Return-Path: X-Original-To: apmail-clerezza-dev-archive@www.apache.org Delivered-To: apmail-clerezza-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 98F8C1047B for ; Tue, 17 Dec 2013 10:15:18 +0000 (UTC) Received: (qmail 22074 invoked by uid 500); 17 Dec 2013 10:15:17 -0000 Delivered-To: apmail-clerezza-dev-archive@clerezza.apache.org Received: (qmail 21987 invoked by uid 500); 17 Dec 2013 10:15:13 -0000 Mailing-List: contact dev-help@clerezza.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@clerezza.apache.org Delivered-To: mailing list dev@clerezza.apache.org Received: (qmail 21972 invoked by uid 99); 17 Dec 2013 10:15:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Dec 2013 10:15:11 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of andy.seaborne.apache@gmail.com designates 74.125.82.169 as permitted sender) Received: from [74.125.82.169] (HELO mail-we0-f169.google.com) (74.125.82.169) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Dec 2013 10:15:03 +0000 Received: by mail-we0-f169.google.com with SMTP id w61so5886098wes.0 for ; Tue, 17 Dec 2013 02:14:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=IjXc9CgeG0bUNXIMjESnzawMPyLnB57jLiTRDKlAIWE=; b=XzKSwM1E7uuWVHs+svYV3adDh14asmFqU/oO2wAFVUV8VTjnFkO624B9ZC3oLc7nyU aAZZeRr5O/4XgKWR5Dv3ba7tPchHpD8aTD3YZQ+RCAtYF68slGAUR3FEvpMge6MxuqTL bD9boTlFP+ePlNeXYLIKFa+JFrYU/WxWW54tnFuq6KxK+xQIN2NQqioZOcSDreX3JRNC yc0xehi+1lB370dXnfSPB8R2dH9w5mA1A77em4sXgOSyEwZovnS2BUlnX2jIIznuzRa3 n5ow+xb9LcQRL9cHrjWW3hN7hstBaUG6WgGeT66hQyhdUOZX84soBpFhzI6SHugiY8MP IOLA== X-Received: by 10.194.104.42 with SMTP id gb10mr18194951wjb.16.1387275282935; Tue, 17 Dec 2013 02:14:42 -0800 (PST) Received: from [192.168.0.114] (cpc37-aztw23-2-0-cust35.18-1.cable.virginm.net. [94.174.128.36]) by mx.google.com with ESMTPSA id q19sm33601841wiw.4.2013.12.17.02.14.41 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 17 Dec 2013 02:14:42 -0800 (PST) Message-ID: <52B02410.2050003@apache.org> Date: Tue, 17 Dec 2013 10:14:40 +0000 From: Andy Seaborne User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: dev@clerezza.apache.org, dev@stanbol.apache.org Subject: Re: Clerezza/Jena SPARQL initialization fails due to a SecurityException References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On 17/12/13 08:35, Rupert Westenthaler wrote: > Hi Clerezza & Stanbol Community > > This morning I looked into the last two integration tests failing in > the trunk version. One of those was related to the SPARQL endpoint of > the Stanbol Enhancer that allows to perform SPARQL queries on the > Enhancer configuration. > > First I throughout this was caused by some classpath problems related > to Xerces in the Jena TDB bundle as I was getting > > Caused by: java.lang.NoClassDefFoundError: Could not initialize > class com.hp.hpl.jena.sparql.expr.NodeValue > at com.hp.hpl.jena.sparql.expr.ExprVar.eval(ExprVar.java:65) > [..] > at org.apache.clerezza.rdf.jena.sparql.ResultSetWrapper.(ResultSetWrapper.java:40) > at org.apache.clerezza.rdf.jena.sparql.JenaSparqlEngine.execute(JenaSparqlEngine.java:84) > at org.apache.stanbol.enhancer.jersey.resource.EnhancerRootResource$EnhancerResource.sparql(EnhancerRootResource.java:160) > [..] > > However when you restart Stanbol so that this error appears the first > time you can see a completely different stack trace: > > > Caused by: org.glassfish.jersey.server.ContainerException: > java.lang.ExceptionInInitializerError > at org.glassfish.jersey.servlet.internal.ResponseWriter.rethrow(ResponseWriter.java:230) > [..] > Caused by: java.lang.ExceptionInInitializerError > at com.hp.hpl.jena.sparql.expr.ExprVar.eval(ExprVar.java:65) > [..] > Caused by: java.security.AccessControlException: access denied > ("java.io.FilePermission" > "/Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre:lib:jaxp.properties" > "read") > at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) > at java.security.AccessController.checkPermission(AccessController.java:559) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at java.io.File.exists(File.java:808) > at com.hp.hpl.jena.sparql.expr.NodeValue.getDatatypeFactory(NodeValue.java:211) > at com.hp.hpl.jena.sparql.expr.NodeValue.(NodeValue.java:186) > > Based on that it is clearly caused by a missing permission or privileged block. > > In Stanbol I can fix this by adding such a privileged block over the > call to the Clerezza query engine, but this should clearly be fixed in > the actual implementation of Clerezza. > > In Stanbol this is the actual cause for STANBOL-1188, but this might > also need an Issue for Clerezza. > > best > Rupert > Jena version? (Just so line numbers line up - the code hasn't changed in a while around here.) It looks like JENA-328. https://issues.apache.org/jira/browse/JENA-328 NodeValue.getDatatypeFactory() has to go through hoops and maybe it's not going through enough hoops or the right hooks. https://svn.apache.org/repos/asf/jena/trunk/jena-arq/src/main/java/com/hp/hpl/jena/sparql/expr/NodeValue.java Suggestions welcome - we seem to be at the point where what works for one setup does not work for another - but is it a case of just protecting the File.exists? Where is the DatatypeFactory supposed to come from in the glassfish case? Andy