URISyntaxException in PermissionHolderImpl.instrumentCodeBase

[Marek Strejczek]

Hi,

I have a library that contains another jar. The code in the inner jar requires a SocketPermission, so I include the following entries in my library-jar.xml:

<security-permissions><security-permission-spec>

           grant codeBase "file:jars/*" { java.security.AllPermission; };

<security-permission-spec></security-permissions>

(actually it doesn't matter what I put inside codeBase - I tried "file:jars/*", "file:///jars/<name_of_jar>" and several other variations).

The problem is that the library fails to install due to the exception given below. I looked into the source (I'm on Mobicents 2.4.1-FINAL) and this line made me curious:

org.mobicents.slee.container.component.security.PermissionHolderImpl:172: URI presentCodeBase = new URI("file", "", new URI(ge.codeBase).getPath());

Is there any way it does not cause URISyntaxException due to empty scheme-specific part?

Any suggestion what is the proper Grant syntax to give permissions to constituent jars in a SLEE library? According to my understanding, JSLEE 1.1 spec (ch. 16.3) says that if I don't provide codeBase in the Grant statement then it does not cover constituent jars.

Best regards,

Marek Strejczek

---------

2011-08-10 16:41:05,708 INFO  [org.mobicents.slee.container.component.deployment.DeployableUnitBuilderImpl] Undeploying deployable unit due to building error

javax.slee.management.DeploymentException: failed to validate LibraryID[name=ParlayX RA API,vendor=ptk.sg,version=0.1-SNAPSHOT]

at org.mobicents.slee.container.component.deployment.DeployableUnitBuilderImpl.build(DeployableUnitBuilderImpl.java:265)

at org.mobicents.slee.container.component.deployment.DeployableUnitBuilderImpl.build(DeployableUnitBuilderImpl.java:72)

at org.mobicents.slee.container.management.jmx.DeploymentMBeanImpl.install(DeploymentMBeanImpl.java:163)

at org.mobicents.slee.container.deployment.jboss.action.InstallDeployableUnitAction.invoke(InstallDeployableUnitAction.java:41)

at org.mobicents.slee.container.deployment.jboss.DeploymentManager.sciAction(DeploymentManager.java:323)

at org.mobicents.slee.container.deployment.jboss.DeploymentManager.installDeployableUnit(DeploymentManager.java:168)

at org.mobicents.slee.container.deployment.jboss.SLEESubDeployer.start(SLEESubDeployer.java:281)

at org.mobicents.slee.container.deployment.jboss.SleeContainerDeployerImpl.start(SleeContainerDeployerImpl.java:262)

at org.mobicents.slee.container.deployment.jboss.SLEEDeployer.callSubDeployer(SLEEDeployer.java:124)

at org.mobicents.slee.container.deployment.jboss.SLEEDeployer.setInternalDeployer(SLEEDeployer.java:170)

at org.mobicents.slee.container.deployment.jboss.SleeContainerDeployerImpl$1.run(SleeContainerDeployerImpl.java:133)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)

at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)

at java.util.concurrent.FutureTask.run(FutureTask.java:138)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

at java.lang.Thread.run(Thread.java:662)

Caused by: javax.slee.management.DeploymentException: Failed to make permissions usable.

at org.mobicents.slee.container.component.LibraryComponentImpl.processSecurityPermissions(LibraryComponentImpl.java:168)

at org.mobicents.slee.container.component.deployment.DeployableUnitBuilderImpl.build(DeployableUnitBuilderImpl.java:262)

... 16 more

Caused by: java.lang.IllegalArgumentException: Failed to parse code base: file:///jars/*

at org.mobicents.slee.container.component.security.PermissionHolderImpl.instrumentCodeBase(PermissionHolderImpl.java:184)

at org.mobicents.slee.container.component.security.PermissionHolderImpl.setPolicy(PermissionHolderImpl.java:132)

at org.mobicents.slee.container.component.security.PermissionHolderImpl.<init>(PermissionHolderImpl.java:70)

at org.mobicents.slee.container.component.LibraryComponentImpl.processSecurityPermissions(LibraryComponentImpl.java:151)

... 17 more

Caused by: java.net.URISyntaxException: Expected scheme-specific part at index 5: file:#/jars/*

at java.net.URI$Parser.fail(URI.java:2809)

at java.net.URI$Parser.failExpecting(URI.java:2815)

at java.net.URI$Parser.parse(URI.java:3018)

at java.net.URI.<init>(URI.java:807)

at org.mobicents.slee.container.component.security.PermissionHolderImpl.instrumentCodeBase(PermissionHolderImpl.java:172)

... 20 more

...

-------------

[Bartosz Baranowski]

Hey. Im bit occupied with some other tasks, I should get back to this issue once Im done. Sorry for delay.
Bartosz Baranowski
JBoss R & D
==================================
Word of criticism meant to improve is always step forward.

