geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevan Miller (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-4037) Geronimo 2.0.3 (and I guess at least 2.0.2) can't run with a security manager settled from the command line using -Djava.security.manager
Date Tue, 27 May 2008 22:56:59 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12600300#action_12600300
] 

Kevan Miller commented on GERONIMO-4037:
----------------------------------------

Here's a potential workaround. Set the Xorg.apache.geronimo.JarFileClassLoader property to
"false". E.g.:

set JAVA_OPTS=-Djava.security.manager -Djava.security.policy=client.security -DXorg.apache.geronimo.JarFileClassLoader=false

Your should be able to start Geronimo, now. This isn't really a fix. However, for a relatively
static deployment of Geronimo, this should work fine. If you're using the server as a development
environment and repeatedly deploying/undeploying applications you'll find that deployment
artifacts are not properly deleted and you also may encounter ClassLoader memory leaks.

Some background -- on Windows we use our own JarFileClassLoader to read from Jar files (rather
than allow the ClassLoader implementation do the reading). This allows us to avoid the extremely
annoying problem of Windows locking jar files (preventing us from deleting deployment artifacts
after an undeploy).

It seems that the JarFileClassLoader is not working properly when you configure a security
manager. Here's some more info...  

I agree with Dan that the GeronimoPolicyConfigurationFactory is not ideal. However, I'm pretty
sure that's not the cause of this problem. The Timer-2 thread indicates the problem, I think...
I captured the following info I captured locally:


{noformat}
Thread [main] (Evaluating)	
	GeronimoPolicy.implies(ProtectionDomain, Permission) line: 74	
	ProtectionDomain.implies(Permission) line: 195	
	AccessControlContext.checkPermission(Permission) line: 249	
	AccessController.checkPermission(Permission) line: 427	
	SecurityManager.checkPermission(Permission) line: 532	
	SecurityManager.checkRead(String) line: 871	
	File.canRead() line: 658	
	UrlResourceFinder.getClassPath() line: 151	
	UrlResourceFinder.getResource(String) line: 79	
	JarFileClassLoader$6.run() line: 278	
	AccessController.doPrivileged(PrivilegedExceptionAction<T>, AccessControlContext) line:
not available [native method]	
	JarFileClassLoader.findClass(String) line: 260	
	JarFileClassLoader(MultiParentClassLoader).loadClassInternal(String, boolean, LinkedList<ClassLoader>)
line: 470	
	JarFileClassLoader(MultiParentClassLoader).checkParents(String, boolean, LinkedList<ClassLoader>)
line: 498	
	JarFileClassLoader(MultiParentClassLoader).loadClassInternal(String, boolean, LinkedList<ClassLoader>)
line: 456	
	JarFileClassLoader(MultiParentClassLoader).checkParents(String, boolean, LinkedList<ClassLoader>)
line: 498	
	JarFileClassLoader(MultiParentClassLoader).loadOptimizedClass(String, boolean) line: 407

	JarFileClassLoader(MultiParentClassLoader).loadClass(String, boolean) line: 278	
	JarFileClassLoader(ClassLoader).loadClass(String) line: 251	
	JarFileClassLoader(ClassLoader).loadClassInternal(String) line: 319	
	GeronimoPolicy.implies(ProtectionDomain, Permission) line: 74	
	ProtectionDomain.implies(Permission) line: 195	
	AccessControlContext.checkPermission(Permission) line: 249	
	AccessController.checkPermission(Permission) line: 427	
	SecurityManager.checkPermission(Permission) line: 532	
	SecurityManager.checkPropertyAccess(String) line: 1285	
	System.getProperty(String) line: 628	
	SecurityServiceImpl.sysOverRide(String, String) line: 101	
	SecurityServiceImpl.<init>(ClassLoader, ServerInfo, String, String, String, String,
String, String) line: 76	
	NativeConstructorAccessorImpl.newInstance0(Constructor, Object[]) line: not available [native
method]	
	NativeConstructorAccessorImpl.newInstance(Object[]) line: 39	
	DelegatingConstructorAccessorImpl.newInstance(Object[]) line: 27	
	Constructor<T>.newInstance(Object...) line: 494	
	GBeanInstance.createInstance() line: 948	
	GBeanInstanceState.attemptFullStart() line: 268	
	GBeanInstanceState.start() line: 102	
	GBeanInstanceState.startRecursive() line: 124	
	GBeanInstance.startRecursive() line: 555	
	BasicKernel.startRecursiveGBean(AbstractName) line: 379	
	ConfigurationUtil.startConfigurationGBeans(AbstractName, Configuration, Kernel) line: 456

	EditableKernelConfigurationManager(KernelConfigurationManager).start(Configuration) line:
187	
	EditableKernelConfigurationManager(SimpleConfigurationManager).startConfiguration(Artifact,
LifecycleMonitor) line: 549	
	NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not available [native method]

	NativeMethodAccessorImpl.invoke(Object, Object[]) line: 39	
	DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 25	
	Method.invoke(Object, Object...) line: 585	
	ReflectionMethodInvoker.invoke(Object, Object[]) line: 34	
	GBeanOperation.invoke(Object, Object[]) line: 124	
	GBeanInstance.invoke(int, Object[]) line: 832	
	RawInvoker.invoke(int, Object[]) line: 57	
	RawOperationInvoker.invoke(AbstractName, Object[]) line: 35	
	ProxyMethodInterceptor.intercept(Object, Method, Object[], MethodProxy) line: 96	
	EditableConfigurationManager$$EnhancerByCGLIB$$d521c36b.startConfiguration(Artifact, LifecycleMonitor)
line: not available	
	EmbeddedDaemon.doStartup() line: 158	
	EmbeddedDaemon.execute(Object) line: 79	
	MainConfigurationBootstrapper.main(MainConfigurationBootstrapper, Object) line: 45	
	DaemonCLI(AbstractCLI).executeMain() line: 67	
	DaemonCLI.main(String[]) line: 30	
{noformat}

JarFileClassLoader and UrlResourceFinder are Geronimo classes which are only used on Windows
(they avoid the extremely annoying Windows habit of jar files getting locked by the OS). I
think the problem here is that UrlResourceFinder is not sufficiently privileged. Result is
that we attempt to recursively load the GeronimoPolicyConfigurationFactory. The ClassLoader
is failing on this recursive load of the GeronimoPolicyConfigurationFactory class. I'm pretty
sure that this is the cause of the LinkageError...

No fix yet. Probably won't look at this until tomorrow. If anybody wants to jump in, have
at it...



> Geronimo 2.0.3 (and I guess at least 2.0.2) can't run  with a security manager settled
from the command line using -Djava.security.manager
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-4037
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4037
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: kernel, security
>    Affects Versions: 2.0.2
>         Environment: Windows Xp Sp2
>            Reporter: Jacques Le Roux
>            Priority: Blocker
>
> I'm facing an issue on Windows XPsp2: I can't run WASCE with a security manager settled
from the command line using -Djava.security.manager-Djava.security.policy=client.policy options.
I get the error below. Note that this is working properly under Linux (Ubuntu and Suze as
well).
> C:\geronimo-tomcat6-jee5-2.0.3\bin>geronimo run
> Using GERONIMO_BASE:   C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_HOME:   C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_TMPDIR: var\temp
> Using JRE_HOME:        C:\Program Files\Java\jre1.5.0_11
> Listening for transport dt_socket at address: 5005
> Booting Geronimo Kernel (in Java 1.5.0_11)...
> Starting Geronimo Application Server v2.0.3-SNAPSHOT
> [***>                                  ] 11%  27s Starting org.apac...15:57:28,625
ERROR [GBeanInstanceState] Error while starting; GBean is now in the FAILED state: abstractName="org.apache.geronimo.configs/
> j2ee-security/2.0.3-SNAPSHOT/car?ServiceModule=org.apache.geronimo.configs/j2ee-security/2.0.3-SNAPSHOT/car,j2eeType=GBean,name=SecurityService"
> java.lang.LinkageError: org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory
>         at org.apache.geronimo.security.jacc.GeronimoPolicy.implies(GeronimoPolicy.java:74)
>         at java.security.ProtectionDomain.implies(Unknown Source)
>         at java.security.AccessControlContext.checkPermission(Unknown Source)
>         at java.security.AccessController.checkPermission(Unknown Source)
>         at java.lang.SecurityManager.checkPermission(Unknown Source)
>         at java.lang.Thread.setContextClassLoader(Unknown Source)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:1056)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:268)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:553)
>         at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
>         at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:448)
>         at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187)
>         at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:530)
>         at org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>         at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
>         at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:830)
>         at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>         at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
>         at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>         at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$7e14cd11.startConfiguration(<generated>)
>         at org.apache.geronimo.system.main.EmbeddedDaemon.doStartup(EmbeddedDaemon.java:156)
>         at org.apache.geronimo.system.main.EmbeddedDaemon.execute(EmbeddedDaemon.java:78)
>         at org.apache.geronimo.kernel.util.MainConfigurationBootstrapper.main(MainConfigurationBootstrapper.java:45)
>         at org.apache.geronimo.cli.AbstractCLI.executeMain(AbstractCLI.java:67)
>         at org.apache.geronimo.cli.daemon.DaemonCLI.main(DaemonCLI.java:30)
> 15:57:28,640 WARN  [BasicLifecycleMonitor] Exception occured while notifying listener
> [...]
> This is needed in order to launch the OFBiz RMIDispatcher (in other words to allow using
RMI inside Apache OFBiz). That's why I put this issue as a blocker.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message