Uploaded image for project: 'Struts 1'
  1. Struts 1
  2. STR-1446

Struts fails to start with SecurityException on ENSIM linux box

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Incomplete
    • Affects Version/s: 1.1 RC1
    • Fix Version/s: None
    • Component/s: Core
    • Labels:
      None
    • Environment:
      Operating System: other
      Platform: Other
    • Bugzilla Id:
      19709

      Description

      I am deploying a Struts 1.1 application on an ENSIM-based Linux box,
      and Struts action servlet fails to start for a SecurityException reason.
      This only happens on an ENSIM box. Same settings

      First, I am not sure this bug report is sent to the relevant group since the
      error happens in org.apache.commons.beanutils.MappedPropertyDescriptor
      from a getPublicDeclaredMethod() (apparently).
      Since it happened after I switched from Struts 1.02 to 1.1RC1, and during a
      Struts action servlet init(), I have posted it here.

      Then, I am not even sure it is a Struts or Commons related bug.
      but I have found no literature about that particular issue, either through docs
      or searching the internet. So...

      SUMMARY

      It seems that the MappedPropertyDescriptor does some introspection on some
      classes installed by the web engine.
      On the box I am using, there is apparently some security restrictions imposed
      on this (since the JVM is shared probably...), which makes the Struts action
      servlet init() method to fail and propagate a SecurityException.
      (STACKTRACE SNIPPET)
      >>at org.apache.struts.action.ActionServlet.initModulePlugIns
      (ActionServlet.java:1096)
      >>at org.apache.struts.action.ActionServlet.init(ActionServlet.java:468)

      I don't know what the JSP specifications say about this, but I believe that it
      is either a usual security rule enforced on the JVM (hence a bug)
      or, on the other way around, a security rule that should not be there
      (you can close this ticket right away in this case).
      Moreover it is only reproduceable using this particular linux flavor.

      Please dont hesitate to contact me for further details or any help I can
      provide.

      (details follow)

      SYSTEM SPECS:
      – Since I dont have root access, I am not exactly sure about the whole box but:
      ENSIM v3.1.1-10 (http://www.ensim.com).
      Installed Tomcat is 4.0.?
      java version "1.4.0"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92)
      Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode)
      Struts 1.1 RC1 with Tiles

      – Note the same exact webapp works fine on a local env with no particular JVM
      or Tomcat settings:
      Win32 (Win2K)
      Tomcat 4.0.6
      JDK 1.4.0
      Struts 1.1 RC1

      WEB.XML (not of great interest...)

      <?xml version="1.0" encoding="ISO-8859-1"?>

      <!DOCTYPE web-app
      PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
      "http://java.sun.com/dtd/web-app_2_3.dtd">

      <web-app>

      <display-name>Traquenard</display-name>
      <description>Traquenard.Net</description>

      <servlet>
      <servlet-name>action</servlet-name>
      <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>

      <init-param>
      <param-name>config</param-name>
      <param-value>/WEB-INF/struts-config.xml</param-value>
      </init-param>

      <init-param>
      <param-name>detail</param-name>
      <param-value>0</param-value>
      </init-param>

      <init-param>
      <param-name>validating</param-name>
      <param-value>true</param-value>
      </init-param>

      <load-on-startup>1</load-on-startup>
      </servlet>

      <servlet-mapping>
      <servlet-name>action</servlet-name>
      <url-pattern>*.do</url-pattern>
      </servlet-mapping>

      <servlet-mapping>
      <servlet-name>action</servlet-name>
      <url-pattern>/servlet/*</url-pattern>
      </servlet-mapping>

      <welcome-file-list>
      <welcome-file>index.jsp</welcome-file>
      <welcome-file>index.html</welcome-file>
      <welcome-file>index.htm</welcome-file>
      </welcome-file-list>

      <taglib>
      <taglib-uri>/WEB-INF/xtags.tld</taglib-uri>
      <taglib-location>/WEB-INF/xtags.tld</taglib-location>
      </taglib>

