Uploaded image for project: 'Geronimo'
  1. Geronimo
  2. GERONIMO-586

Exceptions at startup if Geronimo started under security manager

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0-M4
    • Component/s: security
    • Labels:
      None
    • Environment:

      Windows XP
      java version "1.4.2_06"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_06-b03)
      Java HotSpot(TM) Client VM (build 1.4.2_06-b03, mixed mode)

      Description

      If I start Geronimo under the Java Security Manager with everything enabled in the policy file I get a number of exceptions when starting Geronimo.

      For example, the policy file I used contained:

      grant {
      permission java.security.AllPermission;
      };

      I started it used the following JVM parameters:

      -Djava.security.manager -Djava.security.policy==file:///D:/sample-java2.policy -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -Xmx512m -XX:MaxPermSize=128m -Djava.rmi.server.RMIClassLoaderSpi=org.apache.geronimo.system.rmi.RMIClassLoaderSpiImpl"

      I shouldn't be having problems starting it with AllPermission.

      Note that the java.security.debug property may assist with debugging:

      http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/debugger.html#jsdp

      John

      17:07:21,842 ERROR [GBeanInstanceState] Error while starting; GBean is not in the FAILED state: objectName="geronimo.server:J2EEAppl
      ication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=JTAResource,name=HOWLTransactionLog"
      java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
      at java.security.AccessController.checkPermission(AccessController.java:401)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
      at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
      at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:272)
      at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:255)
      at net.sf.cglib.core.ReflectUtils.newInstance(ReflectUtils.java:251)
      at net.sf.cglib.proxy.Enhancer.createUsingReflection(Enhancer.java:388)
      at net.sf.cglib.proxy.Enhancer.nextInstance(Enhancer.java:366)
      at net.sf.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:200)
      at net.sf.cglib.proxy.Enhancer.createHelper(Enhancer.java:330)
      at net.sf.cglib.proxy.Enhancer.create(Enhancer.java:246)
      at org.apache.geronimo.kernel.proxy.ProxyManager$ManagedProxyFactory.createProxy(ProxyManager.java:94)
      at org.apache.geronimo.kernel.proxy.ProxyManager.createProxy(ProxyManager.java:49)
      at org.apache.geronimo.gbean.runtime.GBeanSingleReference.start(GBeanSingleReference.java:79)
      at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:773)
      at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:331)
      at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:111)
      at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:133)
      at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:494)
      at org.apache.geronimo.kernel.Kernel.startRecursiveGBean(Kernel.java:348)
      at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:141)
      at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:494)
      at org.apache.geronimo.kernel.Kernel.startRecursiveGBean(Kernel.java:348)
      at org.apache.geronimo.system.main.Daemon.main(Daemon.java:154)
      17:07:21,935 INFO [HttpServer] Statistics on = false for org.apache.geronimo.jetty.JettyServer@3c9314
      java.lang.ExceptionInInitializerError
      at org.mortbay.http.HttpServer.doStart(HttpServer.java:671)
      at org.mortbay.util.Container.start(Container.java:72)
      at org.apache.geronimo.jetty.JettyContainerImpl.doStart(JettyContainerImpl.java:159)
      at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:841)
      at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:331)
      at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:111)
      at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:133)
      at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:494)
      at org.apache.geronimo.kernel.Kernel.startRecursiveGBean(Kernel.java:348)
      at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:141)
      at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:494)
      at org.apache.geronimo.kernel.Kernel.startRecursiveGBean(Kernel.java:348)
      at org.apache.geronimo.system.main.Daemon.main(Daemon.java:154)
      Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission org.mortbay.http.Version.paranoid read)

      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
      at java.security.AccessController.checkPermission(AccessController.java:401)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
      at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1276)
      at java.lang.System.getProperty(System.java:573)
      at java.lang.Boolean.getBoolean(Boolean.java:205)
      at org.mortbay.http.Version.<clinit>(Version.java:32)
      ... 13 more
      17:07:22,029 INFO [Daemon] Server shutdown begun
      17:07:22,029 INFO [Kernel] Starting kernel shutdown
      17:07:22,029 INFO [PersistentConfigurationList] Configuration list was not saved. Kernel was never fully started.
      17:07:22,029 ERROR [GBeanInstance] Problem in doStop of geronimo.boot:role=ConfigurationManager
      org.apache.geronimo.kernel.InternalKernelException: Error while applying pattern geronimo.config:*
      at org.apache.geronimo.kernel.jmx.JMXGBeanRegistry.listGBeans(JMXGBeanRegistry.java:118)
      at org.apache.geronimo.kernel.Kernel.listGBeans(Kernel.java:363)
      at org.apache.geronimo.kernel.config.ConfigurationManagerImpl.doStop(ConfigurationManagerImpl.java:213)
      at org.apache.geronimo.gbean.runtime.GBeanInstance.destroyInstance(GBeanInstance.java:976)
      at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStop(GBeanInstanceState.java:402)
      at org.apache.geronimo.gbean.runtime.GBeanInstanceState.stop(GBeanInstanceState.java:203)
      at org.apache.geronimo.gbean.runtime.GBeanInstance.stop(GBeanInstance.java:502)
      at org.apache.geronimo.kernel.Kernel.shutdownConfigManager(Kernel.java:535)
      at org.apache.geronimo.kernel.Kernel.shutdown(Kernel.java:499)
      at org.apache.geronimo.system.main.Daemon$1.run(Daemon.java:122)
      Caused by: java.security.AccessControlException: access denied (javax.management.MBeanPermission #[-] queryNames)
      java.security.AccessControlException: access denied (javax.management.MBeanServerPermission releaseMBeanServer)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
      at java.security.AccessController.checkPermission(AccessController.java:401)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
      at javax.management.MBeanServerFactory.releaseMBeanServer(MBeanServerFactory.java:74)
      at org.apache.geronimo.kernel.jmx.JMXGBeanRegistry.stop(JMXGBeanRegistry.java:53)
      at org.apache.geronimo.kernel.Kernel.shutdown(Kernel.java:501)
      at org.apache.geronimo.system.main.Daemon$1.run(Daemon.java:122)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
      at java.security.AccessController.checkPermission(AccessController.java:401)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
      at mx4j.server.MX4JMBeanServer.queryNames(MX4JMBeanServer.java:1228)
      at org.apache.geronimo.kernel.jmx.JMXGBeanRegistry.listGBeans(JMXGBeanRegistry.java:116)
      ... 9 more

        Attachments

        1. GeronimoPolicy_patch.txt
          0.4 kB
          John Sisson
        2. ContextManager_patch.txt
          1 kB

          Activity

            People

            • Assignee:
              jgenender Jeff Genender
              Reporter:
              johnrsisson John Sisson
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: