[rules-dev] Drools in Google App Engine

Michal Bali michalbali at gmail.com
Thu May 14 17:17:01 EDT 2009 

Hi Paul,

As a temporary solution you could try to use AspectJ for this task (
http://www.eclipse.org/aspectj/). Sounds like an ideal fit for this problem.
It is a crosscutting concern after all.

You could use an around advice over the following pointcut:
call(public boolean java.io.File.Exists(..))

and simply return false. Then weave this advice to the Drools jars.

Best Regards,
Michal


On Thu, May 14, 2009 at 9:04 PM, Paul Browne <paulb at firstpartners.net>wrote:

> Geoffrey,
>
> The stack exception below is Drools looking for the conf file *before* it
> even looks for the DRL file. However *any* file IO is blocked - so even it
> Drools got past the File.exists(), it's likely to throw another
> SecurityException at the getClass().getResourceAsStream for the DRL file.
>
> I say 'likely' as 3 months ago I was trying to get version 4 of Drools
> running in an Applet environment (has similar security constraints), and
> worked my way through the source code to resolve the security exceptions. In
> that case, getClass().getResourceAsStream was blocked.
>
> Any suggestions?
>
> Thanks
>
> Paul
>
>
>
>
> On Wed, May 13, 2009 at 4:51 PM, Geoffrey De Smet <ge0ffrey.spam at gmail.com
> > wrote:
>
>> Does this File.exists() usage occur even if your DRL is a classpath
>> resource and fetched with getClass().getResourceAsStream()?
>>
>> With kind regards,
>> Geoffrey De Smet
>>
>>
>> Paul Browne schreef:
>>
>>> Folks,
>>>
>>> Are there any plans to tweak Drools to allow it to run in a security
>>> constrained environment such as Google App Engine or Applets? I know some of
>>> the other JBoss.org projects have this on the 'todo' list.
>>>
>>> When I try to load a simple web application using drools into the Google
>>> App Engine, I get the error below.The app itself is the sample 8 from the
>>> following web page, but tweaked according to the Google 'howto' to get it up
>>> and running in the app engine; http://code.google.com/p/red-piranha/
>>>
>>> My understanding of the problem is that drools is using File access to
>>> check if the configuration file exists the first time it is run. This is
>>> constrained in App Engine - just like the J2EE spec says it should be
>>> (although most other app servers allow you to get away with this!). I know
>>> that if I tweak the source code there will be other points where similar
>>> file access is required.
>>>
>>> While not trivial, would it be possible to add a one-line check for that
>>> the user has permission to do file.io <http://file.io> before calling
>>> File.Exists  (the alternative , of catching and ignoring the
>>> AccessControlException is ugly!). The hardest part of this is that the check
>>> would need to be added at multiple points in the Drools source code.
>>>
>>> Any thoughts / comments/ suggestions?
>>>
>>> Paul
>>>
>>> www.firstpartners.net/blog <http://www.firstpartners.net/blog>
>>>
>>>
>>>
>>> WARNING: java.security.AccessControlException: access denied
>>> (java.io.FilePermission /home/paul/drools.rulebase.conf read)
>>> 13-May-2009 09:04:16 com.google.apphosting.utils.jetty.JettyLogger warn
>>> WARNING: Nested in javax.servlet.ServletException:
>>> java.security.AccessControlException: access denied (java.io.FilePermission
>>> /home/paul/drools.rulebase.conf read):
>>> java.security.AccessControlException: access denied
>>> (java.io.FilePermission /home/paul/drools.rulebase.conf read)
>>>    at
>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>>    at
>>> java.security.AccessController.checkPermission(AccessController.java:546)
>>>    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>>    at
>>> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76)
>>>    at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
>>>    at java.io.File.exists(File.java:731)
>>>    at
>>> org.drools.util.ChainedProperties.loadProperties(ChainedProperties.java:225)
>>>    at org.drools.util.ChainedProperties.<init>(ChainedProperties.java:59)
>>>    at org.drools.util.ChainedProperties.<init>(ChainedProperties.java:31)
>>>    at org.drools.util.ChainedProperties.<init>(ChainedProperties.java:25)
>>>    at
>>> org.drools.RuleBaseConfiguration.init(RuleBaseConfiguration.java:174)
>>>    at
>>> org.drools.RuleBaseConfiguration.<init>(RuleBaseConfiguration.java:133)
>>>    at
>>> org.drools.common.AbstractRuleBase.<init>(AbstractRuleBase.java:147)
>>>    at org.drools.reteoo.ReteooRuleBase.<init>(ReteooRuleBase.java:124)
>>>    at org.drools.reteoo.ReteooRuleBase.<init>(ReteooRuleBase.java:101)
>>>    at org.drools.RuleBaseFactory.newRuleBase(RuleBaseFactory.java:57)
>>>    at org.drools.RuleBaseFactory.newRuleBase(RuleBaseFactory.java:38)
>>>    at net.firstpartners.drools.RuleRunner.loadRules(RuleRunner.java:39)
>>>    at
>>> net.firstpartners.drools.RuleRunner.runStatelessRules(RuleRunner.java:167)
>>>    at net.firstpartners.rp2.rp2Servlet.callRules(rp2Servlet.java:96)
>>>    at net.firstpartners.rp2.rp2Servlet.service(rp2Servlet.java:137)
>>>    at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>>>    at
>>> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
>>>    at
>>> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
>>>    at
>>> com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
>>>    at
>>> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>>>    at
>>> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
>>>    at
>>> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
>>>    at
>>> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
>>>    at
>>> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)
>>>    at
>>> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
>>>    at
>>> com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:54)
>>>    at
>>> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
>>>    at
>>> com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:306)
>>>    at
>>> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
>>>    at org.mortbay.jetty.Server.handle(Server.java:313)
>>>    at
>>> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)
>>>    at
>>> org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:830)
>>>    at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
>>>    at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
>>>    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)
>>>    at
>>> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)
>>>    at
>>> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> rules-dev mailing list
>>> rules-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/rules-dev
>>>
>>
>> _______________________________________________
>> rules-dev mailing list
>> rules-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/rules-dev
>>
>
>
> _______________________________________________
> rules-dev mailing list
> rules-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-dev/attachments/20090514/173c5869/attachment.html

More information about the rules-dev mailing list