Re: Permission check bug in GAE
77 views
Skip to first unread message
Ludovic Champenois
Dec 8, 2012, 1:37:55 PM12/8/12
to google-a...@googlegroups.com
I see it works only when TestCallee is public.
Will check if this security rule can be relaxed.
Ludo
On Saturday, December 8, 2012 9:43:27 AM UTC-8, Zbynek Vyskovsky wrote:
Will check if this security rule can be relaxed.
Ludo
On Saturday, December 8, 2012 9:43:27 AM UTC-8, Zbynek Vyskovsky wrote:
Hi,
I found an issue with hibernate failure when initializing EntityManager, due to security checks. This was already described at http://code.google.com/p/hibernate-gae/issues/detail?id=5
The problem is that GAE uses some wrapper to call the method which disallows the access because of different package.
I tried to create minimalistic code which works correctly in local JVM but fails in GAE, please find below. This approach is completely correct in Java, but it fails in GAE. Unfortunately it disallows to deploy hibernate code right now. Can someone check what could be done with it or how to work-around it?
Best Regards,
Zbynek
package com.example.gafail.servlet;
class TestCallee
{
public static String calleeMethod()
{
return "ok";
}
}
package com.example.gafail.servlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class GaFailServlet extends HttpServlet
{
private static final long serialVersionUID = 1L;
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response)
{
try {
response.getWriter().write("Hello: "+TestCallee.class.getMethod("calleeMethod").invoke(null));
}
catch (Exception ex) {
throw new RuntimeException(ex);
}
}
}
Mitch Rudominer
Dec 8, 2012, 8:39:05 PM12/8/12
to google-a...@googlegroups.com
Please post a stack trace so we know what problem you are seeing.
Zbynek Vyskovsky
Dec 9, 2012, 1:58:26 AM12/9/12
to google-a...@googlegroups.com
Sorry, here it is:
java.lang.RuntimeException: java.lang.IllegalAccessException: Class com.google.apphosting.runtime.security.shared.intercept.java.lang.reflect.Method_$1 can not access a member of class com.example.gafail.servlet.TestCallee with modifiers "public static"
at com.example.gafail.servlet.GaFailServlet.doGet(GaFailServlet.java:19)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:102)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:35)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:266)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:146)
at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:447)
at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:454)
at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:461)
at com.google.tracing.TraceContext.runInContext(TraceContext.java:703)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:338)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:330)
at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:458)
at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:251)
at java.lang.Thread.run(Thread.java:679)
Caused by: java.lang.IllegalAccessException: Class com.google.apphosting.runtime.security.shared.intercept.java.lang.reflect.Method_$1 can not access a member of class com.example.gafail.servlet.TestCallee with modifiers "public static"
at com.google.appengine.runtime.Request.process-558c34d83b7eee32(Request.java)
at sun.reflect.Reflection.ensureMemberAccess(Reflection.java:95)
at java.lang.reflect.Method.invoke(Method.java:43)
at com.example.gafail.servlet.GaFailServlet.doGet(GaFailServlet.java:16)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
...
Please let me know if you need any other information.
java.lang.RuntimeException: java.lang.IllegalAccessException: Class com.google.apphosting.runtime.security.shared.intercept.java.lang.reflect.Method_$1 can not access a member of class com.example.gafail.servlet.TestCallee with modifiers "public static"
at com.example.gafail.servlet.GaFailServlet.doGet(GaFailServlet.java:19)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:102)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:35)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:266)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:146)
at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:447)
at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:454)
at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:461)
at com.google.tracing.TraceContext.runInContext(TraceContext.java:703)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:338)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:330)
at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:458)
at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:251)
at java.lang.Thread.run(Thread.java:679)
Caused by: java.lang.IllegalAccessException: Class com.google.apphosting.runtime.security.shared.intercept.java.lang.reflect.Method_$1 can not access a member of class com.example.gafail.servlet.TestCallee with modifiers "public static"
at com.google.appengine.runtime.Request.process-558c34d83b7eee32(Request.java)
at sun.reflect.Reflection.ensureMemberAccess(Reflection.java:95)
at java.lang.reflect.Method.invoke(Method.java:43)
at com.example.gafail.servlet.GaFailServlet.doGet(GaFailServlet.java:16)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
...
Please let me know if you need any other information.
Reply all
Reply to author
Forward
0 new messages