geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-4037) Geronimo 2.0.3 (and I guess at least 2.0.2) can't run with a security manager settled from the command line using -Djava.security.manager
Date Thu, 22 May 2008 22:03:55 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12599209#action_12599209
] 

Jacques Le Roux commented on GERONIMO-4037:
-------------------------------------------

Thanks Dan,

I tried your suggestions. 

I just tried -Dpolicy.allowSystemProperty=true : same error.

I get nothing really interesting with -Djava.security.debug=policy or even or -Djava.security.debug=all.
(Note : I saw that the JVM was looking for <<policy: reading file:/C:/Documents%20and%20Settings/Jacques%20Le%20Roux/.java.policy>>
I copied in this location the file C:\Program Files\Java\jdk1.5.0_11\jre\lib\security\java.policy
but without results)

I also tried to harcode the file name using : -Djava.security.policy=file://C/geronimo-tomcat6-jee5-2.0.3/bin/client.policy
in place of the default value, same error (I tried also the syntax -Djava.security.policy=file:/C:/geronimo-tomcat6-jee5-2.0.3/bin/client.policy
as I saw it in the log from -Djava.security.debug=policy)

I finally tried using this content in client.policy
grant {
    permission java.security.AllPermission;
};

grant codeBase "file:C:/geronimo-tomcat6-jee5-2.0.3/bin/*" {
    permission java.security.AllPermission;
};

grant codeBase "file:C:/geronimo-tomcat6-jee5-2.0.3/repository/*" {
    permission java.security.AllPermission;
};

grant codeBase "file:C:/geronimo-tomcat6-jee5-2.0.3/lib/*" {
    permission java.security.AllPermission;
};

Of course I did not try all the combinations above (1, 2, 3)... But I guess the better should
be to trace with a debugger...

I tried yesterday to compile a checkout of https://svn.apache.org/repos/asf/geronimo/server/branches/2.0
using the recommendations in BUILDING.txt
    mvn install
    mvn -Ptools geronimo:start
It works, but as I don't know anything about Maven yet I will wait to have some time (or some
help ;o) to know how to plug the Eclipse debugger in. I was using <<-Xdebug -Xnoagent
-Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005>>
in geronimo.bat

> Geronimo 2.0.3 (and I guess at least 2.0.2) can't run  with a security manager settled
from the command line using -Djava.security.manager
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-4037
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4037
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: kernel, security
>    Affects Versions: 2.0.2
>         Environment: Windows Xp Sp2
>            Reporter: Jacques Le Roux
>            Priority: Blocker
>
> I'm facing an issue on Windows XPsp2: I can't run WASCE with a security manager settled
from the command line using -Djava.security.manager-Djava.security.policy=client.policy options.
I get the error below. Note that this is working properly under Linux (Ubuntu and Suze as
well).
> C:\geronimo-tomcat6-jee5-2.0.3\bin>geronimo run
> Using GERONIMO_BASE:   C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_HOME:   C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_TMPDIR: var\temp
> Using JRE_HOME:        C:\Program Files\Java\jre1.5.0_11
> Listening for transport dt_socket at address: 5005
> Booting Geronimo Kernel (in Java 1.5.0_11)...
> Starting Geronimo Application Server v2.0.3-SNAPSHOT
> [***>                                  ] 11%  27s Starting org.apac...15:57:28,625
ERROR [GBeanInstanceState] Error while starting; GBean is now in the FAILED state: abstractName="org.apache.geronimo.configs/
> j2ee-security/2.0.3-SNAPSHOT/car?ServiceModule=org.apache.geronimo.configs/j2ee-security/2.0.3-SNAPSHOT/car,j2eeType=GBean,name=SecurityService"
> java.lang.LinkageError: org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory
>         at org.apache.geronimo.security.jacc.GeronimoPolicy.implies(GeronimoPolicy.java:74)
>         at java.security.ProtectionDomain.implies(Unknown Source)
>         at java.security.AccessControlContext.checkPermission(Unknown Source)
>         at java.security.AccessController.checkPermission(Unknown Source)
>         at java.lang.SecurityManager.checkPermission(Unknown Source)
>         at java.lang.Thread.setContextClassLoader(Unknown Source)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:1056)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:268)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:553)
>         at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
>         at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:448)
>         at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187)
>         at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:530)
>         at org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>         at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
>         at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:830)
>         at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>         at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
>         at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>         at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$7e14cd11.startConfiguration(<generated>)
>         at org.apache.geronimo.system.main.EmbeddedDaemon.doStartup(EmbeddedDaemon.java:156)
>         at org.apache.geronimo.system.main.EmbeddedDaemon.execute(EmbeddedDaemon.java:78)
>         at org.apache.geronimo.kernel.util.MainConfigurationBootstrapper.main(MainConfigurationBootstrapper.java:45)
>         at org.apache.geronimo.cli.AbstractCLI.executeMain(AbstractCLI.java:67)
>         at org.apache.geronimo.cli.daemon.DaemonCLI.main(DaemonCLI.java:30)
> 15:57:28,640 WARN  [BasicLifecycleMonitor] Exception occured while notifying listener
> [...]
> This is needed in order to launch the OFBiz RMIDispatcher (in other words to allow using
RMI inside Apache OFBiz). That's why I put this issue as a blocker.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message