What are you trying to, and in what environment (applets, java
webstart, ...).
Do you have a policy file, is the applet signed, is a securitymanager
running, ...?
In other words, give more information.
--
Kind regards,
Christophe Vanfleteren
> How could I know which class has access denied
> to some permission when I get an access denied exception?
The Stacktrace is usually helpful in that regard
Exception.printStackTrace()* is your friend
* inherets it from
Throwable.printStackTrace()
--
Andrew Thompson
* http://www.PhySci.org/ Open-source software suite
* http://www.PhySci.org/codes/ Web & IT Help
* http://www.1point1C.org/ Science & Technology
Sorry, It's a web application, using Tomcat 5.0.18, J2SDK1.4.2_02. I have
a policy file where I think I've granted permission to whole application,
but I get a permission exception anyway.
Of course, there is a SecutityManager because I've start Tomcat with -security
parameter at command line.
The stack trace is:
java.security.AccessControlException: access denied (java.io.FilePermission
/home/eduardoyp/Aplicaciones/jakarta-tomcat-5.0.18/webapps/smulti/WEB-INF/classes/net/sf/cglib/MethodProxy$Generator.class
read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at java.lang.SecurityManager.checkRead(SecurityManager.java:863)
at java.io.File.exists(File.java:678)
at org.apache.naming.resources.FileDirContext.file(FileDirContext.java:873)
at org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:255)
at org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:334)
at org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1750)
at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1618)
at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:900)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1350)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1230)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
at net.sf.cglib.MetaClass.addMembers(MetaClass.java:119)
at net.sf.cglib.MetaClass.<init>(MetaClass.java:104)
at es.bancoval.bfci18n.support.database.TgrDescriptionMetaClass13.<init>(<generated>)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at net.sf.cglib.MetaClass.getInstance(MetaClass.java:259)
at net.sf.hibernate.util.ReflectHelper.getMetaClass(ReflectHelper.java:319)
at net.sf.hibernate.persister.AbstractEntityPersister.<init>(AbstractEntityPersister.java:589)
at net.sf.hibernate.persister.EntityPersister.<init>(EntityPersister.java:665)
at net.sf.hibernate.persister.PersisterFactory.create(PersisterFactory.java:29)
at net.sf.hibernate.impl.SessionFactoryImpl.<init>(SessionFactoryImpl.java:207)
at net.sf.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:627)
at es.bancoval.bfci18n.support.database.DBBasicManager.<init>(DBBasicManager.java:23)
at es.bancoval.bfci18n.support.commands.GetProjects.execute(GetProjects.java:19)
at es.bancoval.bfci18n.support.controller.Helper.getProjects(Helper.java:455)
at es.bancoval.bfci18n.support.controller.MultiController.service(MultiController.java:74)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at sun.reflect.GeneratedMethodAccessor64.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:284)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:200)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:278)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:97)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:183)
at es.bfc.base.filter.AuthenticateFilter.doFilter(AuthenticateFilter.java:115)
at es.bfc.base.filter.AbstractFilter.doFilter(AbstractFilter.java:71)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:284)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:256)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:97)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:183)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:257)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:206)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:700)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
The problem is that I've granted with java.security.AllPermission several libraries like
hibernate, es.bancoval.*, es.bfc.*, org.apache.*, etc... Thus I'd like to know which is the class
which is not granted...
If I am reading this correctly (I have made mistakes)
net.sf.cglib.MethodProxy$Generator
..cannot be read
> The problem is that I've granted with java.security.AllPermission several libraries like
> hibernate, es.bancoval.*, es.bfc.*, org.apache.*, etc... Thus I'd like to know which is the class
> which is not granted...
See above.
It looks like org.apache.naming.resources.FileDirContext.file issues
the call to File.exists, and File.exists calls the SecurityManager, and
the SecurityManager throws an AccessControlException rather than returns.
>
> The problem is that I've granted with java.security.AllPermission
> several libraries like
> hibernate, es.bancoval.*, es.bfc.*, org.apache.*, etc... Thus I'd like
> to know which is the class
> which is not granted...
--Mike Amling
yes, I know read stack traces, but in my policy file I've granted java.security.AllPermission to
any application running in my Tomcat... so why I got this Exception?
I thought so, but in my policy file I have:
grant codeBase "file:${catalina.home}/common/-" {
permission java.security.AllPermission;
};
and at .....common/lib is the naming-resources.jar, so it might work, or I'm in a mistake?
well, instead of codeBase "file:${catalina.home}/common/-"...
I'm specified codeBase "file:${catalina.home}/common/lib/naming-resources.jar"
and it has worked!. Why it doesn't work with first statement???
I'm sorry again. I tested it without -security argument for Tomcat...
> I'm sorry if I'm expressing a bit hard, but I'm not speak english very well...
You speak English enough, but you leave
out important details.
No mention at first of policy files.
[ I read your English OK,
I not read your mind! ;-) ]
I just went through this trying to get a JavaSpaces connection working. It
turned out
that
1. Tomcat 5.0.19 did NOT handle policy correctly when on port 80 even though
it worked with port 8080 !!
2. Reverting back to Tomcat 4.1.30 worked whn my policy file specified the
application path.
grant codeBase "file:${catalina.home}/webapps/javaspace/WEB-INF/classes/-" {
permission java.security.AllPermission;
};
----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
Hi again :), I've managed to get my security working... I've tried the same configuration
on Tomcat 4.1.30 and it works fine!!, moreover it has pointed that there were some security
exceptions that Tomcat 5 don't told me.