Uploaded image for project: 'HiveMind'
  1. HiveMind
  2. HIVEMIND-194

Securyty violation in secure JVM

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.1.1
    • None
    • framework
    • None
    • IBM WebSphere 5.0 with J2EE Security ON and Enforce Java Security

    Description

      I have a serious issue with Tapestry/HiveMind classloading, when new classes are created with Javaassist and loaded, protection domain is not associated with them, this significant issue prevents Tapestry/HiveMind application from working in the secure environments like WebSphere (security ON) and I guess we will have the same problems in secure Tomcat as well.

      After some invistigations I've found similar problems were reported against Tap 3.0:

      http://issues.apache.org/bugzilla/show_bug.cgi?id=28202

      http://mail-archives.apache.org/mod_mbox/jakarta-tapestry-dev/200404.mbox/%3C20040405093530.19067.qmail@nagoya.betaversion.org%3E

      I think it was fixed but most probably this fix wasn't transfered to the Tap 4.

      I have seen this problem in many cases like OGLN expression validation, Loading resources from the ZIP files, etc. What is common is that WebSphere can't find a protection domain for given classes because I think it wasn't associated with them during class loading time.

      Could you plase check it. Thank you.

      For more information please see the stack trace (quite long one)
      [7/15/06 15:22:41:049 CEST] 6642251f SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission.
      Please refer to Problem Determination Guide for further information.

      Permission:

      /opt/WebSphere/AppServer/installedApps/servernameNetwork/sjrthr.ear/sjrtpg.war/WEB-INF/lib/tapestry-4.1.jar : access denied (java.io.FilePermission /opt/We
      bSphere/AppServer/installedApps/servernameNetwork/sjrthr.ear/sjrtpg.war/WEB-INF/lib/tapestry-4.1.jar read)

      Code:

      $ApplicationInitializer_10c725a4dba in

      {null code URL}

      Stack Trace:

