Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

was 6.1.0.15, struts 2.0.11 and java 2 security error

66 views
Skip to first unread message

ri...@ole.com

unread,
Jul 11, 2008, 6:37:32 AM7/11/08
to
with a configuration of websphere application server 6.1.0.15, struts 2.0.11 and java 2 security

i have the next issue

(i had set com.ibm.ws.webcontainer.invokefilterscompatibility property to true)

when i run the application i get this error

Permiso:

file:\C:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\hccan60sCell01 \ParteTrabajoCAU.ear\ParteTrabajoCAUWeb.war\WEB-INF\lib\struts2-core-2.0.11.jar! \struts-default.xml : Access denied (java.io.FilePermission file:\C:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\hccan60sCell01 \ParteTrabajoCAU.ear\ParteTrabajoCAUWeb.war\WEB-INF\lib\struts2-core-2.0.11.jar! \struts-default.xml read)


Código:

com.opensymphony.xwork2.util.FileManager in {file:/C:/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/hccan60sCell0 1/ParteTrabajoCAU.ear/ParteTrabajoCAUWeb.war/WEB-INF/lib/xwork-2.0.4.jar}


Rastreo de pila:

java.security.AccessControlException: Access denied (java.io.FilePermission file:\C:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\hccan60sCell01 \ParteTrabajoCAU.ear\ParteTrabajoCAUWeb.war\WEB-INF\lib\struts2-core-2.0.11.jar! \struts-default.xml read)

at java.security.AccessController.checkPermission(AccessController.java:108)

at java.lang.SecurityManager.checkPermission(SecurityManager.java:548)

at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:2 12)

at java.lang.SecurityManager.checkRead(SecurityManager.java:887)

at java.io.File.exists(File.java:726)

at com.opensymphony.xwork2.util.FileManager.loadFile(FileManager.java:106)

at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadConfigura tionFiles(XmlConfigurationProvider.java:824)

at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadDocuments (XmlConfigurationProvider.java:131)

at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.init(XmlConfi gurationProvider.java:100)

at com.opensymphony.xwork2.config.impl.DefaultConfiguration.reload(DefaultConfigur ation.java:130)

at com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(Configurat ionManager.java:52)

at org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.j ava:395)

at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:452)

at org.apache.struts2.dispatcher.FilterDispatcher.init(FilterDispatcher.java:201)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.init(FilterInstanceWrapper .java:142)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager._loadFilter(WebAppFilterMana ger.java:471)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.loadFilter(WebAppFilterManag er.java:385)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.getFilterInstanceWrapper(Web AppFilterManager.java:244)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.getFilterChain(WebAppFilterM anager.java:302)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager .java:731)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager .java:679)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterMa nager.java:694)

at com.ibm.ws.wswebcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilter Manager.java:101)

at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.invokeFilters(Defau ltExtensionProcessor.java:791)

at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.handleRequest(Defau ltExtensionProcessor.java:472)

at com.ibm.ws.wswebcontainer.extension.DefaultExtensionProcessor.handleRequest(Def aultExtensionProcessor.java:113)

at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3357)

at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267)

at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)

at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455)

at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:115)

at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpI nboundLink.java:454)

at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpI nboundLink.java:383)

at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java :263)

at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminato rs(NewConnectionInitialReadCallback.java:214)

at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnec tionInitialReadCallback.java:113)

at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCo mpletionListener.java:165)

at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:21 7)

at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.ja va:161)

at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)

at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)

at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)

at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)


Ubicación del código base:


11/07/08 12:06:14:604 CEST 00000087 E UOW=null source=com.ibm.ws.webcontainer.webapp.WebApp org=IBM prod=WebSphere component=Application Server thread= WebContainer : 0

Servlet Error -[Filter struts2]: could not be initialized : Caught exception while loading file struts-default.xml - Class: java.security.AccessController

File: AccessController.java

Method: checkPermission

Line: 108 - java/security/AccessController.java:108:-1

at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadConfigura tionFiles(XmlConfigurationProvider.java:839)

at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadDocuments (XmlConfigurationProvider.java:131)

at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.init(XmlConfi gurationProvider.java:100)

at com.opensymphony.xwork2.config.impl.DefaultConfiguration.reload(DefaultConfigur ation.java:130)

at com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(Configurat ionManager.java:52)

at org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.j ava:395)

at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:452)

at org.apache.struts2.dispatcher.FilterDispatcher.init(FilterDispatcher.java:201)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.init(FilterInstanceWrapper .java:142)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager._loadFilter(WebAppFilterMana ger.java:471)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.loadFilter(WebAppFilterManag er.java:385)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.getFilterInstanceWrapper(Web AppFilterManager.java:244)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.getFilterChain(WebAppFilterM anager.java:302)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager .java:731)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager .java:679)

at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterMa nager.java:694)

at com.ibm.ws.wswebcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilter Manager.java:101)

at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.invokeFilters(Defau ltExtensionProcessor.java:791)

at com.ibm.ws.webcontainer.extension.DefaultExtensionProcessor.handleRequest(Defau ltExtensionProcessor.java:472)

at com.ibm.ws.wswebcontainer.extension.DefaultExtensionProcessor.handleRequest(Def aultExtensionProcessor.java:113)

at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3357)

at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267)

at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)

at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455)

at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:115)

at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpI nboundLink.java:454)

at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpI nboundLink.java:383)

at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java :263)

at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminato rs(NewConnectionInitialReadCallback.java:214)

at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnec tionInitialReadCallback.java:113)

at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCo mpletionListener.java:165)

at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:21 7)

at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.ja va:161)

at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)

at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)

at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)

at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)

