Re: T5 and restrictive policies

Wed, 11 Feb 2009 02:57:54 -0800

This has come up before (for example here: http://markmail.org/thread/as67xcjkw2s2pbiw) and at the moment the only solution according to Howard is to completely deactivate security which I'm not very happy with.
Howard, should I open an issue for specifying the access rights Tapestry needs or do you already have something up your sleeve? 

Cheers,

Uli

Ulrich Stärk schrieb:

The policy is of course

grant codeBase "file:/var/lib/tomcat5.5/webapps/mailadmin/-" {
        permission java.security.AllPermission;
};

Uli

Ulrich Stärk schrieb:

Hi,


I've got a Tomcat 5.5 installation with a very restrictive security 
policy in place. When I try to access my application, I get a nasty 
security exception: java.security.AccessControlException: access 
denied (java.io.FilePermission 
/var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class 
read) (see below for the full exception).



But I have a policy that should grant everything below 
/var/lib/tomcat5.5/webapps/mailadmin/ (and hence also the tapestry 
jars in WEB-INF/lib) the AllPermission:


grant codeBase "file:/var/lib/tomcat5.5/webapps/mywebapp/-" {
        permission java.security.AllPermission;
};


This doesn't seem to work though. Does anyone have an idea what's 
wrong here?


TIA,

Uli


java.security.AccessControlException: access denied 
(java.io.FilePermission 
/var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class 
read)
    
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) 

    
java.security.AccessController.checkPermission(AccessController.java:546)

    java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    java.lang.SecurityManager.checkRead(SecurityManager.java:871)
    java.io.File.exists(File.java:731)

    
org.apache.naming.resources.FileDirContext.file(FileDirContext.java:828)
    
org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:211) 

    
org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:294) 

    
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1925) 

    
org.apache.catalina.loader.WebappClassLoader.findResource(WebappClassLoader.java:937) 

    
org.apache.catalina.loader.WebappClassLoader.getResource(WebappClassLoader.java:1072) 


    java.lang.ClassLoader.getResource(ClassLoader.java:972)
    java.lang.ClassLoader.getResource(ClassLoader.java:972)

    
org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.addClassFileToChangeTracker(ComponentInstantiatorSourceImpl.java:246) 

    
org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.onLoad(ComponentInstantiatorSourceImpl.java:192) 


    javassist.Loader.findClass(Loader.java:340)

    
org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl$PackageAwareLoader.findClass(ComponentInstantiatorSourceImpl.java:94) 


    javassist.Loader.loadClass(Loader.java:311)
    java.lang.ClassLoader.loadClass(ClassLoader.java:251)
    java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
    org.apache.tapestry5.corelib.components.Loop.<clinit>(Loop.java:42)
    $Instantiator_11f648c8ff4.newInstance($Instantiator_11f648c8ff4.java)

    
org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl.<init>(InternalComponentResourcesImpl.java:132) 

    
org.apache.tapestry5.internal.structure.ComponentPageElementImpl.<init>(ComponentPageElementImpl.java:559) 

    
org.apache.tapestry5.internal.structure.ComponentPageElementImpl.newChild(ComponentPageElementImpl.java:637) 

    
org.apache.tapestry5.internal.services.PageElementFactoryImpl.newComponentElement(PageElementFactoryImpl.java:229) 

    
$PageElementFactory_11f648c8fc7.newComponentElement($PageElementFactory_11f648c8fc7.java) 

    
org.apache.tapestry5.internal.services.PageLoaderProcessor.startComponent(PageLoaderProcessor.java:699) 

    
org.apache.tapestry5.internal.services.PageLoaderProcessor.loadTemplateForComponent(PageLoaderProcessor.java:497) 

    
org.apache.tapestry5.internal.services.PageLoaderProcessor.workComponentQueue(PageLoaderProcessor.java:851) 

    
org.apache.tapestry5.internal.services.PageLoaderProcessor.loadPage(PageLoaderProcessor.java:390) 

    
org.apache.tapestry5.internal.services.PageLoaderImpl.loadPage(PageLoaderImpl.java:53) 


    $PageLoader_11f648c8fbc.loadPage($PageLoader_11f648c8fbc.java)

    
org.apache.tapestry5.internal.services.PagePoolCache.checkout(PagePoolCache.java:210) 

    
org.apache.tapestry5.internal.services.PagePoolImpl.checkout(PagePoolImpl.java:99) 


    $PagePool_11f648c8fbb.checkout($PagePool_11f648c8fbb.java)

    
org.apache.tapestry5.internal.services.RequestPageCacheImpl.get(RequestPageCacheImpl.java:51) 


    $RequestPageCache_11f648c8fba.get($RequestPageCache_11f648c8fba.java)
    $RequestPageCache_11f648c8fb9.get($RequestPageCache_11f648c8fb9.java)

    
org.apache.tapestry5.internal.services.DefaultRequestExceptionHandler.handleRequestException(DefaultRequestExceptionHandler.java:69) 

    
$RequestExceptionHandler_11f648c8fa4.handleRequestException($RequestExceptionHandler_11f648c8fa4.java) 

    
org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:42) 


    $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)

    
org.apache.tapestry5.services.TapestryModule$4.service(TapestryModule.java:759) 


    $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)

    
org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:749) 


    $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)

    
org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85) 


    $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)

    
org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:90) 

    
org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:81) 

    
org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85) 

    
org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:103) 


    $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java)
    $RequestHandler_11f648c8f9f.service($RequestHandler_11f648c8f9f.java)

    
org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:193) 

    
org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62) 

    
$HttpServletRequestFilter_11f648c8f9e.service($HttpServletRequestFilter_11f648c8f9e.java) 

    
$HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java) 

    
org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:711) 

    
$HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java) 

    
$HttpServletRequestHandler_11f648c8f9c.service($HttpServletRequestHandler_11f648c8f9c.java) 


    org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:127)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 

    
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 


    java.lang.reflect.Method.invoke(Method.java:597)

    
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)

    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)

    
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
    
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218) 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org























					Reply via email to