[weld-issues] [JBoss JIRA] Commented: (WELD-32) Web Beans App Throws Exception In GlassFish v3 with Secutiry Mgr Enabled.
Nicklas Karlsson (JIRA)
jira-events at lists.jboss.org
Thu Jan 7 02:21:30 EST 2010
[ https://jira.jboss.org/jira/browse/WELD-32?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12502634#action_12502634 ]
Nicklas Karlsson commented on WELD-32:
--------------------------------------
Centralizing of SM-aware stuff is now in trunk, uncomment the (true) block in SecureReflectionAccess to play around with that part. Created WELD-361 for security part. Leaving this open until I've had time to test the SM-stuff more.
Note, any way to test this from TestNG? Just running with SM enabled fails since TestNG itself needs disk privileges etc.
> Web Beans App Throws Exception In GlassFish v3 with Secutiry Mgr Enabled.
> -------------------------------------------------------------------------
>
> Key: WELD-32
> URL: https://jira.jboss.org/jira/browse/WELD-32
> Project: Weld
> Issue Type: Bug
> Components: GlassFish Integration
> Affects Versions: 1.0.0.CR1
> Environment: MACOS X, GlassFish v3
> Reporter: Roger Kitain
> Assignee: Nicklas Karlsson
> Fix For: 1.0.1.CR1
>
> Attachments: Reflections.txt, Reflections.txt, securereflection.patch
>
>
> GlassFish v3 started with Security Mgr enabled.
> Web Beans numberguess app deploys fine. But upon visiting the first page of the app:
> 1.
> Aug 4, 2009 11:24:04 AM com.sun.enterprise.security.provider.BasePolicyWrapper$2 run
> 2.
> INFO: JACC Policy Provider: Failed Permission Check, context(webbeans-numberguess-jsf2/webbeans-numberguess-jsf2)- permission((java.lang.reflect.ReflectPermission suppressAccessChecks))
> 3.
> Aug 4, 2009 11:24:04 AM com.sun.faces.application.view.FaceletViewHandlingStrategy handleRenderException
> 4.
> SEVERE: Error Rendering View[/home.xhtml]
> 5.
> javax.el.ELException: /home.xhtml @13,117 rendered="#{game.number gt game.guess and game.guess ne 0}": java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
> 6.
> at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:107)
> 7.
> at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:190)
> 8.
> at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:414)
> 9.
> at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1604)
> 10.
> at javax.faces.render.Renderer.encodeChildren(Renderer.java:168)
> 11.
> at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:846)
> 12.
> at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1610)
> 13.
> at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1613)
> 14.
> at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:280)
> 15.
> at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:126)
> 16.
> at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:127)
> 17.
> at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97)
> 18.
> at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
> 19.
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:311)
> 20.
> at sun.reflect.GeneratedMethodAccessor160.invoke(Unknown Source)
> 21.
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 22.
> at java.lang.reflect.Method.invoke(Method.java:597)
> 23.
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:319)
> 24.
> at java.security.AccessController.doPrivileged(Native Method)
> 25.
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> 26.
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:352)
> 27.
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:209)
> 28.
> at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1498)
> 29.
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:293)
> 30.
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
> 31.
> at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
> 32.
> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
> 33.
> at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
> 34.
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
> 35.
> at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
> 36.
> at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:338)
> 37.
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:237)
> 38.
> at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:202)
> 39.
> at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:752)
> 40.
> at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:660)
> 41.
> at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:911)
> 42.
> at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:164)
> 43.
> at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
> 44.
> at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
> 45.
> at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
> 46.
> at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
> 47.
> at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
> 48.
> at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
> 49.
> at com.sun.grizzly.NIOContext.execute(NIOContext.java:510)
> 50.
> at com.sun.grizzly.SelectorHandlerRunner.handleSelectedKey(SelectorHandlerRunner.java:357)
> 51.
> at com.sun.grizzly.SelectorHandlerRunner.handleSelectedKeys(SelectorHandlerRunner.java:257)
> 52.
> at com.sun.grizzly.SelectorHandlerRunner.doSelect(SelectorHandlerRunner.java:194)
> 53.
> at com.sun.grizzly.SelectorHandlerRunner.run(SelectorHandlerRunner.java:129)
> 54.
> at com.sun.grizzly.util.FixedThreadPool$BasicWorker.dowork(FixedThreadPool.java:379)
> 55.
