Return-Path: 
 <dev-return-63529-apmail-geronimo-dev-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-dev-archive@www.apache.org
Received: (qmail 49163 invoked from network); 22 May 2008 22:04:23 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 22 May 2008 22:04:23 -0000
Received: (qmail 42644 invoked by uid 500); 22 May 2008 22:04:18 -0000
Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org
Received: (qmail 42596 invoked by uid 500); 22 May 2008 22:04:18 -0000
Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:dev-help@geronimo.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@geronimo.apache.org>
List-Post: <mailto:dev@geronimo.apache.org>
Reply-To: dev@geronimo.apache.org
List-Id: <dev.geronimo.apache.org>
Delivered-To: mailing list dev@geronimo.apache.org
Received: (qmail 42581 invoked by uid 99); 22 May 2008 22:04:18 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 May 2008 15:04:18 -0700
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 May 2008 22:03:40 +0000
Received: from brutus (localhost [127.0.0.1])
	by brutus.apache.org (Postfix) with ESMTP id E865E234C118
	for <dev@geronimo.apache.org>; Thu, 22 May 2008 15:03:55 -0700 (PDT)
Message-ID: <205322250.1211493835947.JavaMail.jira@brutus>
Date: Thu, 22 May 2008 15:03:55 -0700 (PDT)
From: "Jacques Le Roux (JIRA)" <jira@apache.org>
To: dev@geronimo.apache.org
Subject: [jira] Commented: (GERONIMO-4037) Geronimo 2.0.3 (and I guess at
 least 2.0.2) can't run  with a security manager settled from the command
 line using -Djava.security.manager
In-Reply-To: <1069772001.1211293735629.JavaMail.jira@brutus>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org


    [ https://issues.apache.org/jira/browse/GERONIMO-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12599209#action_12599209 ] 

Jacques Le Roux commented on GERONIMO-4037:
-------------------------------------------

Thanks Dan,

I tried your suggestions. 

I just tried -Dpolicy.allowSystemProperty=true : same error.

I get nothing really interesting with -Djava.security.debug=policy or even or -Djava.security.debug=all.
(Note : I saw that the JVM was looking for <<policy: reading file:/C:/Documents%20and%20Settings/Jacques%20Le%20Roux/.java.policy>> I copied in this location the file C:\Program Files\Java\jdk1.5.0_11\jre\lib\security\java.policy but without results)

I also tried to harcode the file name using : -Djava.security.policy=file://C/geronimo-tomcat6-jee5-2.0.3/bin/client.policy in place of the default value, same error (I tried also the syntax -Djava.security.policy=file:/C:/geronimo-tomcat6-jee5-2.0.3/bin/client.policy as I saw it in the log from -Djava.security.debug=policy)

I finally tried using this content in client.policy
grant {
    permission java.security.AllPermission;
};

grant codeBase "file:C:/geronimo-tomcat6-jee5-2.0.3/bin/*" {
    permission java.security.AllPermission;
};

grant codeBase "file:C:/geronimo-tomcat6-jee5-2.0.3/repository/*" {
    permission java.security.AllPermission;
};

grant codeBase "file:C:/geronimo-tomcat6-jee5-2.0.3/lib/*" {
    permission java.security.AllPermission;
};

Of course I did not try all the combinations above (1, 2, 3)... But I guess the better should be to trace with a debugger...

I tried yesterday to compile a checkout of https://svn.apache.org/repos/asf/geronimo/server/branches/2.0 using the recommendations in BUILDING.txt
    mvn install
    mvn -Ptools geronimo:start
It works, but as I don't know anything about Maven yet I will wait to have some time (or some help ;o) to know how to plug the Eclipse debugger in. I was using <<-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005>> in geronimo.bat

> Geronimo 2.0.3 (and I guess at least 2.0.2) can't run  with a security manager settled from the command line using -Djava.security.manager
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-4037
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4037
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: kernel, security
>    Affects Versions: 2.0.2
>         Environment: Windows Xp Sp2
>            Reporter: Jacques Le Roux
>            Priority: Blocker
>
> I'm facing an issue on Windows XPsp2: I can't run WASCE with a security manager settled from the command line using -Djava.security.manager-Djava.security.policy=client.policy options. I get the error below. Note that this is working properly under Linux (Ubuntu and Suze as well).
> C:\geronimo-tomcat6-jee5-2.0.3\bin>geronimo run
> Using GERONIMO_BASE:   C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_HOME:   C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_TMPDIR: var\temp
> Using JRE_HOME:        C:\Program Files\Java\jre1.5.0_11
> Listening for transport dt_socket at address: 5005
> Booting Geronimo Kernel (in Java 1.5.0_11)...
> Starting Geronimo Application Server v2.0.3-SNAPSHOT
> [***>                                  ] 11%  27s Starting org.apac...15:57:28,625 ERROR [GBeanInstanceState] Error while starting; GBean is now in the FAILED state: abstractName="org.apache.geronimo.configs/
> j2ee-security/2.0.3-SNAPSHOT/car?ServiceModule=org.apache.geronimo.configs/j2ee-security/2.0.3-SNAPSHOT/car,j2eeType=GBean,name=SecurityService"
> java.lang.LinkageError: org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory
>         at org.apache.geronimo.security.jacc.GeronimoPolicy.implies(GeronimoPolicy.java:74)
>         at java.security.ProtectionDomain.implies(Unknown Source)
>         at java.security.AccessControlContext.checkPermission(Unknown Source)
>         at java.security.AccessController.checkPermission(Unknown Source)
>         at java.lang.SecurityManager.checkPermission(Unknown Source)
>         at java.lang.Thread.setContextClassLoader(Unknown Source)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:1056)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:268)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:553)
>         at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
>         at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:448)
>         at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187)
>         at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:530)
>         at org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
>         at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
>         at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
>         at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:830)
>         at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>         at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
>         at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>         at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$7e14cd11.startConfiguration(<generated>)
>         at org.apache.geronimo.system.main.EmbeddedDaemon.doStartup(EmbeddedDaemon.java:156)
>         at org.apache.geronimo.system.main.EmbeddedDaemon.execute(EmbeddedDaemon.java:78)
>         at org.apache.geronimo.kernel.util.MainConfigurationBootstrapper.main(MainConfigurationBootstrapper.java:45)
>         at org.apache.geronimo.cli.AbstractCLI.executeMain(AbstractCLI.java:67)
>         at org.apache.geronimo.cli.daemon.DaemonCLI.main(DaemonCLI.java:30)
> 15:57:28,640 WARN  [BasicLifecycleMonitor] Exception occured while notifying listener
> [...]
> This is needed in order to launch the OFBiz RMIDispatcher (in other words to allow using RMI inside Apache OFBiz). That's why I put this issue as a blocker.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.