Caused by: java.security.AccessControlException: Access denied (java.io.FilePermission file:\C:\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\hccan60sCell01 \ParteTrabajoCAU.ear\ParteTrabajoCAUWeb.war\WEB-INF\lib\struts2-core-2.0.11.jar! \struts-default.xml read)

at java.security.AccessController.checkPermission(AccessController.java:108)

at java.lang.SecurityManager.checkPermission(SecurityManager.java:548)

at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:2 12)

at java.lang.SecurityManager.checkRead(SecurityManager.java:887)

at java.io.File.exists(File.java:726)

at com.opensymphony.xwork2.util.FileManager.loadFile(FileManager.java:106)

at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadConfigura tionFiles(XmlConfigurationProvider.java:824)

... 37 more


the was.policy file content is:

grant codeBase "file:${application}" {

// permission java.io.FilePermission "${was.install.root}${/}profiles${/}-", "read";

permission java.lang.reflect.ReflectPermission "suppressAccessChecks","";

permission java.lang.RuntimePermission "getClassLoader";

permission java.lang.RuntimePermission "accessDeclaredMembers";

permission java.util.PropertyPermission "*", "read, write";

permission ognl.OgnlInvokePermission "*";


};


i had set read permissions to the struts2-core-2.0.11.jar and xwork-2.0.4.jar files, but not work

i got the code running uncommenting the firts line, but this is not a valid option

thanks in advance

Jesse Perkins

unread,
Aug 21, 2008, 7:42:51 AM8/21/08
to
I am having a very similar issue:

We have a WAR deployed to Tomcat. When I try to start the WAR, I get
the following logs in the Catalina_* and Application-Log.txt files:

server:/usr/share/tomcat5.5/logs# cat Application-Log.txt
[App] WARN [main] Environment.<clinit>(540) | could not copy system
properties, system properties will be ignored
[App] WARN [main]
FilterChainProxyPostProcessor.checkForDuplicates(117) | Possible
error: Filters at position 2 and 3 are both instances of
org.springframework.security.ui.webapp.AuthenticationProcessingFilter
[App] ERROR [main] [/Application].filterStart(3638) | Exception
starting filter struts


Caught exception while loading file struts-default.xml - Class:

java.security.AccessControlContext
File: AccessControlContext.java
Method: checkPermission
Line: 264 - java/security/AccessControlContext.java:264:-1
at
com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadConfigurationFiles(XmlConfigurationProvider.java:
839)
at
com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadDocuments(XmlConfigurationProvider.java:
131)
at
com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.init(XmlConfigurationProvider.java:
100)
at
com.opensymphony.xwork2.config.impl.DefaultConfiguration.reload(DefaultConfiguration.java:
130)
at
com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:
52)
at
org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.java:


395)
at
org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:452)
at
org.apache.struts2.dispatcher.FilterDispatcher.init(FilterDispatcher.java:
201)
at

org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:
223)
at
org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:
304)
at
org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:
77)
at
org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:
3634)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:
4217)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:
759)
at org.apache.catalina.core.ContainerBase.access
$0(ContainerBase.java:743)
at org.apache.catalina.core.ContainerBase
$PrivilegedAddChild.run(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:
737)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
at
org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:809)
at
org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:698)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:472)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:
310)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:
119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
at
org.apache.catalina.core.StandardService.start(StandardService.java:
450)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:
551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:
294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:
432)
Caused by: java.security.AccessControlException: access denied
(java.io.FilePermission file:/var/lib/tomcat5.5/webapps/Application/
WEB-INF/lib/struts2-core-2.0.11.2.jar!/struts-default.xml read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:
264)
at
java.security.AccessController.checkPermission(AccessController.java:
427)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:
871)
at java.io.File.exists(File.java:700)
at
com.opensymphony.xwork2.util.FileManager.loadFile(FileManager.java:
106)
at
com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.loadConfigurationFiles(XmlConfigurationProvider.java:
824)
... 37 more

We ran into several java.io.FilePermission problems and addressed them
by adding the following to the /etc/.tomcat5.5/policy.d/
04webapps.policy file:

grant codeBase "file:${catalina.base}/webapps/Application/-" {
permission java.lang.reflect.ReflectPermission
"suppressAccessChecks";
permission java.io.FilePermission "/var/lib/tomcat5.5/logs/*",
"read, write";
permission java.io.FilePermission "/var/lib/tomcat5.5/temp",
"read, write";
permission java.util.PropertyPermission "java.io.tmpdir", "read";
permission java.util.PropertyPermission "catalina.home", "read";
permission java.util.PropertyPermission "cglib.debugLocation",
"read";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.io.FilePermission "/var/lib/tomcat5.5/webapps/
Application/WEB-INF/lib/struts2-core-2.0.11.2.jar", "read";
permission java.io.FilePermission "/var/lib/tomcat5.5/webapps/
Application/WEB-INF/lib/struts2-core-2.0.11.2.jar!/struts-
default.xml", "read";
permission java.net.SocketPermission "DatabaseServerIP:Port",
"connect, resolve";
};

As you can see, I am adding the read permission to the jar and the
jar!/struts-default.xml files, but it isn’t helping. I am running
Tomcat with security enabled as this is going to be an internet facing
web app and I don’t want to just open the permissions up wide open.

If anyone has any ideas, it would be greatly appreciated. I have been
searching the internet for two days now and havent had any luck except
disabling Tomcat security.

Thanks...

Sortix

0 new messages