November 2008 - jboss-dev-forums - Jboss List Archives

[Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

by adrian＠jboss.org

NOTE: The above java.policy gets passed the aop problem you had Anil but then fails on the binding manager because I hadn't given any permissions to the service binding manager that lives in the shared libs (currently server/lib) | 19:37:49,508 ERROR [AbstractKernelController] Error installing to Start: name=SystemPropertyBinder state=Create | java.security.AccessControlException: access denied (java.util.PropertyPermission jboss.messaging.connector.bisocket.port write) | at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) | at java.security.AccessController.checkPermission(AccessController.java:427) | at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) | at java.lang.System.setProperty(System.java:699) | at org.jboss.services.binding.SystemPropertyBinder$1.run(SystemPropertyBinder.java:68) | at java.security.AccessController.doPrivileged(Native Method) | at org.jboss.services.binding.SystemPropertyBinder.start(SystemPropertyBinder.java:64) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at org.jboss.reflect.plugins.introspection.ReflectionUtils.invoke(ReflectionUtils.java:59) | at org.jboss.reflect.plugins.introspection.ReflectMethodInfoImpl.invoke(ReflectMethodInfoImpl.java:150) | at org.jboss.joinpoint.plugins.BasicMethodJoinPoint.dispatch(BasicMethodJoinPoint.java:66) | at org.jboss.kernel.plugins.dependency.DispatchJoinPoint.run(DispatchJoinPoint.java:47) | at java.security.AccessController.doPrivileged(Native Method) | at org.jboss.kernel.plugins.dependency.ExecutionWrapper.execute(ExecutionWrapper.java:54) | Which brings up the question whether the bootstrap files should be looking at the shared lib folder and if so whether we should move more jars from /lib into it. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187503#4187503 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187503

17 years, 5 months

1
0
0 / 0

[Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

by david.lloyd＠jboss.com

"adrian(a)jboss.org" wrote : I guess the shutdown hooks run with different rights so it needs to be a privileged block? If you make the stop() method run privileged, won't you make it kind of easy to defeat the security manager (by simply undeploying the bean, or even just getting the bean by name, or creating an instance of it, and manually calling stop() on it from hostile code)? Just trying to think if there's a way to get at that. Probably the shutdown hook is the one that should be using the privileged block - or is that what you meant? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187502#4187502 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187502

17 years, 5 months

1
0
0 / 0

[Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

by adrian＠jboss.org

The actual implementation is fairly trivial | public class SecurityPolicy | { | /** Whether to install the security manager */ | private SecurityManager securityManager; | | /** The policy url */ | private URL policyURL; | | /** | * Get the securityManager. | * | * @return the securityManager. | */ | public SecurityManager getSecurityManager() | { | return securityManager; | } | | /** | * Set the securityManager. | * | * @param securityManager the securityManager. | */ | public void setSecurityManager(SecurityManager securityManager) | { | this.securityManager = securityManager; | } | | /** | * Get the policyURL. | * | * @return the policyURL. | */ | public URL getPolicyURL() | { | return policyURL; | } | | /** | * Set the policyURL. | * | * @param policyURL the policyURL. | */ | public void setPolicyURL(URL policyURL) | { | this.policyURL = policyURL; | } | | @Start | public void start() | { | if (policyURL != null) | System.setProperty("java.security.policy", policyURL.toExternalForm()); | Policy.getPolicy().refresh(); | | if (securityManager != null) | System.setSecurityManager(securityManager); | } | | public void stop() | { | if (securityManager != null) | System.setSecurityManager(null); | } | } | with xml config | <bean name="SecurityPolicy" class="org.jboss.system.server.security.SecurityPolicy"> | <property name="securityManager"><javabean xmlns="urn:jboss:javabean:2.0" class="java.lang.SecurityManager"/></property> | <property name="policyURL">${jboss.server.config.url}/java.policy</property> | </bean> | I guess for management purposes, it would be better to have the policies defined directly in that xml using our own policy implementation? e.g. being able change policies from the profile service or management console? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187499#4187499 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187499

17 years, 5 months

1
0
0 / 0

[Design of JBoss jBPM] - Re: Problems building GWT-Console-JBPM

by heiko.braun＠jboss.com

I forgot to say that the console requires jbpm3 trunk to be installed on a AS instance anyway. Hence we did not publish snapshots yet. But I've added a README: | | Prerequisites | ------------- | | The server module needs to be deployed on a running jboss instance, along with jbpm. | The easiest way is using the installer as described here: http://www.jboss.org/community/docs/DOC-12863 | | Build and test the console | -------------------------- | General information can be found here: | https://www.jboss.org/community/docs/DOC-12879 | | But the basics steps to get going are as follows: | | 1) Build the top level module (gwt-console) | | mvn clean install | | 2) Make sure both jBPM and the server module are installed on JBoss AS instance | | See http://www.jboss.org/community/docs/DOC-12863 | | 3) Boot the AS and start the gwt console in hosted mode | | | cd war | mvn gwt:gwt | | // optionally | mvn gwt:debug | | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187497#4187497 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187497

17 years, 5 months

1
0
0 / 0

[Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

by adrian＠jboss.org

"adrian(a)jboss.org" wrote : | An alternative solution is to change the way the VFSClassLoaderPolicy determines | the code source. i.e. instead of returning the vfs url we could hack it to return | a normal url. | | ... | | An alternative solution would be to allow you to specify the codeSourceURL to use | for the classloader as a parameter when you create it. | I just tried a third alternative which is to delay the installation of the policy and security manager and make it run in new security.xml bootstrap file. This does work, I've committed it, obviously haven't enabled it by default so committing it isn't a problem. :-) To enable it change conf/bootstrap.xml | <url>classloader.xml</url> | + <url>security.xml</url> | <url>aop.xml</url> | But there's some issues that need resolving. 1) POLICY FILE You need to create a proper security policy file. The one I added in server/xxx/conf/java.policy gives everybody all permissions. I got as far as this: | grant codebase "file:/home/ejort/development/jboss-head/build/output/jboss-5.0.0.GA/bin/run.jar" { | permission java.security.AllPermission; | }; | | grant codebase "file:/home/ejort/development/jboss-head/build/output/jboss-5.0.0.GA/lib/-" { | permission java.security.AllPermission; | }; | | grant codebase "vfszip:/home/ejort/development/jboss-head/build/output/jboss-5.0.0.GA/lib/-" { | permission java.security.AllPermission; | }; | But there's other code in deployers and deploy that needs to have the AllPermission. The default policy also needs defining to have sensible rights. 2) The above shows an annoying feature. We access things in JBOSS_HOME/lib using both the file: and vfszip urls depending on whether the jars are loaded by the NoAnnotationURLClassLoader or a VFSClassLoaderPolicy. 3) I could change the file: urls above to use the system properties, but not the vfszip url. We don't have system properties for the vfs versions of the urls. 4) There's some issue at shutdown where I try to uninstall the security manager that I haven't investigated. | 19:37:51,453 WARN [StartStopLifecycleAction] Error during stop for SecurityPolicy | java.security.AccessControlException: access denied (java.lang.RuntimePermission setSecurityManager) | at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) | at java.security.AccessController.checkPermission(AccessController.java:427) | at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) | at java.lang.System.setSecurityManager0(System.java:253) | at java.lang.System.setSecurityManager(System.java:245) | at org.jboss.system.server.security.SecurityPolicy.stop(SecurityPolicy.java:97) | I guess the shutdown hooks run with different rights so it needs to be a privileged block? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187495#4187495 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187495

17 years, 5 months

1
0
0 / 0

[Design of JBoss jBPM] - Re: Problems building GWT-Console-JBPM

by heiko.braun＠jboss.com

Yes, thats two common problems. 1) 3.3.0-SNAPSHOT is not yet in the repository. I'll publish it. Until then you need to build jbpm3 trunk in order to populate your local maven repository. 2) The console code is not compatible with 3.3.0.CR1. /Heiko View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187493#4187493 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187493

17 years, 5 months

1
0
0 / 0

[Design of JBoss jBPM] - Problems building GWT-Console-JBPM

by alegomes

Hi, I was trying to build gwt-console-jbpm as stated in [1] but some issues came up: a) JBPM artifact version 3.3.0-SNAPSHOT could not be found in any repository. So, I changed it to 3.3.0.CR1.  | <jbpm.version>3.3.0.CR1</jbpm.version> b) There is a compilation error: [INFO] Compiling 25 source files to /Volumes/Data/Code/redhat/jbpm/gwt-console/server/target/classes | [INFO] ------------------------------------------------------------------------ | [ERROR] BUILD FAILURE | [INFO] ------------------------------------------------------------------------ | [INFO] Compilation failure | | /Volumes/Data/Code/redhat/jbpm/gwt-console/server/src/main/java/org/jboss/bpm/console/server/dao/internal/JBPM3CommandDelegate.java:[109,26] cannot find symbol | symbol : class DeleteProcessdefinitionCommand | location: class org.jboss.bpm.console.server.dao.internal.JBPM3CommandDelegate | | /Volumes/Data/Code/redhat/jbpm/gwt-console/server/src/main/java/org/jboss/bpm/console/server/dao/internal/JBPM3CommandDelegate.java:[123,13] cannot find symbol | symbol : method setProcessId(long) | location: class org.jbpm.command.GetProcessInstancesCommand | [1] https://www.jboss.org/community/docs/DOC-12879 thanks Alexandre Gomes View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187488#4187488 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187488

17 years, 5 months

1
0
0 / 0

[Design the new POJO MicroContainer] - Re: Possible problem with bean-deployer_2_0.xsd

by david.lloyd＠jboss.com

In any case this doesn't look like the source of the IDEA problem after all (they're still researching it though)... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187486#4187486 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187486

17 years, 5 months

1
0
0 / 0

[Design of EJB 3.0] - Re: Passivating EJB 3 Stateful Session Beans stops the World

by ALRubinger

"andy.miller(a)jboss.com" wrote : I'll have to build from trunk, correct?/quote] | | Yep. | | S, | ALR View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187482#4187482 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187482

17 years, 5 months

1
0
0 / 0

[Design of EJB 3.0] - Re: Passivating EJB 3 Stateful Session Beans stops the World

by andy.miller＠jboss.com

"ALRubinger" wrote : Hey, Andy. | | If you're still doing this testing, current trunk of AS has a new version of EJB3 with some Cache fixes in SimpleStatefulCache (ie. non-clustered SFSBs). Would be interested in hearing how this plays out. | | S, | ALR Yes. I have been trying to do a profiling run working with Jesper. I can run the test again against the SimpleStatefulCache and see what happens. That's pretty easy to do. I'll let you know what I see. I'll have to build from trunk, correct? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187476#4187476 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187476

17 years, 5 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums November 2008