Ok, for the moment I'll use either AspectJ or modify the source (i.e. it can get pasts the File.exists() so that I can identify all of points that App engine doesn't like .... <br><br><div class="gmail_quote">On Fri, May 15, 2009 at 9:16 AM, Geoffrey De Smet <span dir="ltr"><<a href="mailto:ge0ffrey.spam@gmail.com">ge0ffrey.spam@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I am not surprised that File.exists() fails, but why does<br>
getClass().getResourceAsStream() fail?<br>
<br>
In Applets, the latter should work:<br>
<a href="http://java.sun.com/docs/books/tutorial/uiswing/components/applet.html" target="_blank">http://java.sun.com/docs/books/tutorial/uiswing/components/applet.html</a><br>
chapter Using Images in a Swing Applet.<br>
<br>
Because getClass().getResourceAsStream() only looks in the classpath,<br>
I see not reason that Google App Engine would block it.<div class="im"><br>
<br>
With kind regards,<br>
Geoffrey De Smet<br>
<br>
<br>
Paul Browne schreef:<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Geoffrey,<div class="im"><br>
The stack exception below is Drools looking for the conf file *before* it even looks for the DRL file. However *any* file IO is blocked - so even it Drools got past the File.exists(), it's likely to throw another SecurityException at the getClass().getResourceAsStream for the DRL file.<br>
I say 'likely' as 3 months ago I was trying to get version 4 of Drools running in an Applet environment (has similar security constraints), and worked my way through the source code to resolve the security exceptions. In that case, getClass().getResourceAsStream was blocked.<br>
Any suggestions?<br>
Thanks<br>
Paul<br>
<br>
<br></div><div class="im">
On Wed, May 13, 2009 at 4:51 PM, Geoffrey De Smet <<a href="mailto:ge0ffrey.spam@gmail.com" target="_blank">ge0ffrey.spam@gmail.com</a> <mailto:<a href="mailto:ge0ffrey.spam@gmail.com" target="_blank">ge0ffrey.spam@gmail.com</a>>> wrote:<br>
<br>
Does this File.exists() usage occur even if your DRL is a classpath<br>
resource and fetched with getClass().getResourceAsStream()?<br>
<br>
With kind regards,<br>
Geoffrey De Smet<br>
<br>
<br>
Paul Browne schreef:<br>
<br>
Folks,<br>
<br>
Are there any plans to tweak Drools to allow it to run in a<br>
security constrained environment such as Google App Engine or<br>
Applets? I know some of the other JBoss.org projects have this<br>
on the 'todo' list.<br>
<br>
When I try to load a simple web application using drools into<br>
the Google App Engine, I get the error below.The app itself is<br>
the sample 8 from the following web page, but tweaked according<br>
to the Google 'howto' to get it up and running in the app<br>
engine; <a href="http://code.google.com/p/red-piranha/" target="_blank">http://code.google.com/p/red-piranha/</a><br>
<br>
My understanding of the problem is that drools is using File<br>
access to check if the configuration file exists the first time<br>
it is run. This is constrained in App Engine - just like the<br>
J2EE spec says it should be (although most other app servers<br>
allow you to get away with this!). I know that if I tweak the<br>
source code there will be other points where similar file access<br>
is required.<br>
<br>
While not trivial, would it be possible to add a one-line check<br></div>
for that the user has permission to do <a href="http://file.io" target="_blank">file.io</a> <<a href="http://file.io/" target="_blank">http://file.io/</a>><br>
<<a href="http://file.io" target="_blank">http://file.io</a> <<a href="http://file.io/" target="_blank">http://file.io/</a>>> before calling File.Exists<div><div></div><div class="h5"><br>
(the alternative , of catching and ignoring the<br>
AccessControlException is ugly!). The hardest part of this is<br>
that the check would need to be added at multiple points in the<br>
Drools source code.<br>
<br>
<br>
Any thoughts / comments/ suggestions?<br>
<br>
Paul<br>
<br>
<a href="http://www.firstpartners.net/blog" target="_blank">www.firstpartners.net/blog</a> <<a href="http://www.firstpartners.net/blog" target="_blank">http://www.firstpartners.net/blog</a>><br>
<<a href="http://www.firstpartners.net/blog" target="_blank">http://www.firstpartners.net/blog</a>><br>
<br>
<br>
<br>
WARNING: java.security.AccessControlException: access denied<br>
(java.io.FilePermission /home/paul/drools.rulebase.conf read)<br>
13-May-2009 09:04:16<br>
com.google.apphosting.utils.jetty.JettyLogger warn<br>
WARNING: Nested in javax.servlet.ServletException:<br>
java.security.AccessControlException: access denied<br>
(java.io.FilePermission /home/paul/drools.rulebase.conf read):<br>
java.security.AccessControlException: access denied<br>
(java.io.FilePermission /home/paul/drools.rulebase.conf read)<br>
