Re: [rules-dev] Drools in Google App Engine

I am not surprised that File.exists() fails, but why does getClass().getResourceAsStream() fail? In Applets, the latter should work: http://java.sun.com/docs/books/tutorial/uiswing/components/applet.html chapter Using Images in a Swing Applet. Because getClass().getResourceAsStream() only looks in the classpath, I see not reason that Google App Engine would block it. With kind regards, Geoffrey De Smet Paul Browne schreef: > Geoffrey, > The stack exception below is Drools looking for the conf file *before* it > even looks for the DRL file. However *any* file IO is blocked - so even it > Drools got past the File.exists(), it's likely to throw another > SecurityException at the getClass().getResourceAsStream for the DRL file. > I say 'likely' as 3 months ago I was trying to get version 4 of Drools > running in an Applet environment (has similar security constraints), and > worked my way through the source code to resolve the security exceptions. In > that case, getClass().getResourceAsStream was blocked. > Any suggestions? > Thanks > Paul > > > On Wed, May 13, 2009 at 4:51 PM, Geoffrey De Smet < > ge0ffrey.spam(a)gmail.com <mailto:ge0ffrey.spam@gmail.com>> wrote: > > Does this File.exists() usage occur even if your DRL is a classpath > resource and fetched with getClass().getResourceAsStream()? > > With kind regards, > Geoffrey De Smet > > > Paul Browne schreef: > > Folks, > > Are there any plans to tweak Drools to allow it to run in a > security constrained environment such as Google App Engine or > Applets? I know some of the other JBoss.org projects have this > on the 'todo' list. > > When I try to load a simple web application using drools into > the Google App Engine, I get the error below.The app itself is > the sample 8 from the following web page, but tweaked according > to the Google 'howto' to get it up and running in the app > engine; http://code.google.com/p/red-piranha/ > > My understanding of the problem is that drools is using File > access to check if the configuration file exists the first time > it is run. This is constrained in App Engine - just like the > J2EE spec says it should be (although most other app servers > allow you to get away with this!). I know that if I tweak the > source code there will be other points where similar file access > is required. > > While not trivial, would it be possible to add a one-line check > for that the user has permission to do file.io <http://file.io/> > <http://file.io <http://file.io/>> before calling File.Exists > > (the alternative , of catching and ignoring the > AccessControlException is ugly!). The hardest part of this is > that the check would need to be added at multiple points in the > Drools source code. > > > Any thoughts / comments/ suggestions? > > Paul > > www.firstpartners.net/blog <http://www.firstpartners.net/blog> > <http://www.firstpartners.net/blog> > > > > WARNING: java.security.AccessControlException: access denied > (java.io.FilePermission /home/paul/drools.rulebase.conf read) > 13-May-2009 09:04:16 > com.google.apphosting.utils.jetty.JettyLogger warn > WARNING: Nested in javax.servlet.ServletException: > java.security.AccessControlException: access denied > (java.io.FilePermission /home/paul/drools.rulebase.conf read): > java.security.AccessControlException: access denied > (java.io.FilePermission /home/paul/drools.rulebase.conf read) > at > > java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) > at > > java.security.AccessController.checkPermission(AccessController.java:546) > at > java.lang.SecurityManager.checkPermission(SecurityManager.java:532) > at > > com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76) > at java.lang.SecurityManager.checkRead(SecurityManager.java:871) > at java.io.File.exists(File.java:731) > at > > org.drools.util.ChainedProperties.loadProperties(ChainedProperties.java:225) > at > org.drools.util.ChainedProperties.<init>(ChainedProperties.java:59) > at > org.drools.util.ChainedProperties.<init>(ChainedProperties.java:31) > at > org.drools.util.ChainedProperties.<init>(ChainedProperties.java:25) > at > > org.drools.RuleBaseConfiguration.init(RuleBaseConfiguration.java:174) > at > > org.drools.RuleBaseConfiguration.<init>(RuleBaseConfiguration.java:133) > at > > org.drools.common.AbstractRuleBase.<init>(AbstractRuleBase.java:147) > at > org.drools.reteoo.ReteooRuleBase.<init>(ReteooRuleBase.java:124) > at > org.drools.reteoo.ReteooRuleBase.<init>(ReteooRuleBase.java:101) > at > org.drools.RuleBaseFactory.newRuleBase(RuleBaseFactory.java:57) > at > org.drools.RuleBaseFactory.newRuleBase(RuleBaseFactory.java:38) > at > net.firstpartners.drools.RuleRunner.loadRules(RuleRunner.java:39) > at > > net.firstpartners.drools.RuleRunner.runStatelessRules(RuleRunner.java:167) > at > net.firstpartners.rp2.rp2Servlet.callRules(rp2Servlet.java:96) > at net.firstpartners.rp2.rp2Servlet.service(rp2Servlet.java:137) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) > at > > org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487) > at > > org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093) > at > > com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43) > at > > org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) > at > > org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360) > at > > org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) > at > > org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181) > at > > org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712) > at > > org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405) > at > > com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:54) > at > > org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139) > at > > com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:306) > at > > org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139) > at org.mortbay.jetty.Server.handle(Server.java:313) > at > > org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506) > at > > org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:830) > at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514) > at > org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211) > at > org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381) > at > > org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396) > at > > org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442) > > > > ------------------------------------------------------------------------ > > _______________________________________________ > rules-dev mailing list > rules-dev(a)lists.jboss.org <mailto:rules-dev@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/rules-dev > > > _______________________________________________ > rules-dev mailing list > rules-dev(a)lists.jboss.org <mailto:rules-dev@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/rules-dev > > > > ------------------------------------------------------------------------ > > _______________________________________________ > rules-dev mailing list > rules-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/rules-dev > _______________________________________________ rules-dev mailing list rules-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-dev