> at com.sun.grizzly.util.FixedThreadPool$BasicWorker.run(FixedThreadPool.java:360)
> 56.
> at java.lang.Thread.run(Thread.java:637)
> 57.
> Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
> 58.
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
> 59.
> at java.security.AccessController.checkPermission(AccessController.java:546)
> 60.
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> 61.
> at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
> 62.
> at org.jboss.webbeans.util.Reflections.lookupMethod(Reflections.java:536)
> 63.
> at org.jboss.webbeans.util.Reflections.lookupMethod(Reflections.java:513)
> 64.
> at org.jboss.webbeans.introspector.jlr.WBMethodImpl.invokeOnInstance(WBMethodImpl.java:196)
> 65.
> at org.jboss.webbeans.injection.MethodInjectionPoint.invokeOnInstance(MethodInjectionPoint.java:143)
> 66.
> at org.jboss.webbeans.bean.ProducerMethodBean.produceInstance(ProducerMethodBean.java:84)
> 67.
> at org.jboss.webbeans.bean.AbstractProducerBean.create(AbstractProducerBean.java:341)
> 68.
> at org.jboss.webbeans.context.DependentContext.get(DependentContext.java:82)
> 69.
> at org.jboss.webbeans.BeanManagerImpl.getReference(BeanManagerImpl.java:915)
> 70.
> at org.jboss.webbeans.BeanManagerImpl.getInjectableReference(BeanManagerImpl.java:953)
> 71.
> at org.jboss.webbeans.injection.FieldInjectionPoint.inject(FieldInjectionPoint.java:74)
> 72.
> at org.jboss.webbeans.bean.AbstractClassBean.injectBoundFields(AbstractClassBean.java:217)
> 73.
> at org.jboss.webbeans.bean.SimpleBean.create(SimpleBean.java:121)
> 74.
> at org.jboss.webbeans.context.AbstractMapContext.get(AbstractMapContext.java:97)
> 75.
> at org.jboss.webbeans.bean.proxy.ClientProxyMethodHandler.getProxiedInstance(ClientProxyMethodHandler.java:127)
> 76.
> at org.jboss.webbeans.bean.proxy.ClientProxyMethodHandler.invoke(ClientProxyMethodHandler.java:96)
> 77.
> at org.jboss.webbeans.examples.numberguess.Game_$$_javassist_5.getNumber(Game_$$_javassist_5.java)
> 78.
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 79.
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 80.
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 81.
> at java.lang.reflect.Method.invoke(Method.java:597)
> 82.
> at javax.el.BeanELResolver.getValue(BeanELResolver.java:302)
> 83.
> at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:175)
> 84.
> at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72)
> 85.
> at com.sun.el.parser.AstValue.getValue(AstValue.java:116)
> 86.
> at com.sun.el.parser.AstValue.getValue(AstValue.java:163)
> 87.
> at com.sun.el.parser.AstGreaterThan.getValue(AstGreaterThan.java:54)
> 88.
> at com.sun.el.parser.AstAnd.getValue(AstAnd.java:54)
> 89.
> at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:219)
> 90.
> at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:102)
> 91.
> ... 50 more
> 92.
> Aug 4, 2009 11:24:04 AM org.apache.catalina.core.StandardWrapperValve log
> 93.
> WARNING: StandardWrapperValve[Faces Servlet]: PWC1406: Servlet.service() for servlet Faces Servlet threw exception
> 94.
> java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
> 95.
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
> 96.
> at java.security.AccessController.checkPermission(AccessController.java:546)
> 97.
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> 98.
> at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
> 99.
> at org.jboss.webbeans.util.Reflections.lookupMethod(Reflections.java:536)
> 100.
> at org.jboss.webbeans.util.Reflections.lookupMethod(Reflections.java:513)
> 101.
> at org.jboss.webbeans.introspector.jlr.WBMethodImpl.invokeOnInstance(WBMethodImpl.java:196)
> 102.
> at org.jboss.webbeans.injection.MethodInjectionPoint.invokeOnInstance(MethodInjectionPoint.java:143)
> 103.
> at org.jboss.webbeans.bean.ProducerMethodBean.produceInstance(ProducerMethodBean.java:84)
> 104.
> at org.jboss.webbeans.bean.AbstractProducerBean.create(AbstractProducerBean.java:341)
> 105.
> at org.jboss.webbeans.context.DependentContext.get(DependentContext.java:82)
> 106.
> at org.jboss.webbeans.BeanManagerImpl.getReference(BeanManagerImpl.java:915)
> 107.
> at org.jboss.webbeans.BeanManagerImpl.getInjectableReference(BeanManagerImpl.java:953)
> 108.
> at org.jboss.webbeans.injection.FieldInjectionPoint.inject(FieldInjectionPoint.java:74)
> 109.
> at org.jboss.webbeans.bean.AbstractClassBean.injectBoundFields(AbstractClassBean.java:217)
> 110.
> at org.jboss.webbeans.bean.SimpleBean.create(SimpleBean.java:121)
> 111.
> at org.jboss.webbeans.context.AbstractMapContext.get(AbstractMapContext.java:97)
> 112.
> at org.jboss.webbeans.bean.proxy.ClientProxyMethodHandler.getProxiedInstance(ClientProxyMethodHandler.java:127)
> 113.
> at org.jboss.webbeans.bean.proxy.ClientProxyMethodHandler.invoke(ClientProxyMethodHandler.java:96)
> 114.
> at org.jboss.webbeans.examples.numberguess.Game_$$_javassist_5.getNumber(Game_$$_javassist_5.java)
> 115.
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 116.
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 117.
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 118.
> at java.lang.reflect.Method.invoke(Method.java:597)
> 119.
> at javax.el.BeanELResolver.getValue(BeanELResolver.java:302)
> 120.
> at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:175)
> 121.
> at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72)
> 122.
> at com.sun.el.parser.AstValue.getValue(AstValue.java:116)
> 123.
> at com.sun.el.parser.AstValue.getValue(AstValue.java:163)
> 124.
> at com.sun.el.parser.AstGreaterThan.getValue(AstGreaterThan.java:54)
> 125.
> at com.sun.el.parser.AstAnd.getValue(AstAnd.java:54)
> 126.
> at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:219)
> 127.
> at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:102)
> 128.
> at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:190)
> 129.
> at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:414)
> 130.
> at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1604)
> 131.
> at javax.faces.render.Renderer.encodeChildren(Renderer.java:168)
> 132.
> at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:846)
> 133.
> at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1610)
> 134.
> at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1613)
> 135.
> at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:280)
> 136.
> at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:126)
> 137.
> at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:127)
> 138.
> at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97)
> 139.
> at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
> 140.
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:311)
> 141.
> at sun.reflect.GeneratedMethodAccessor160.invoke(Unknown Source)
> 142.
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 143.
> at java.lang.reflect.Method.invoke(Method.java:597)
> 144.
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:319)
> 145.
> at java.security.AccessController.doPrivileged(Native Method)
> 146.
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> 147.
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:352)
> 148.
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:209)
> 149.
> at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1498)
> 150.
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:293)
> 151.
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
> 152.
> at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
> 153.
> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
> 154.
> at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
> 155.
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
> 156.
> at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
> 157.
> at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:338)
> 158.
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:237)
> 159.
> at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:202)
> 160.
> at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:752)
> 161.
> at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:660)
> 162.
> at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:911)
> 163.
> at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:164)
> 164.
> at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
> 165.
> at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
> 166.
> at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
> 167.
> at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
> 168.
> at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
> 169.
> at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
> 170.
> at com.sun.grizzly.NIOContext.execute(NIOContext.java:510)
> 171.
> at com.sun.grizzly.SelectorHandlerRunner.handleSelectedKey(SelectorHandlerRunner.java:357)
> 172.
> at com.sun.grizzly.SelectorHandlerRunner.handleSelectedKeys(SelectorHandlerRunner.java:257)
> 173.
> at com.sun.grizzly.SelectorHandlerRunner.doSelect(SelectorHandlerRunner.java:194)
> 174.
> at com.sun.grizzly.SelectorHandlerRunner.run(SelectorHandlerRunner.java:129)
> 175.
> at com.sun.grizzly.util.FixedThreadPool$BasicWorker.dowork(FixedThreadPool.java:379)
> 176.
> at com.sun.grizzly.util.FixedThreadPool$BasicWorker.run(FixedThreadPool.java:360)
> 177.
> at java.lang.Thread.run(Thread.java:637)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the weld-issues
mailing list