openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Albert Lee (JIRA)" <j...@apache.org>
Subject [jira] Commented: (OPENJPA-339) Java 2 security Access denied in File.toURL() call
Date Thu, 30 Aug 2007 22:30:30 GMT

    [ https://issues.apache.org/jira/browse/OPENJPA-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12523955
] 

Albert Lee commented on OPENJPA-339:
------------------------------------

The other path which caused security violations are:

Stack Dump = java.security.AccessControlException: Access denied (java.lang.RuntimePermission
getClassLoader)
        at java.security.AccessController.checkPermission(AccessController.java:104)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
        at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
        at java.lang.Thread.getContextClassLoader(Thread.java:488)
        at serp.bytecode.BCClass.getClassLoader(BCClass.java:1670)
        at serp.bytecode.BCMember.getClassLoader(BCMember.java:326)
        at serp.bytecode.Attribute.getClassLoader(Attribute.java:85)
        at serp.bytecode.Instruction.getClassLoader(Instruction.java:141)
        at serp.bytecode.TypedInstruction.getType(TypedInstruction.java:76)
        at serp.bytecode.Code.calculateMaxLocals(Code.java:191)
        at org.apache.openjpa.util.ProxyManagerImpl.addProxyBeanMethods(ProxyManagerImpl.java:1173)
        at org.apache.openjpa.util.ProxyManagerImpl.generateProxyBeanBytecode(ProxyManagerImpl.java:640)
        at org.apache.openjpa.util.ProxyManagerImpl.getFactoryProxyBean(ProxyManagerImpl.java:452)
        at org.apache.openjpa.util.ProxyManagerImpl.newCustomProxy(ProxyManagerImpl.java:311)
        at org.apache.openjpa.kernel.SingleFieldManager.proxy(SingleFieldManager.java:129)
        at org.apache.openjpa.kernel.StateManagerImpl.proxyFields(StateManagerImpl.java:2721)
        at org.apache.openjpa.kernel.PNonTransState.initialize(PNonTransState.java:44)
        at org.apache.openjpa.kernel.StateManagerImpl.setPCState(StateManagerImpl.java:216)
        at org.apache.openjpa.kernel.StateManagerImpl.commit(StateManagerImpl.java:1005)
        at org.apache.openjpa.kernel.BrokerImpl.endTransaction(BrokerImpl.java:2177)
        at org.apache.openjpa.kernel.BrokerImpl.afterCompletion(BrokerImpl.java:1782)
        at com.ibm.ws.uow.ComponentContextSynchronizationWrapper.afterCompletion(ComponentContextSynchronizationWrapper.java:84)
        at com.ibm.ws.Transaction.JTA.RegisteredSyncs.distributeAfter(RegisteredSyncs.java:424)
        at com.ibm.ws.Transaction.JTA.TransactionImpl.distributeAfter(TransactionImpl.java:3883)
        at com.ibm.ws.Transaction.JTA.TransactionImpl.postCompletion(TransactionImpl.java:3862)
        at com.ibm.ws.Transaction.JTA.TransactionImpl.commitXAResources(TransactionImpl.java:2518)
        at com.ibm.ws.Transaction.JTA.TransactionImpl.stage1CommitProcessing(TransactionImpl.java:1635)
        at com.ibm.ws.Transaction.JTA.TransactionImpl.processCommit(TransactionImpl.java:1595)
        at com.ibm.ws.Transaction.JTA.TransactionImpl.commit(TransactionImpl.java:1530)
        at com.ibm.ws.Transaction.JTA.TranManagerImpl.commit(TranManagerImpl.java:237)
        at com.ibm.ws.Transaction.JTA.TranManagerSet.commit(TranManagerSet.java:162)
        at com.ibm.ws.Transaction.JTA.UserTransactionImpl.commit(UserTransactionImpl.java:292)
        at com.ibm.ejs.container.UserTransactionWrapper.commit(UserTransactionWrapper.java:264)
        at suite.r70.acommon.transactionservice.JTATransactionService.commitTransaction(JTATransactionService.java:39)