      <taglib>
      <taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
      <taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
      </taglib>

      <taglib>
      <taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
      <taglib-location>/WEB-INF/struts-html.tld</taglib-location>
      </taglib>

      <taglib>
      <taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
      <taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
      </taglib>

      <taglib>
      <taglib-uri>/WEB-INF/struts-templates.tld</taglib-uri>
      <taglib-location>/WEB-INF/struts-templates.tld</taglib-location>
      </taglib>

      <taglib>
      <taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
      <taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
      </taglib>

      <taglib>
      <taglib-uri>/WEB-INF/struts-tiles.tld</taglib-uri>
      <taglib-location>/WEB-INF/struts-tiles.tld</taglib-location>
      </taglib>

      </web-app>

      STRUTS-CONFIG.XML (Module : Tiles)
      <?xml version="1.0" encoding="ISO-8859-1"?>

      <!DOCTYPE struts-config PUBLIC
      "-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
      "http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd" [

      <!ENTITY amp "&">
      ]
      >

      <struts-config>

      <form-beans>
      </form-beans>

      <global-forwards type="org.apache.struts.action.ActionForward">
      </global-forwards>

      <action-mappings>

      <action path="/home"
      forward="page.traquenard.index"/>

      <action path="/calvin"
      forward="page.traquenard.calvin"/>

      <action path="/members"
      forward="page.traquenard.members"/>

      </action-mappings>

      <controller
      processorClass="org.apache.struts.action.RequestProcessor"
      debug="1"
      locale="true"
      contentType="text/html"/>

      <message-resources
      parameter="traquenard"
      key="traquenard"
      null="false"/>

      <plug-in className="org.apache.struts.tiles.TilesPlugin" >
      <set-property property="definitions-config" value="/WEB-INF/tiles-
      config.xml" />
      <set-property property="definitions-parser-validate" value="true" />
      <set-property property="definitions-debug" value="2" />
      <set-property property="moduleAware" value="true" />
      </plug-in>

      </struts-config>

      TILES-CONFIG.XML
      <?xml version="1.0" encoding="ISO-8859-1" ?>

      <!DOCTYPE tiles-definitions PUBLIC
      "-//Apache Software Foundation//DTD Tiles Configuration 1.1//EN"
      "http://jakarta.apache.org/struts/dtds/tiles-config_1_1.dtd">

      <tiles-definitions>

      <definition name="page.traquenard.template" path="/WEB-
      INF/jsp/template.jsp">
      <put name="title" value=""/>
      <put name="stylesheet" value="traquenard.css"/>
      <put name="top" value="/WEB-INF/jsp/top.jsp"/>
      <put name="bottom" value="/WEB-INF/jsp/team/content.jsp"/>
      <put name="ticker" value="/WEB-INF/jsp/team/ticker.jsp"/>
      <put name="menu" value="/WEB-INF/jsp/menu.jsp"/>
      </definition>

      <definition name="page.traquenard.index" extends="page.traquenard.template">
      <put name="title" value="page.index.title"/>
      <put name="body" value="/WEB-INF/jsp/index.jsp"/>

      <put name="menu-xml" value="/WEB-INF/jsp/index.xml" direct="true"/>
      </definition>

      <definition name="page.traquenard.quotes"
      extends="page.traquenard.template">
      <put name="title" value="page.quotes.title"/>
      <put name="body" value="/WEB-INF/jsp/calvin/quotes.jsp"/>

      <put name="menu-xml" value="/WEB-INF/jsp/index.xml" direct="true"/>
      </definition>

      <definition name="page.traquenard.members"
      extends="page.traquenard.template">
      <put name="title" value="page.members.title"/>
      <put name="body" value="/WEB-INF/jsp/members.jsp"/>

      <put name="menu-xml" value="/WEB-INF/jsp/index.xml" direct="true"/>
      </definition>

