security.policy=mysecurity.policy"
>     - start tomcat:
>         (windows) .\startup.bat
>         (linux) ./startup.sh
> Deploy a webapp and hit any page flow action method (a method, not a @Jpf.SimpleAction).
 You get the following exception:
> java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission
suppressAccessChecks)
> 	java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
> 	java.security.AccessController.checkPermission(AccessController.java:427)
> 	java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> 	java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
> 	org.apache.beehive.netui.pageflow.FlowController.getActionMethod(FlowController.java:698)
> 	org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:745)
> 	org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:426)
> 	org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
> 	org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:306)
> 	org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
> 	org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421)
> 	org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:104)
> 	org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1998)
> 	org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:63)
> 	org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:86)
> 	org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2067)
> 	org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226)
> 	org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:593)
> 	org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:866)
> 	org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:600)
> 	org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:163)
> 	org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
> 	javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
> 	javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
> 	sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	java.lang.reflect.Method.invoke(Method.java:585)
> 	org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:241)
> 	java.security.AccessController.doPrivileged(Native Method)
> 	javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> 	org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:268)
> 	org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
> 	java.security.AccessController.doPrivileged(Native Method)
> 	java.security.AccessController.doPrivileged(Native Method)
> 	org.apache.beehive.netui.pageflow.internal.DefaultForwardRedirectHandler.forward(DefaultForwardRedirectHandler.java:127)
> 	org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.doForward(PageFlowRequestProcessor.java:1774)
> 	org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processPageFlowRequest(PageFlowRequestProcessor.java:764)
> 	org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:518)
> 	org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:866)
> 	org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:600)
> 	org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:163)
> 	org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397)
> 	javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
> 	javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
> 	sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	java.lang.reflect.Method.invoke(Method.java:585)
> 	org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:241)
> 	java.security.AccessController.doPrivileged(Native Method)
> 	javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> 	org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:268)
> 	org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message