Please open an issue. I've also been thinking that Tapestry should be making use of AccessController.doPrivileged() ... I'm just not sure exactly what things need it. Certainly, creating a ClassLoader.
On Wed, Feb 11, 2009 at 2:57 AM, Ulrich Stärk <u...@spielviel.de> wrote: > This has come up before (for example here: > http://markmail.org/thread/as67xcjkw2s2pbiw) and at the moment the only > solution according to Howard is to completely deactivate security which I'm > not very happy with. > > Howard, should I open an issue for specifying the access rights Tapestry > needs or do you already have something up your sleeve? > > Cheers, > > Uli > > Ulrich Stärk schrieb: >> >> The policy is of course >> >> grant codeBase "file:/var/lib/tomcat5.5/webapps/mailadmin/-" { >> permission java.security.AllPermission; >> }; >> >> Uli >> >> Ulrich Stärk schrieb: >>> >>> Hi, >>> >>> I've got a Tomcat 5.5 installation with a very restrictive security >>> policy in place. When I try to access my application, I get a nasty security >>> exception: java.security.AccessControlException: access denied >>> (java.io.FilePermission >>> /var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class >>> read) (see below for the full exception). >>> >>> But I have a policy that should grant everything below >>> /var/lib/tomcat5.5/webapps/mailadmin/ (and hence also the tapestry jars in >>> WEB-INF/lib) the AllPermission: >>> >>> grant codeBase "file:/var/lib/tomcat5.5/webapps/mywebapp/-" { >>> permission java.security.AllPermission; >>> }; >>> >>> This doesn't seem to work though. Does anyone have an idea what's wrong >>> here? >>> >>> TIA, >>> >>> Uli >>> >>> java.security.AccessControlException: access denied >>> (java.io.FilePermission >>> /var/lib/tomcat5.5/webapps/mailadmin/WEB-INF/classes/org/apache/tapestry5/corelib/components/Loop$1.class >>> read) >>> >>> >>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) >>> >>> java.security.AccessController.checkPermission(AccessController.java:546) >>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532) >>> java.lang.SecurityManager.checkRead(SecurityManager.java:871) >>> java.io.File.exists(File.java:731) >>> >>> org.apache.naming.resources.FileDirContext.file(FileDirContext.java:828) >>> >>> org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:211) >>> >>> >>> org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:294) >>> >>> >>> org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1925) >>> >>> >>> org.apache.catalina.loader.WebappClassLoader.findResource(WebappClassLoader.java:937) >>> >>> >>> org.apache.catalina.loader.WebappClassLoader.getResource(WebappClassLoader.java:1072) >>> java.lang.ClassLoader.getResource(ClassLoader.java:972) >>> java.lang.ClassLoader.getResource(ClassLoader.java:972) >>> >>> >>> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.addClassFileToChangeTracker(ComponentInstantiatorSourceImpl.java:246) >>> >>> >>> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl.onLoad(ComponentInstantiatorSourceImpl.java:192) >>> javassist.Loader.findClass(Loader.java:340) >>> >>> >>> org.apache.tapestry5.internal.services.ComponentInstantiatorSourceImpl$PackageAwareLoader.findClass(ComponentInstantiatorSourceImpl.java:94) >>> javassist.Loader.loadClass(Loader.java:311) >>> java.lang.ClassLoader.loadClass(ClassLoader.java:251) >>> java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) >>> org.apache.tapestry5.corelib.components.Loop.<clinit>(Loop.java:42) >>> $Instantiator_11f648c8ff4.newInstance($Instantiator_11f648c8ff4.java) >>> >>> >>> org.apache.tapestry5.internal.structure.InternalComponentResourcesImpl.<init>(InternalComponentResourcesImpl.java:132) >>> >>> >>> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.<init>(ComponentPageElementImpl.java:559) >>> >>> >>> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.newChild(ComponentPageElementImpl.java:637) >>> >>> >>> org.apache.tapestry5.internal.services.PageElementFactoryImpl.newComponentElement(PageElementFactoryImpl.java:229) >>> >>> >>> $PageElementFactory_11f648c8fc7.newComponentElement($PageElementFactory_11f648c8fc7.java) >>> >>> >>> org.apache.tapestry5.internal.services.PageLoaderProcessor.startComponent(PageLoaderProcessor.java:699) >>> >>> >>> org.apache.tapestry5.internal.services.PageLoaderProcessor.loadTemplateForComponent(PageLoaderProcessor.java:497) >>> >>> >>> org.apache.tapestry5.internal.services.PageLoaderProcessor.workComponentQueue(PageLoaderProcessor.java:851) >>> >>> >>> org.apache.tapestry5.internal.services.PageLoaderProcessor.loadPage(PageLoaderProcessor.java:390) >>> >>> >>> org.apache.tapestry5.internal.services.PageLoaderImpl.loadPage(PageLoaderImpl.java:53) >>> $PageLoader_11f648c8fbc.loadPage($PageLoader_11f648c8fbc.java) >>> >>> >>> org.apache.tapestry5.internal.services.PagePoolCache.checkout(PagePoolCache.java:210) >>> >>> >>> org.apache.tapestry5.internal.services.PagePoolImpl.checkout(PagePoolImpl.java:99) >>> $PagePool_11f648c8fbb.checkout($PagePool_11f648c8fbb.java) >>> >>> >>> org.apache.tapestry5.internal.services.RequestPageCacheImpl.get(RequestPageCacheImpl.java:51) >>> $RequestPageCache_11f648c8fba.get($RequestPageCache_11f648c8fba.java) >>> $RequestPageCache_11f648c8fb9.get($RequestPageCache_11f648c8fb9.java) >>> >>> >>> org.apache.tapestry5.internal.services.DefaultRequestExceptionHandler.handleRequestException(DefaultRequestExceptionHandler.java:69) >>> >>> >>> $RequestExceptionHandler_11f648c8fa4.handleRequestException($RequestExceptionHandler_11f648c8fa4.java) >>> >>> >>> org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:42) >>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java) >>> >>> >>> org.apache.tapestry5.services.TapestryModule$4.service(TapestryModule.java:759) >>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java) >>> >>> >>> org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:749) >>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java) >>> >>> >>> org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85) >>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java) >>> >>> >>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:90) >>> >>> >>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:81) >>> >>> >>> org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85) >>> >>> >>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:103) >>> $RequestHandler_11f648c8fa6.service($RequestHandler_11f648c8fa6.java) >>> $RequestHandler_11f648c8f9f.service($RequestHandler_11f648c8f9f.java) >>> >>> >>> org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:193) >>> >>> >>> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62) >>> >>> >>> $HttpServletRequestFilter_11f648c8f9e.service($HttpServletRequestFilter_11f648c8f9e.java) >>> >>> >>> $HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java) >>> >>> >>> org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:711) >>> >>> >>> $HttpServletRequestHandler_11f648c8fa1.service($HttpServletRequestHandler_11f648c8fa1.java) >>> >>> >>> $HttpServletRequestHandler_11f648c8f9c.service($HttpServletRequestHandler_11f648c8f9c.java) >>> org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:127) >>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> >>> >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>> >>> >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>> java.lang.reflect.Method.invoke(Method.java:597) >>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) >>> java.security.AccessController.doPrivileged(Native Method) >>> javax.security.auth.Subject.doAsPrivileged(Subject.java:517) >>> >>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276) >>> >>> >>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218) >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >>> For additional commands, e-mail: users-h...@tapestry.apache.org >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > -- Howard M. Lewis Ship Creator Apache Tapestry and Apache HiveMind --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
