On Fri, May 15, 2009 at 9:16 AM, Geoffrey De Smet <ge0ffrey.spam@gmail.com> wrote:

I am not surprised that File.exists() fails, but why does
getClass().getResourceAsStream() fail?

In Applets, the latter should work:
http://java.sun.com/docs/books/tutorial/uiswing/components/applet.html
chapter Using Images in a Swing Applet.

Because getClass().getResourceAsStream() only looks in the classpath,
I see not reason that Google App Engine would block it.

With kind regards,
Geoffrey De Smet

Paul Browne schreef:

Geoffrey,

The stack exception below is Drools looking for the conf file *before* it even looks for the DRL file. However *any* file IO is blocked - so even it Drools got past the File.exists(), it's likely to throw another SecurityException at the getClass().getResourceAsStream for the DRL file.
I say 'likely' as 3 months ago I was trying to get version 4 of Drools running in an Applet environment (has similar security constraints), and worked my way through the source code to resolve the security exceptions. In that case, getClass().getResourceAsStream was blocked.
Any suggestions?
Thanks
Paul

On Wed, May 13, 2009 at 4:51 PM, Geoffrey De Smet <ge0ffrey.spam@gmail.com <mailto:ge0ffrey.spam@gmail.com>> wrote:

Does this File.exists() usage occur even if your DRL is a classpath
resource and fetched with getClass().getResourceAsStream()?

With kind regards,
Geoffrey De Smet

Paul Browne schreef:

Folks,

Are there any plans to tweak Drools to allow it to run in a
security constrained environment such as Google App Engine or
Applets? I know some of the other JBoss.org projects have this
on the 'todo' list.

When I try to load a simple web application using drools into
the Google App Engine, I get the error below.The app itself is
the sample 8 from the following web page, but tweaked according
to the Google 'howto' to get it up and running in the app
engine; http://code.google.com/p/red-piranha/

My understanding of the problem is that drools is using File
access to check if the configuration file exists the first time
it is run. This is constrained in App Engine - just like the
J2EE spec says it should be (although most other app servers
allow you to get away with this!). I know that if I tweak the
source code there will be other points where similar file access
is required.

While not trivial, would it be possible to add a one-line check
for that the user has permission to do file.io <http://file.io/>
<http://file.io <http://file.io/>> before calling File.Exists

(the alternative , of catching and ignoring the
AccessControlException is ugly!). The hardest part of this is
that the check would need to be added at multiple points in the
Drools source code.

Any thoughts / comments/ suggestions?

Paul

www.firstpartners.net/blog <http://www.firstpartners.net/blog>
<http://www.firstpartners.net/blog>

WARNING: java.security.AccessControlException: access denied
(java.io.FilePermission /home/paul/drools.rulebase.conf read)
13-May-2009 09:04:16
com.google.apphosting.utils.jetty.JettyLogger warn
WARNING: Nested in javax.servlet.ServletException:
java.security.AccessControlException: access denied
(java.io.FilePermission /home/paul/drools.rulebase.conf read):
java.security.AccessControlException: access denied
(java.io.FilePermission /home/paul/drools.rulebase.conf read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at
java.security.AccessController.checkPermission(AccessController.java:546)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at
com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at
org.drools.util.ChainedProperties.loadProperties(ChainedProperties.java:225)
at
org.drools.util.ChainedProperties.<init>(ChainedProperties.java:59)
at
org.drools.util.ChainedProperties.<init>(ChainedProperties.java:31)
at
org.drools.util.ChainedProperties.<init>(ChainedProperties.java:25)
at
org.drools.RuleBaseConfiguration.init(RuleBaseConfiguration.java:174)
at
org.drools.RuleBaseConfiguration.<init>(RuleBaseConfiguration.java:133)
at
org.drools.common.AbstractRuleBase.<init>(AbstractRuleBase.java:147)
at
org.drools.reteoo.ReteooRuleBase.<init>(ReteooRuleBase.java:124)
at
org.drools.reteoo.ReteooRuleBase.<init>(ReteooRuleBase.java:101)
at
org.drools.RuleBaseFactory.newRuleBase(RuleBaseFactory.java:57)
at
org.drools.RuleBaseFactory.newRuleBase(RuleBaseFactory.java:38)
at
net.firstpartners.drools.RuleRunner.loadRules(RuleRunner.java:39)
at
net.firstpartners.drools.RuleRunner.runStatelessRules(RuleRunner.java:167)
at net.firstpartners.rp2.rp2Servlet.callRules(rp2Servlet.java:96)
at net.firstpartners.rp2.rp2Servlet.service(rp2Servlet.java:137)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
at
org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
at
com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
at
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at
org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)
at
org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at
com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:54)
at
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at
com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:306)
at
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:313)
at
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
at
org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:830)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
at
org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at
org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
at
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
at
org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)

------------------------------------------------------------------------

_______________________________________________
rules-dev mailing list
rules-dev@lists.jboss.org <mailto:rules-dev@lists.jboss.org>

https://lists.jboss.org/mailman/listinfo/rules-dev

_______________________________________________
rules-dev mailing list
rules-dev@lists.jboss.org <mailto:rules-dev@lists.jboss.org>

https://lists.jboss.org/mailman/listinfo/rules-dev

------------------------------------------------------------------------

_______________________________________________
rules-dev mailing list
rules-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-dev

_______________________________________________
rules-dev mailing list
rules-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-dev