      java.security.AccessControlException: access denied (java.io.FilePermission /opt/WebSphere/AppServer/installedApps/servernameNetwork/sjrthr.ear/sjrtpg.war/WEB-IN
      F/lib/tapestry-4.1.jar read)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java(Compiled Code))
      at java.security.AccessController.checkPermission(AccessController.java(Compiled Code))
      at java.lang.SecurityManager.checkPermission(SecurityManager.java(Compiled Code))
      at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java(Compiled Code))
      at java.lang.SecurityManager.checkRead(SecurityManager.java(Compiled Code))
      at java.util.zip.ZipFile.<init>(ZipFile.java(Compiled Code))
      at java.util.zip.ZipFile.<init>(ZipFile.java(Inlined Compiled Code))
      at com.ibm.ws.classloader.Handler$ClassLoaderURLConnection.getInputStream(Handler.java(Compiled Code))
      at java.net.URL.openStream(URL.java(Inlined Compiled Code))
      at com.ibm.ws.classloader.SinglePathClassProvider.getResourceAsStream(SinglePathClassProvider.java(Inlined Compiled Code))
      at com.ibm.ws.classloader.CompoundClassLoader.localGetResourceAsStream(CompoundClassLoader.java(Compiled Code))
      at com.ibm.ws.classloader.CompoundClassLoader.getResourceAsStream(CompoundClassLoader.java(Compiled Code))
      at javassist.LoaderClassPath.openClassfile(LoaderClassPath.java:70)
      at javassist.ClassPoolTail.openClassfile(ClassPoolTail.java:283)
      at javassist.ClassPool.openClassfile(ClassPool.java(Inlined Compiled Code))
      at javassist.CtClassType.getClassFile2(CtClassType.java(Compiled Code))
      at javassist.CtClassType.subtypeOf(CtClassType.java:267)
      at javassist.compiler.MemberResolver.compareSignature(MemberResolver.java:203)
      at javassist.compiler.MemberResolver.lookupMethod(MemberResolver.java:97)
      at javassist.compiler.TypeChecker.atMethodCallCore(TypeChecker.java:637)
      at javassist.compiler.TypeChecker.atCallExpr(TypeChecker.java:614)
      at javassist.compiler.JvstTypeChecker.atCallExpr(JvstTypeChecker.java:156)
      at javassist.compiler.ast.CallExpr.accept(CallExpr.java:45)
      at javassist.compiler.CodeGen.doTypeCheck(CodeGen.java:235)
      at javassist.compiler.CodeGen.atStmnt(CodeGen.java:323)
      at javassist.compiler.ast.Stmnt.accept(Stmnt.java:49)
      at javassist.compiler.CodeGen.atIfStmnt(CodeGen.java:384)
      at javassist.compiler.CodeGen.atStmnt(CodeGen.java:348)
      at javassist.compiler.ast.Stmnt.accept(Stmnt.java:49)
      at javassist.compiler.CodeGen.atStmnt(CodeGen.java:344)
      at javassist.compiler.ast.Stmnt.accept(Stmnt.java:49)
      at javassist.compiler.CodeGen.atMethodBody(CodeGen.java:285)
      at javassist.compiler.Javac.compileBody(Javac.java:208)
      at javassist.CtBehavior.setBody(CtBehavior.java:188)
      at javassist.CtBehavior.setBody(CtBehavior.java:163)
      at org.apache.hivemind.service.impl.ClassFabImpl.addMethod(ClassFabImpl.java:288)
      at org.apache.hivemind.service.impl.LoggingInterceptorFactory.addServiceMethodImplementation(LoggingInterceptorFactory.java:120)
      at org.apache.hivemind.service.impl.LoggingInterceptorFactory.addServiceMethods(LoggingInterceptorFactory.java:159)
      at org.apache.hivemind.service.impl.LoggingInterceptorFactory.constructInterceptorClass(LoggingInterceptorFactory.java:214)
      at org.apache.hivemind.service.impl.LoggingInterceptorFactory.createInterceptor(LoggingInterceptorFactory.java:251)
      at org.apache.hivemind.impl.ServiceInterceptorContributionImpl.createInterceptor(ServiceInterceptorContributionImpl.java:95)
      at org.apache.hivemind.impl.InterceptorStackImpl.process(InterceptorStackImpl.java:116)
      at org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.addInterceptors(AbstractServiceModelImpl.java:85)
      at org.apache.hivemind.impl.servicemodel.PooledServiceModel.constructServiceProxy(PooledServiceModel.java:154)
      at org.apache.hivemind.impl.servicemodel.PooledServiceModel.<init>(PooledServiceModel.java:130)
      at org.apache.hivemind.impl.servicemodel.PooledServiceModelFactory.createServiceModelForService(PooledServiceModelFactory.java:26)
      at org.apache.hivemind.impl.ServicePointImpl.getService(ServicePointImpl.java:208)
      at org.apache.hivemind.impl.ServicePointImpl.getService(ServicePointImpl.java:223)
      at org.apache.hivemind.impl.RegistryInfrastructureImpl.getService(RegistryInfrastructureImpl.java:207)
      at org.apache.hivemind.impl.ModuleImpl.getService(ModuleImpl.java:105)
      at org.apache.hivemind.schema.rules.ServiceTranslator.translate(ServiceTranslator.java:40)
      at org.apache.hivemind.service.impl.BuilderPropertyFacet.getFacetValue(BuilderPropertyFacet.java:55)
      at org.apache.hivemind.service.impl.BuilderFactoryLogic.wireProperty(BuilderFactoryLogic.java:357)
      at org.apache.hivemind.service.impl.BuilderFactoryLogic.setProperties(BuilderFactoryLogic.java:320)
      at org.apache.hivemind.service.impl.BuilderFactoryLogic.createService(BuilderFactoryLogic.java:77)
      at org.apache.hivemind.service.impl.BuilderFactory.createCoreServiceImplementation(BuilderFactory.java:42)
      at org.apache.hivemind.impl.InvokeFactoryServiceConstructor.constructCoreServiceImplementation(InvokeFactoryServiceConstructor.java:62)
      at org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructCoreServiceImplementation(AbstractServiceModelImpl.java:108)
      at org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructNewServiceImplementation(AbstractServiceModelImpl.java:158)
      at org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructServiceImplementation(AbstractServiceModelImpl.java:140)
      at org.apache.hivemind.impl.servicemodel.SingletonServiceModel.getActualServiceImplementation(SingletonServiceModel.java:69)
      at $ApplicationInitializer_10c725a4dba._service($ApplicationInitializer_10c725a4dba.java)
      at $ApplicationInitializer_10c725a4dba.initialize($ApplicationInitializer_10c725a4dba.java)
      at $ApplicationInitializer_10c725a4db9.initialize($ApplicationInitializer_10c725a4db9.java)
      at $ApplicationInitializer_10c725a4dbd.initialize($ApplicationInitializer_10c725a4dbd.java)
      at $ApplicationInitializer_10c725a4db2.initialize($ApplicationInitializer_10c725a4db2.java)
      at $ApplicationInitializer_10c725a4db1.initialize($ApplicationInitializer_10c725a4db1.java)
      at org.apache.tapestry.ApplicationServlet.initializeApplication(ApplicationServlet.java:299)
      at org.apache.tapestry.ApplicationServlet.init(ApplicationServlet.java:198)
      at com.ibm.ws.webcontainer.servlet.StrictServletInstance.doInit(StrictServletInstance.java:82)
      at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._init(StrictLifecycleServlet.java:147)
      at com.ibm.ws.webcontainer.servlet.PreInitializedServletState.init(StrictLifecycleServlet.java:270)
      at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.init(StrictLifecycleServlet.java:113)
      at com.ibm.ws.webcontainer.servlet.ServletInstance.init(ServletInstance.java:189)
      at javax.servlet.GenericServlet.init(GenericServlet.java:258)
      ...

      Attachments

        Activity

          People

            Unassigned Unassigned
            zubairov Renat Zubairov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: