struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Luppens <philip.lupp...@gmail.com>
Subject Re: Convention/XWork on GAE: unable to get members (SecurityException)
Date Mon, 24 Aug 2009 08:41:18 GMT
On Mon, Aug 24, 2009 at 10:11 AM, Jeromy
Evans<jeromy.evans@blueskyminds.com.au> wrote:
>
> On 24/08/2009, at 1:29 PM, Jeromy Evans wrote:
>
>>
>> As a work-around (guess), I changed it to cimpl.getDeclaredClasses()
>> instead which is permitted (I don't know if this has the same effect on the
>> ClassLoader).  That got me past the issue above, but the same
>> SecurityException occurs in XWork's
>> ContainerImpl$ConstructorInjector.findConstructorIn():
>> SecurityException: Unable to get members for Class
>> o.a.s.v.v.VelocityManager
>>
>
> This exception occurs within Google App Engine because XWork eagerly loads
> the VelocityManager Class for the bean struts-default.xml.  VelocityManager
> uses the VelocityToolbox optional dependency (in velocity-tools) which is
> not deployed with the application by default.  I presume the GAE ClassLoader
> checks all imported classes against the whitelist and fails if the class is
> not found.
> It's overcome by deploying the application velocity.
>
> I now have Struts 2.1.8-snapshot with Convention, Sitemesh and JSON, within
> a Guice2 servlet filter for IOC, running within GAE.
>
> The mandatory work-around are:
>  - to still use a ServletContextListener to disable the OgnlRuntime security
> manager.  If not done, an IllegalAccessException occurs in
> OgnlUtil.setProperty(String) at run-time.  This exception is swallowed, but
> it typically results in an NPE in ServletRedirectResult.isPathUrl(String)
> because location cannot be set.
>  - the velocity dependencies need to be deployed with the application even
> if not in use.  If not done, a security exception occurs while getting the
> members of VelocityManager because VelocityManager imports VelocityToolbox
> and VelocityEngine.
>
> I don't think any S2 code changes are required at this time.
>
> regards,
>  Jeromy Evans

Just to make sure it doesn't get lost, I've added it to the FAQ on GAE.

http://cwiki.apache.org/confluence/display/WW/Google+App+Engine+%28GAE%29

Feel free to clean up/clarify.

Phil

-- 
"We cannot change the cards we are dealt, just how we play the hand."
- Randy Pausch

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message