at<br>
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)<br>
at<br>
java.security.AccessController.checkPermission(AccessController.java:546)<br>
at<br>
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)<br>
at<br>
com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:76)<br>
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)<br>
at java.io.File.exists(File.java:731)<br>
at<br>
org.drools.util.ChainedProperties.loadProperties(ChainedProperties.java:225)<br>
at<br>
org.drools.util.ChainedProperties.<init>(ChainedProperties.java:59)<br>
at<br>
org.drools.util.ChainedProperties.<init>(ChainedProperties.java:31)<br>
at<br>
org.drools.util.ChainedProperties.<init>(ChainedProperties.java:25)<br>
at<br>
org.drools.RuleBaseConfiguration.init(RuleBaseConfiguration.java:174)<br>
at<br>
org.drools.RuleBaseConfiguration.<init>(RuleBaseConfiguration.java:133)<br>
at<br>
org.drools.common.AbstractRuleBase.<init>(AbstractRuleBase.java:147)<br>
at<br>
org.drools.reteoo.ReteooRuleBase.<init>(ReteooRuleBase.java:124)<br>
at<br>
org.drools.reteoo.ReteooRuleBase.<init>(ReteooRuleBase.java:101)<br>
at<br>
org.drools.RuleBaseFactory.newRuleBase(RuleBaseFactory.java:57)<br>
at<br>
org.drools.RuleBaseFactory.newRuleBase(RuleBaseFactory.java:38)<br>
at<br>
net.firstpartners.drools.RuleRunner.loadRules(RuleRunner.java:39)<br>
at<br>
net.firstpartners.drools.RuleRunner.runStatelessRules(RuleRunner.java:167)<br>
at net.firstpartners.rp2.rp2Servlet.callRules(rp2Servlet.java:96)<br>
at net.firstpartners.rp2.rp2Servlet.service(rp2Servlet.java:137)<br>
at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)<br>
at<br>
org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)<br>
at<br>
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)<br>
at<br>
com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)<br>
at<br>
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)<br>
at<br>
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)<br>
at<br>
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)<br>
at<br>
org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)<br>
at<br>
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712)<br>
at<br>
org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)<br>
at<br>
com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:54)<br>
at<br>
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)<br>
at<br>
com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:306)<br>
at<br>
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)<br>
at org.mortbay.jetty.Server.handle(Server.java:313)<br>
at<br>
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506)<br>
at<br>
org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:830)<br>
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)<br>
at<br>
org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)<br>
at<br>
org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381)<br>
at<br>
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:396)<br>
at<br>
org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:442)<br>
<br>
<br>
------------------------------------------------------------------------<br>
<br>
_______________________________________________<br>
rules-dev mailing list<br></div></div>
<a href="mailto:rules-dev@lists.jboss.org" target="_blank">rules-dev@lists.jboss.org</a> <mailto:<a href="mailto:rules-dev@lists.jboss.org" target="_blank">rules-dev@lists.jboss.org</a>><div class="im"><br>
<a href="https://lists.jboss.org/mailman/listinfo/rules-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-dev</a><br>
<br>
<br>
_______________________________________________<br>
rules-dev mailing list<br></div>
<a href="mailto:rules-dev@lists.jboss.org" target="_blank">rules-dev@lists.jboss.org</a> <mailto:<a href="mailto:rules-dev@lists.jboss.org" target="_blank">rules-dev@lists.jboss.org</a>><div class="im"><br>
<a href="https://lists.jboss.org/mailman/listinfo/rules-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-dev</a><br>
<br>
<br>
<br>
------------------------------------------------------------------------<br>
<br>
_______________________________________________<br>
rules-dev mailing list<br>
<a href="mailto:rules-dev@lists.jboss.org" target="_blank">rules-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/rules-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-dev</a><br>
</div></blockquote><div><div></div><div class="h5">
<br>
_______________________________________________<br>
rules-dev mailing list<br>
<a href="mailto:rules-dev@lists.jboss.org" target="_blank">rules-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/rules-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-dev</a><br>
</div></div></blockquote></div><br>