tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Anstis" <michael.ans...@googlemail.com>
Subject Re: Permissions for Sun JSF RI and Security Manager under Tomcat 6.0?
Date Wed, 25 Jun 2008 20:08:50 GMT
Hi,

I think I have found the cause!

My application code contains the following:-

FacesContext fc = FacesContext.getCurrentInstance();
ExpressionFactory ef = fc.getApplication().getExpressionFactory();
ELContext elc = fc.getELContext();
ValueExpression ve = ef.createValueExpression(elc, expr, clazz);
Object result = ve.getValue(elc);

The implementation of javax.el.ValueExpression is org.apache.jasper.el.
JspValueExpression which is in the org.apache.jasper.el package. Access to
this package is prevented by default by the catalina.properties file!
Hurrah, problem resolved!

However I still need somebody "official" to confirm this - as my hosting
company wants some official statement.

I will cross-post to the developer mailing list (so sorry to those affected)
in case this is more of a development issue.

Can anybody confirm and provide an "official" statement about the
programmatic use of EL and security settings?

Thanks,

 Mike


On 24/06/2008, Michael Anstis <michael.anstis@googlemail.com> wrote:
>
> Hi,
>
> Firstly, sorry for the long stack traces in here but I included the lot
> incase what I discount somebody else picks up on.
>
> Anyway, when trying to use JSF 1.2-b20-FCS on Tomcat 6.0 with Java 2
> Security Manager enabled I receive the below.
>
> This can be replicated by creating a new WAR and simply adding jsf-api.jar
> and jsf-impl.jar to the WEB-INF\lib folder on a vanila install of Tomcat
> 6.0.
>
> SEVERE: Exception sending context initialized event to listener instance of *class* com.sun.faces.config.GlassFishConfigureListener
> java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.el)
>         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
>         at java.security.AccessController.checkPermission(AccessController.java:427)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>         at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
>         at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
>         at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
>         at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
>         at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
>         at org.apache.jasper.runtime.JspFactoryImpl.getJspApplicationContext(JspFactoryImpl.java:200)
>         at com.sun.faces.config.ConfigureListener.registerELResolverAndListenerWithJsp(ConfigureListener.java:1874)
>         at com.sun.faces.config.ConfigureListener.contextInitialized(ConfigureListener.java:546)
>         at com.sun.faces.config.GlassFishConfigureListener.contextInitialized(GlassFishConfigureListener.java:47)
>         at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3830)
>         at org.apache.catalina.core.StandardContext.start(StandardContext.java:4337)
>         at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
>         at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
>         at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
>         at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
>         at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
>         at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:511)
>         at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1220)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:585)
>         at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
>         at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
>         at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
>         at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
>         at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
>         at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1458)
>         at org.apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:820)
>         at org.apache.catalina.manager.ManagerServlet.doGet(ManagerServlet.java:348)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:585)
>         at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
>         at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
>         at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
>         at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
>         at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
>         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
>         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>         at java.lang.Thread.run(Thread.java:595)
>
>
> If I was hosting the affected application on my own server or it was simply
> a development issue I would simply grant the permission (indeed I do this
> whilst developing) however the company I use to host the application only
> provides a shared Tomcat instance (it is cheap) and are understandably
> reluctant to grant the permission without it being officially confirmed as a
> requirement.
>
> Can anybody confirm that JSF RI under Tomcat 6.0 needs the permission
> granted?
>
> Thanks,
>
> Mike
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message