[Bartosz Baranowski]

Just a quick check, did you try something like:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE library-jar PUBLIC "-//Sun Microsystems, Inc.//DTD JAIN SLEE Library 1.1//EN" "http://java.sun.com/dtd/slee-library-jar_1_1.dtd">

<library-jar>

        <library>

                <description>This is an optional description</description>

                <library-name>DramaSLEELibrary</library-name>

                <library-vendor>vendor</library-vendor>

                <library-version>version</library-version>

                <jar>

                        <description> This is another optional description </description>

                        <jar-name>

                              OneOfLibraryJars.jar

                        </jar-name>

                        <security-permissions>

                          <description>Optional description</description>

                          <security-permission-spec>

                            grant {

                              permission java.util.PropertyPermission "file", "write";

                            };

                          </security-permission-spec>

                        </security-permissions>

                </jar>

        </library>

        <security-permissions>

          <security-permission-spec>

             grant {

                permission java.util.PropertyPermission "socket", "*";

             };

          </security-permission-spec>

        </security-permissions>

</library-jar>

Bartosz Baranowski
JBoss R & D
==================================
Word of criticism meant to improve is always step forward.

[Marek Strejczek]

Hi Bartosz,
thanks for the response and sorry for replying so late - I needed to
switch to other tasks and had no time to check your suggestion until
today.
The syntax with <security-permissions> inside <jar> tag is accepted by
Mobicents at deploy time - I don't know why I missed it before and
tried to use the global library <security-permissions> tag with
codebase parameter. Possibly because the documentation for the
Mobicents Maven Library Plugin doesn't explain how to add <security-
permissions> on a per jar basis.
I cannot tell if it actually works since Mobicents by default doesn't
enforce permissions, but at least the library deployment succeeds.

Still this line looks suspicious to me due to the empty scheme-
specific part:

org.mobicents.slee.container.component.security.PermissionHolderImpl:
172:
URI presentCodeBase = new URI("file", "", new
URI(ge.codeBase).getPath());

And is there any way to add per-jar <security-permissions> using
Mobicents Maven Library Plugin? I cannot see any option for this in
the docs (http://community.jboss.org/wiki/
MobicentsMavenLibraryPlugin). When I include the <jar> tags (with my
custom <security-permissions>) in the plugin <configuration> section
of pom.xml then they are ignored by the plugin anyway.

BR
Marek Strejczek

> >> org.mobicents.slee.container.deployment.jboss.SleeContainerDeployerImpl$1.r un(SleeContainerDeployerImpl.java:133)

> >>  at
> >> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
> >> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
> >>  at java.util.concurrent.FutureTask.run(FutureTask.java:138)
> >> at

> >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.j ava:886)

> >>  at
> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java: 908)
> >> at java.lang.Thread.run(Thread.java:662)
> >> Caused by: javax.slee.management.DeploymentException: Failed to make
> >> permissions usable.
> >> at
> >> org.mobicents.slee.container.component.LibraryComponentImpl.processSecurity Permissions(LibraryComponentImpl.java:168)
> >>  at

> >> org.mobicents.slee.container.component.deployment.DeployableUnitBuilderImpl .build(DeployableUnitBuilderImpl.java:262)

> >> ... 16 more
> >> Caused by: java.lang.IllegalArgumentException: Failed to parse code base:
> >> file:///jars/*
> >> at
> >> org.mobicents.slee.container.component.security.PermissionHolderImpl.instru mentCodeBase(PermissionHolderImpl.java:184)
> >>  at

> >> org.mobicents.slee.container.component.security.PermissionHolderImpl.setPol icy(PermissionHolderImpl.java:132)

> >> at
> >> org.mobicents.slee.container.component.security.PermissionHolderImpl.<init> (PermissionHolderImpl.java:70)
> >>  at

> >> org.mobicents.slee.container.component.LibraryComponentImpl.processSecurity Permissions(LibraryComponentImpl.java:151)

> >> ... 17 more
> >> Caused by: java.net.URISyntaxException: Expected scheme-specific part at
> >> index 5: file:#/jars/*
> >> at java.net.URI$Parser.fail(URI.java:2809)
> >> at java.net.URI$Parser.failExpecting(URI.java:2815)
> >>  at java.net.URI$Parser.parse(URI.java:3018)
> >> at java.net.URI.<init>(URI.java:807)
> >> at

> >> org.mobicents.slee.container.component.security.PermissionHolderImpl.instru mentCodeBase(PermissionHolderImpl.java:172)

[Eduardo Martins]

Why do you need to setup permissions per jar in the library, why not
for the whole library?

-- Eduardo
..............................................
http://emmartins.blogspot.com
http://redhat.com/solutions/telco