 and 

Caused by: java.security.AccessControlException: Access denied (java.lang.RuntimePermission
modifyThreadGroup)
        at java.security.AccessController.checkPermission(AccessController.java:104)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
        at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
        at com.ibm.ws.security.core.SecurityManager.checkAccess(SecurityManager.java:309)
        at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:222)
        at java.lang.Thread.initialize(Thread.java:342)
        at java.lang.Thread.<init>(Thread.java:276)
        at java.lang.Thread.<init>(Thread.java:168)
        at org.apache.openjpa.datacache.DataCacheScheduler.scheduleEviction(DataCacheScheduler.java:100)
        at org.apache.openjpa.datacache.AbstractDataCache.initialize(AbstractDataCache.java:89)
        at org.apache.openjpa.datacache.ConcurrentDataCache.initialize(ConcurrentDataCache.java:91)
        at org.apache.openjpa.datacache.DataCacheManagerImpl.initialize(DataCacheManagerImpl.java:51)
        at org.apache.openjpa.conf.OpenJPAConfigurationImpl.getDataCacheManagerInstance(OpenJPAConfigurationImpl.java:602)
        at org.apache.openjpa.kernel.AbstractBrokerFactory.newBroker(AbstractBrokerFactory.java:181)

I have created a patch and am running more tests before posting it to this report.

> Java 2 security Access denied in File.toURL() call
> --------------------------------------------------
>
>                 Key: OPENJPA-339
>                 URL: https://issues.apache.org/jira/browse/OPENJPA-339
>             Project: OpenJPA
>          Issue Type: Bug
>          Components: lib
>    Affects Versions: 0.9.7
>            Reporter: Albert Lee
>            Assignee: Albert Lee
>             Fix For: 1.1.0
>
>         Attachments: OPENJPA-339.patch
>
>
> Encounter the following access denial exception when Java 2 security is enabled in application
server environment.
> File.toURL() is not documented which requires security check, however indirectly, the
File.isDirectory() is invoked, which required security permission.
> Exception = java.security.AccessControlException
> Source = com.ibm.ws.security.core.SecurityManager
> probeid = 180
> Stack Dump = java.security.AccessControlException: Access denied (java.io.FilePermission
C:\WAS3\profiles\AppSrv01\installedApps\javajoeNode01Cell\EJB3JPACallbackBeanApp.ear\EJB3JPACallbackWebApp.war\WEB-INF\classes\suite\r70\base\jpaspec\callback\entities\AbstractCallbackEntity.class
read)
>         at java.security.AccessController.checkPermission(AccessController.java:104)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
>         at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
>         at java.lang.SecurityManager.checkRead(SecurityManager.java:886)
>         at java.io.File.isDirectory(File.java:747)
>         at java.io.File.toURL(File.java:620)
>         at org.apache.openjpa.lib.meta.FileMetaDataIterator.next(FileMetaDataIterator.java:114)
>         at org.apache.openjpa.lib.meta.ClassArgParser.mapTypeNames(ClassArgParser.java:283)
>         at org.apache.openjpa.meta.AbstractCFMetaDataFactory.scan(AbstractCFMetaDataFactory.java:778)
>         at org.apache.openjpa.meta.AbstractCFMetaDataFactory.parsePersistentTypeNames(AbstractCFMetaDataFactory.java:637)
>         at org.apache.openjpa.meta.AbstractCFMetaDataFactory.getPersistentTypeNames(AbstractCFMetaDataFactory.java:605)
>         at org.apache.openjpa.meta.MetaDataRepository.getPersistentTypeNames(MetaDataRepository.java:1214)
>         at org.apache.openjpa.meta.MetaDataRepository.loadPersistentTypes(MetaDataRepository.java:1231)
>         at org.apache.openjpa.kernel.AbstractBrokerFactory.loadPersistentTypes(AbstractBrokerFactory.java:245)
>         at org.apache.openjpa.kernel.AbstractBrokerFactory.newBroker(AbstractBrokerFactory.java:197)
>         at org.apache.openjpa.kernel.DelegatingBrokerFactory.newBroker(DelegatingBrokerFactory.java:142)
>         at org.apache.openjpa.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:190)
>         at com.ibm.ws.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:37)
>         at com.ibm.ws.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:28)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message