9:27 a.m.
[ http://jira.jboss.com/jira/browse/JBRULES-562?page=all ]
Edson Tirelli resolved JBRULES-562.
-----------------------------------
Fix Version/s: 3.1-m1
Resolution: Done
Setting the protection domain when defining the field extractor class.
Commited into 3.0.x branch in revision #7643:
$ svn commit -m "JBRULES-562: Setting the protection domain when creating field
accessors" drools-core/src/main/java/org/drools/base/ClassFieldExtractorFactory.java
Sending drools-core/src/main/java/org/drools/base/ClassFieldExtractorFactory.java
Transmitting file data .
Committed revision 7643.
Commited into trunk in revision #7646:
$ svn commit -m "JBRULES-562: Setting the protection domain when creating field
accessors" src/main/java/org/drools/base/ClassFieldExtractorFactory.java
Sending src/main/java/org/drools/base/ClassFieldExtractorFactory.java
Transmitting file data .
Committed revision 7646.
Steven, could you please test and let me know if you find any problems?
Thank you for reporting and providing a patch.
Thanks,
Edson
Security Permission problem in Websphere 6.1
--------------------------------------------
Key: JBRULES-562
URL: http://jira.jboss.com/jira/browse/JBRULES-562
Project: JBoss Rules
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Reteoo
Affects Versions: 3.0.4
Reporter: Edson Tirelli
Assigned To: Edson Tirelli
Fix For: 3.0.5, 3.1-m1
FROM STEVE'S EMAIL:
----------------------
Hi all,
We are using WebSphere 6.1 with java security switched on and get the following error
when we attempt to run drools:
Permission:
\D:\WS_STAGE2\ec_ejb\bin\au\gov\vic\dse\lx\ec\Message.class : Access denied (
java.io.FilePermission \D:\WS_STAGE2\ec_ejb\bin\au\gov\vic\dse\lx\ec\Message.class read)
Code:
org.drools.base.au.gov.vic.dse.lx.ec.Message$getStatus in {null code URL}
Stack Trace:
java.security.AccessControlException : Access denied (java.io.FilePermission
\D:\WS_STAGE2\ec_ejb\bin\au\gov\vic\dse\lx\ec\Message.class read)
at java.security.AccessController.checkPermission(AccessController.java:104)
at java.lang.SecurityManager.checkPermission (SecurityManager.java:547)
at
com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
at
com.ibm.ws.classloader.SinglePathClassProvider.check(SinglePathClassProvider.java:444)
at
com.ibm.ws.classloader.SinglePathClassProvider.checkURL(SinglePathClassProvider.java:431)
at
com.ibm.ws.classloader.SinglePathClassProvider.getResource(SinglePathClassProvider.java:423)
at
com.ibm.ws.classloader.SinglePathClassProvider.getResourceAsStream(SinglePathClassProvider.java:458)
at
com.ibm.ws.classloader.CompoundClassLoader.localGetResourceAsStream(CompoundClassLoader.java:926)
at
com.ibm.ws.classloader.CompoundClassLoader.getResourceAsStream(CompoundClassLoader.java:887)
at java.lang.Class.getResourceAsStream(Class.java:1124)
at org.drools.util.asm.ClassFieldInspector.processClass (Unknown Source)
at org.drools.util.asm.ClassFieldInspector.<init>(Unknown Source)
at org.drools.base.BaseClassFieldExtractor.<init>(Unknown Source)
at org.drools.base.au.gov.vic.dse.lx.ec.Message$getStatus .<init>(Unknown
Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:67)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:521)
at org.drools.base.ClassFieldExtractorFactory.getClassFieldExtractor (Unknown
Source)
at org.drools.base.ClassFieldExtractor.init(Unknown Source)
at org.drools.base.ClassFieldExtractor.<init>(Unknown Source)
at org.drools.base.ClassFieldExtractorCache.getExtractor (Unknown Source)
at org.drools.semantics.java.RuleBuilder.getFieldExtractor(Unknown Source)
at org.drools.semantics.java.RuleBuilder.build(Unknown Source)
at org.drools.semantics.java.RuleBuilder.build (Unknown Source)
at org.drools.semantics.java.RuleBuilder.build(Unknown Source)
at org.drools.semantics.java.RuleBuilder.build(Unknown Source)
at org.drools.compiler.PackageBuilder.addRule (Unknown Source)
at org.drools.compiler.PackageBuilder.addPackage(Unknown Source)
at org.drools.compiler.PackageBuilder.addPackageFromDrl(Unknown Source)
at au.gov.vic.dse.lx.ec.DroolsTest.readRule (DroolsTest.java:62)
It looks to me like the drools generated Message class
(org.drools.base.au.gov.vic.dse.lx.ec.Message) is failing when it attempts to access the
application Message.class via its getStatus method. We have added
java.security.AllPermission everywhere we can think of (was.policy, app.policy,
library.policy, server.policy) and it still does not work.
Has anybody got drools working in a WebSphere environment (any version) with java
security turned on?
I noticed that there used to be a problem with cglib where the generated classes did not
get the same protection domain as the cglib.jar
(http://jira.atlassian.com/browse/CONF-5955 ,
http://forum.hibernate.org/viewtopic.php?p=2190363). I know we are using ASM but maybe it
also has a similar problem?
thanks
Steve
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira