Hi Paul,

As a temporary solution you could try to use AspectJ for this task (http://www.eclipse.org/aspectj/). Sounds like an ideal fit for this problem. It is a crosscutting concern after all.

You could use an around advice over the following pointcut:
call(public boolean java.io.File.Exists(..))

and simply return false. Then weave this advice to the Drools jars.

Best Regards,
Michal


On Thu, May 14, 2009 at 9:04 PM, Paul Browne <paulb@firstpartners.net> wrote:
Geoffrey,
 
The stack exception below is Drools looking for the conf file *before* it even looks for the DRL file. However *any* file IO is blocked - so even it Drools got past the File.exists(), it's likely to throw another SecurityException at the getClass().getResourceAsStream for the DRL file.
 
I say 'likely' as 3 months ago I was trying to get version 4 of Drools running in an Applet environment (has similar security constraints), and worked my way through the source code to resolve the security exceptions. In that case, getClass().getResourceAsStream was blocked.
 
Any suggestions?
 
Thanks
 
Paul
 


 
On Wed, May 13, 2009 at 4:51 PM, Geoffrey De Smet <ge0ffrey.spam@gmail.com> wrote:
Does this File.exists() usage occur even if your DRL is a classpath resource and fetched with getClass().getResourceAsStream()?

With kind regards,
Geoffrey De Smet


Paul Browne schreef:
Folks,

Are there any plans to tweak Drools to allow it to run in a security constrained environment such as Google App Engine or Applets? I know some of the other JBoss.org projects have this on the 'todo' list.

When I try to load a simple web application using drools into the Google App Engine, I get the error below.The app itself is the sample 8 from the following web page, but tweaked according to the Google 'howto' to get it up and running in the app engine; http://code.google.com/p/red-piranha/

My understanding of the problem is that drools is using File access to check if the configuration file exists the first time it is run. This is constrained in App Engine - just like the J2EE spec says it should be (although most other app servers allow you to get away with this!). I know that if I tweak the source code there will be other points where similar file access is required.

While not trivial, would it be possible to add a one-line check for that the user has permission to do file.io <http://file.io> before calling File.Exists  (the alternative , of catching and ignoring the AccessControlException is ugly!). The hardest part of this is that the check would need to be added at multiple points in the Drools source code.


Any thoughts / comments/ suggestions?

Paul

www.firstpartners.net/blog <http://www.firstpartners.net/blog>



WARNING: java.security.AccessControlException: access denied (java.io.FilePermission /home/paul/drools.rulebase.conf read)
13-May-2009 09:04:16 com.google.apphosting.utils.jetty.JettyLogger warn
WARNING: Nested in javax.servlet.ServletException: java.security.AccessControlException: access denied (java.io.FilePermission /home/paul/drools.rulebase.conf read):
java.security.AccessControlException: access denied (java.io.FilePermission /home/paul/drools.rulebase.conf read)
   at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
   at java.security.AccessController.checkPermission(AccessController.java:546)
   at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
   at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76)
   at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
   at java.io.File.exists(File.java:731)
   at org.drools.util.ChainedProperties.loadProperties(ChainedProperties.java:225)
   at org.drools.util.ChainedProperties.<init>(ChainedProperties.java:59)
   at org.drools.util.ChainedProperties.<init>(ChainedProperties.java:31)
   at org.drools.util.ChainedProperties.<init>(ChainedProperties.java:25)
   at org.drools.RuleBaseConfiguration.init(RuleBaseConfiguration.java:174)
   at org.drools.RuleBaseConfiguration.<init>(RuleBaseConfiguration.java:133)
   at org.drools.common.AbstractRuleBase.<init>(AbstractRuleBase.java:147)
   at org.drools.reteoo.ReteooRuleBase.<init>(ReteooRuleBase.java:124)
   at org.drools.reteoo.ReteooRuleBase.<init>(ReteooRuleBase.java:101)
   at org.drools.RuleBaseFactory.newRuleBase(RuleBaseFactory.java:57)
   at org.drools.RuleBaseFactory.newRuleBase(RuleBaseFactory.java:38)
   at net.firstpartners.drools.RuleRunner.loadRules(RuleRunner.java:39)
   at net.firstpartners.drools.RuleRunner.runStatelessRules(RuleRunner.java:167)
   at net.firstpartners.rp2.rp2Servlet.callRules(rp2Servlet.java:96)
   at net.firstpartners.rp2.rp2Servlet.service(rp2Servlet.java:137)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
   at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
   at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
   at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
   at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
   at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
   at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
   at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
   at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)
   at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
   at com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:54)
   at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
   at com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:306)
   at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
   at org.mortbay.jetty.Server.handle(Server.java:313)
   at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
   at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:830)
   at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
   at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
   at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
   at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
   at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)


------------------------------------------------------------------------

_______________________________________________
rules-dev mailing list
rules-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-dev

_______________________________________________
rules-dev mailing list
rules-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-dev


_______________________________________________
rules-dev mailing list
rules-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-dev