SecurityException on setContextClassLoader after @SecuredAction

288 views
Skip to first unread message

Cobus Stroebel

unread,
Jan 5, 2017, 4:27:11 AM1/5/17
to SecureSocial
I have used this tutorial to implement a SOAP web service client in Play Framework: https://adventuresofasoftwarecraftsman.wordpress.com/2015/12/21/implementing-a-soap-client-with-cxf-using-play-framework-2-x/

The web service works fine until a method annotated by @SecuredAction is called that uses the web service.
Then the following error is produced:

javax.xml.ws.soap.SOAPFaultException: setContextClassLoader
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy73.getFilteredUsers(Unknown Source)
at controllers.ApplicationController.index(ApplicationController.java:112)
at router.Routes$$anonfun$routes$1$$anonfun$applyOrElse$1$$anonfun$apply$1.apply(Routes.scala:1540)
at router.Routes$$anonfun$routes$1$$anonfun$applyOrElse$1$$anonfun$apply$1.apply(Routes.scala:1540)
at play.core.routing.HandlerInvokerFactory$$anon$4.resultCall(HandlerInvoker.scala:157)
at play.core.routing.HandlerInvokerFactory$$anon$4.resultCall(HandlerInvoker.scala:156)
at play.core.routing.HandlerInvokerFactory$JavaActionInvokerFactory$$anon$14$$anon$3$$anon$1.invocation(HandlerInvoker.scala:136)
at play.core.j.JavaAction$$anon$1.call(JavaAction.scala:73)
at play.http.HttpRequestHandler$1.call(HttpRequestHandler.java:54)
at securesocial.core.java.Secured$1$1$1.apply(Secured.java:95)
at securesocial.core.java.Secured$1$1$1.apply(Secured.java:92)
at java.util.concurrent.CompletableFuture.uniCompose(CompletableFuture.java:952)
at java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:926)
at java.util.concurrent.CompletableFuture$Completion.exec(CompletableFuture.java:443)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
Caused by: java.lang.SecurityException: setContextClassLoader
at java.util.concurrent.ForkJoinWorkerThread$InnocuousForkJoinWorkerThread.setContextClassLoader(ForkJoinWorkerThread.java:244)
at org.apache.cxf.common.classloader.ClassLoaderUtils$1.run(ClassLoaderUtils.java:57)
at org.apache.cxf.common.classloader.ClassLoaderUtils$1.run(ClassLoaderUtils.java:54)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.cxf.common.classloader.ClassLoaderUtils.setThreadContextClassloader(ClassLoaderUtils.java:54)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:436)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
... 18 more

If anyone can explain why the security exception is thrown or maybe a workaround, I would greatly appreciate it.


Reply all
Reply to author
Forward
0 new messages