      </tiles-definitions>

      FULL STACKTRACE
      java.security.AccessControlException: access denied
      (java.lang.RuntimePermission accessDeclaredMembers)
      at java.security.AccessControlContext.checkPermission
      (AccessControlContext.java:270)
      at java.security.AccessController.checkPermission
      (AccessController.java:401)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
      at java.lang.SecurityManager.checkMemberAccess
      (SecurityManager.java:1662)
      at java.lang.Class.checkMemberAccess(Class.java:1401)
      at java.lang.Class.getDeclaredMethods(Class.java:1101)
      at org.apache.commons.beanutils.MappedPropertyDescriptor$1.run
      (MappedPropertyDescriptor.java:386)
      at java.security.AccessController.doPrivileged(Native Method)
      at
      org.apache.commons.beanutils.MappedPropertyDescriptor.getPublicDeclaredMethods
      (MappedPropertyDescriptor.java:383)
      at
      org.apache.commons.beanutils.MappedPropertyDescriptor.internalFindMethod
      (MappedPropertyDescriptor.java:453)
      at org.apache.commons.beanutils.MappedPropertyDescriptor.findMethod
      (MappedPropertyDescriptor.java:527)
      at org.apache.commons.beanutils.MappedPropertyDescriptor.<init>
      (MappedPropertyDescriptor.java:149)
      at org.apache.commons.beanutils.PropertyUtils.getPropertyDescriptor
      (PropertyUtils.java:907)
      at org.apache.commons.beanutils.BeanUtils.setProperty
      (BeanUtils.java:934)
      at org.apache.commons.beanutils.BeanUtils.populate(BeanUtils.java:808)
      at org.apache.struts.action.ActionServlet.initModulePlugIns
      (ActionServlet.java:1096)
      at org.apache.struts.action.ActionServlet.init(ActionServlet.java:468)
      at javax.servlet.GenericServlet.init(GenericServlet.java:258)
      at org.apache.catalina.core.StandardWrapper.loadServlet
      (StandardWrapper.java:916)
      at org.apache.catalina.core.StandardWrapper.load
      (StandardWrapper.java:808)
      at org.apache.catalina.core.StandardContext.loadOnStartup
      (StandardContext.java:3266)
      at org.apache.catalina.core.StandardContext.start
      (StandardContext.java:3395)
      at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
      at org.apache.catalina.core.StandardHost.start(StandardHost.java:614)
      at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
      at org.apache.catalina.core.StandardEngine.start
      (StandardEngine.java:343)
      at org.apache.catalina.core.StandardService.start
      (StandardService.java:388)
      at org.apache.catalina.core.StandardServer.start
      (StandardServer.java:506)
      at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
      at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
      at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke
      (NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke
      (DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)

      2003-05-06 08:58:58 StandardWrapper[:action]: Marking servlet action as
      unavailable
      2003-05-06 08:58:58 StandardContext[]: Servlet threw load() exception
      javax.servlet.UnavailableException
      at org.apache.struts.action.ActionServlet.initModulePlugIns
      (ActionServlet.java:1112)
      at org.apache.struts.action.ActionServlet.init(ActionServlet.java:468)
      at javax.servlet.GenericServlet.init(GenericServlet.java:258)
      at org.apache.catalina.core.StandardWrapper.loadServlet
      (StandardWrapper.java:916)
      at org.apache.catalina.core.StandardWrapper.load
      (StandardWrapper.java:808)
      at org.apache.catalina.core.StandardContext.loadOnStartup
      (StandardContext.java:3266)
      at org.apache.catalina.core.StandardContext.start
      (StandardContext.java:3395)
      at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
      at org.apache.catalina.core.StandardHost.start(StandardHost.java:614)
      at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123)
      at org.apache.catalina.core.StandardEngine.start
      (StandardEngine.java:343)
      at org.apache.catalina.core.StandardService.start
      (StandardService.java:388)
      at org.apache.catalina.core.StandardServer.start
      (StandardServer.java:506)
      at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
      at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
      at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke
      (NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke
      (DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              denis.balazuc@videotron.ca Denis Balazuc
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: