I'm using brand new Elasticsearch 2.0.0 from a Java application.
When calling the prepareUpdate() method with an inline groovy script that has the following code:
import org.elasticsearch.common.logging.*
import groovy.json.*
ESLogger logger = ESLoggerFactory.getLogger('events-sequence.groovy')
def TOKEN_SEPARATOR = "###"
def flow = [ ]
try {
ctx._source.events.reverseEach { e ->
def context = e.tuplenized_context ? JsonOutput.toJson(e.tuplenized_context) : "[]"
flow << (e.name.toLowerCase() + TOKEN_SEPARATOR + context.toLowerCase())
}
ctx._source.flow = flow.join(TOKEN_SEPARATOR)
} catch (Throwable t) {
logger.error("Error applying derivation", t)
throw t
}
I'm receiving the following exception:
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "groovy.json.faststringutils.write.to.final.fields" "read")
According to the stacktrace, this happens when calling the JsonOutput.toJson() method:
java.lang.ExceptionInInitializerError
at groovy.json.internal.CharBuf.addJsonFieldName(CharBuf.java:516)
at groovy.json.JsonOutput.writeMap(JsonOutput.java:423)
at groovy.json.JsonOutput.writeObject(JsonOutput.java:267)
at groovy.json.JsonOutput.writeIterator(JsonOutput.java:441)
at groovy.json.JsonOutput.writeObject(JsonOutput.java:269)
at groovy.json.JsonOutput.toJson(JsonOutput.java:187)
at groovy.json.JsonOutput$toJson.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
at 3974cbb354b454f7c665982a3a8f854ede6125fb$_run_closure1.doCall(3974cbb354b454f7c665982a3a8f854ede6125fb:18)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1019)
at groovy.lang.Closure.call(Closure.java:426)
at groovy.lang.Closure.call(Closure.java:442)
at org.codehaus.groovy.runtime.DefaultGroovyMethods.each(DefaultGroovyMethods.java:2030)
at org.codehaus.groovy.runtime.DefaultGroovyMethods.reverseEach(DefaultGroovyMethods.java:2172)
at org.codehaus.groovy.runtime.dgm$532.invoke(Unknown Source)
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoMetaMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:274)
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:56)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
at 3974cbb354b454f7c665982a3a8f854ede6125fb.run(3974cbb354b454f7c665982a3a8f854ede6125fb:17)
at org.elasticsearch.script.groovy.GroovyScriptEngineService$GroovyScript.run(GroovyScriptEngineService.java:248)
at org.elasticsearch.action.update.UpdateHelper.executeScript(UpdateHelper.java:251)
at org.elasticsearch.action.update.UpdateHelper.prepare(UpdateHelper.java:196)
at org.elasticsearch.action.update.UpdateHelper.prepare(UpdateHelper.java:79)
at org.elasticsearch.action.bulk.TransportShardBulkAction.shardUpdateOperation(TransportShardBulkAction.java:408)
at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:203)
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryPhase.performOnPrimary(TransportReplicationAction.java:579)
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryPhase$1.doRun(TransportReplicationAction.java:452)
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "groovy.json.faststringutils.write.to.final.fields" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
at java.lang.System.getProperty(System.java:753)
at groovy.json.internal.FastStringUtils.<clinit>(FastStringUtils.java:37)
... 42 more
In my elasticsearch.yml config file, I've added these 2 lines:
script.inline: on
script.indexed: on
Is there anything else I need to configure so that I can serialize an object to JSON within a groovy script?
EDIT: I've also tried to initialize Elasticsearch setting the following option:
export ES_JAVA_OPTS=-Dgroovy.json.faststringutils.write.to.final.fields\=true
But had no luck, since the problem seems to be that there are no permissions to access the groovy.json.faststringutils.write.to.final.fields system property, whatever its value is.
EDIT 2: All modifying the default java.policy file, specifying a new policy file with the -Djava.security.manager and -Djava.security.policy=file:///my.policy options and disabling the security manager via the -Dsecurity.manager.enabled=false option didn't work.
I've reported this as an issue to the Elasticsearch guys, and they've already fixed it. Actually, here's the commit, but it won't be available until version 2.1.
Is there any workaround or configuration option to make it work now?
None of the other suggestions here worked for me either, but I did find that I could disable the ES security manager by adding the following to my elasticsearch.yml file...
security.manager.enabled: false
Note that this is deprecated as of 2.2.0 and will likely be removed soon. This is not a best practice and should be avoided when dynamic scripts are allowed.
You will have to update your policy file with the system property read permission.
Add: permission java.util.PropertyPermission "groovy.json.faststringutils.write.to.final.fields", "read" to the grant block.
The default policy file (java.policy) resides under $JAVA_HOME/lib/security, unless specified otherwise using java.security.policy system property.
Alternatively, run the JVM without a security manager with -Dsecurity.manager.enabled=false
A better way of implementing it is to define your script under /config/scripts. As your script is static, you gain following advantages out of it:
No inline scripting required which makes your application safe.
Script is compiled once and used again. This gives you performance gain.
No need to change any java security policy.
Related
I have an application running as a weblogic startup class. When it gets to the point where it has to request a service from my application that is setup with Kerberos Service Principal I get a 401 Unauthorized exception (As seen below).
When I run the application through a normal private static void main method using precisely the same JVM arguments and config files(listed below) it works.
I used Wireshark to see what is going on and I can see that it only tries to use the service once and not twice meaning that Weblogic does not know how to Negotiate authentication. It seems that Weblogic ignores my JVM arguments completely as there is no signs of Kerberos being used at all in Weblogic even with debug=true added to the jvm arguments and the config files. I did also set the logging level to debug and enabled atn and atz in monitoring there is no traces of any Kerberos being used
Here is my arguments (I tested singular and double slashes in my path as well as adding qoutes and not)
set JAVA_OPTIONS_KRB5_CREDS="-Djavax.security.auth.useSubjectCredsOnly=false"
set JAVA_OPTIONS_KRB5_CONF="-Djava.security.auth.login.config=C:\Mywork\wl12213\user_projects\domains\KSS\config\login.conf"
set JAVA_OPTIONS_KRB5_INI="-Djava.security.krb5.conf=C:\Mywork\wl12213\user_projects\domains\KSS\config\krb5.conf"
set JAVA_OPTIONS_KRB5_DEBUG="-Dsun.security.krb5.debug=true"
set JAVA_OPTIONS=%JAVA_OPTIONS% %JAVA_OPTIONS_KRB5_CREDS% %JAVA_OPTIONS_KRB5_CONF% %JAVA_OPTIONS_KRB5_INI% %JAVA_OPTIONS_KRB5_DEBUG%
Here is my main class
URL url = new URL("url to service (Using the url the SPN is registered to)");
QName qname = new QName("schema");
Service service = Service.create(url, qname);
keystoreService = service.getPort(new QName("schema", "KeystoreServiceSoap11"), KeystoreService.class);
GetKeystoreRequest request = new GetKeystoreRequest();
request.setKeystoreType(StoreType.IDENTITY_STORE);
request.setMachineName(machineName);
GetKeystoreResponse response = keystoreService.getKeystore(request);
The login.conf file
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required principal="KHULE" useKeyTab="true" keyTab="C:\\Mywork\\wl12213\\user_projects\\domains\\KSS\\config\\weblogic.keytab" storeKey="true" debug=true;
};
The Exception
Caused by: com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code 401: Unauthorized
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:332)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.createResponsePacket(HttpTransportPipe.java:274)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:232)
at weblogic.wsee.jaxws.transport.http.client.WLSHttpTransportPipe.process(WLSHttpTransportPipe.java:30)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:145)
at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:110)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
at com.sun.xml.ws.client.Stub.process(Stub.java:463)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:191)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:92)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:161)
at com.sun.proxy.$Proxy147.getKeystore(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:147)
at com.sun.proxy.$Proxy148.getKeystore(Unknown Source)
at za.co.discovery.security.camanager.clients.weblogic.KeyStoreFactory.getIdentityStore(KeyStoreFactory.java:66)
Can you please help me ?
Since the java 7 update 25 launched by Oracle our application no longer functions.
Initially we got some warning about codebase & sercurity tags missing in the Manifest file, which we fixed.
The problem we now end up with is that in the Console we only get the following lines:
#### Java Web Start Error:
#### null
We also get an application Error dialog with the message: Unable to launch the application.
The details button gives the following details in the Exception:
java.lang.NullPointerException
at com.sun.jnlp.JNLPClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader.java:206)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at desktop.DesktopProxySelector.<init>(DesktopProxySelector.java:24) <- code smippet below
at desktop.Main.main(Main.java:139) <- code smippet below
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Thread.java:724)
The relevant code parts are:
Desktop.Main.main
/**
* Main method, starts the application
*/
public static void main(String[] args) {
System.setProperty("java.net.useSystemProxies", "true");
//Logger.getLogger("httpclient.wire.header.level").setLevel(Level.FINEST);
//Logger.getLogger("org.apache.commons.httpclient.level").setLevel(Level.FINEST);
java.net.ProxySelector.setDefault(new DesktopProxySelector(java.net.ProxySelector.getDefault()));
(The last line is line number 139)
desktop.DesktopProxySelector:
public class DesktopProxySelector extends ProxySelector {
public DesktopProxySelector(ProxySelector defaultSelector) {
URI httpsUri = new CentralConfigurationService().getCentralLocation();
(The last line is line number 24 where the exception occures)
Can someone give us some clues hints (or better a solution) for this new behaviour of java caused by this 'minor' update.
When we run the application straight from the cli using java -jar Desktop.jar the application wil run file, so the issue has clearly something todo with the changes in java web start.
#trashgod: the error clearly has something to do with the Permissions change in 7u25, since the NullPointerException occurs in com.sun.jnlp.JNLPClassLoader.getPermissions.
Just to explain what I think happens (I am a colleague of Wouter):
desktop.Main instantiates a desktop.DesktopProxySelector (our class),
desktop.DesktopProxySelector instantiates desktop.configuration.CentralConfigurationService
desktop.configuration.CentralConfigurationService instantiates a java.net.URI.
On the first line of the DesktopProxySelector init where the CentralConfigurationService is instantiated the getPermissions method, called by the JNLPClassLoader, throws the NullPointerException. So something is going wrong while loading the CentralConfigurationService class by java webstart with getting the permissions for the class. Could that have anything to do with the fact that a URI class is instantiated, which requires extra permissions (a connection to a remote uri is setup)?
Eventually the problem was solved.
The problem was caused between a mismatch in the included jar files in the main MANIFEST.MF file vs the jar files mentioned in the launch.jnlp.
Apperently it is now required to have all jar files that will be used also be present in the launch.jnlp file.
(In the past it was decided to keep this file manually in sink, which obviously was not always maintained in a propper way. Now this process is automated, so the problem should no longer happen to us.)
I have a jBoss 5.1.0-GA running a server, it was running find. But I copied whole jboss to another server, (by using tar). When I start new jBoss, it give a "user null is NOT authenticated", here is the stack trace
[ExceptionUtil]
ConnectionFactoryEndpoint[jboss.messaging.connectionfactory:service=ConnectionFactory]
createFailoverConnectionDelegate [nb-z2y983bh-1-4b8983bh-kwpr33-100j3]
javax.jms.JMSSecurityException: User null is NOT authenticated
at
org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore.authenticate(JBossASSecurityMetadataStore.java:223)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:93)
at
com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:27)
at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:208)
at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:120)
at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:262)
at javax.management.StandardMBean.invoke(StandardMBean.java:391)
at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
at $Proxy260.authenticate(Unknown Source)
at
org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegateInternal(ServerConnectionFactoryEndpoint.java:233)
at
org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegate(ServerConnectionFactoryEndpoint.java:171)
at
org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.org$jboss$jms$server$endpoint$advised$ConnectionFactoryAdvised$createConnectionDelegate$aop(ConnectionFactoryAdvised.java:108)
at
org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.createConnectionDelegate(ConnectionFactoryAdvised.java)
at
org.jboss.jms.wireformat.ConnectionFactoryCreateConnectionDelegateRequest.serverInvoke(ConnectionFactoryCreateConnectionDelegateRequest.java:91)
at
org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:143)
at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106)
at org.jboss.remoting.Client.invoke(Client.java:1724)
at org.jboss.remoting.Client.invoke(Client.java:629)
at
org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.org$jboss$jms$client$delegate$ClientConnectionFactoryDelegate$createConnectionDelegate$aop(ClientConnectionFactoryDelegate.java:171)
at
org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeTarget(ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at
org.jboss.jms.client.container.StateCreationAspect.handleCreateConnectionDelegate(StateCreationAspect.java:81)
at
org.jboss.aop.advice.org.jboss.jms.client.container.StateCreationAspect_z_handleCreateConnectionDelegate_31070867.invoke(StateCreationAspect_z_handleCreateConnectionDelegate_31070867.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.createConnectionDelegate(ClientConnectionFactoryDelegate.java)
at
org.jboss.jms.client.JBossConnectionFactory.createConnectionInternal(JBossConnectionFactory.java:205)
at
org.jboss.jms.client.JBossConnectionFactory.createQueueConnection(JBossConnectionFactory.java:101)
at
org.jboss.jms.client.JBossConnectionFactory.createQueueConnection(JBossConnectionFactory.java:95)
at
org.jboss.resource.adapter.jms.inflow.dlq.AbstractDLQHandler.setupDLQConnection(AbstractDLQHandler.java:137)
at
org.jboss.resource.adapter.jms.inflow.dlq.AbstractDLQHandler.setup(AbstractDLQHandler.java:83)
at
org.jboss.resource.adapter.jms.inflow.dlq.JBossMQDLQHandler.setup(JBossMQDLQHandler.java:48)
at org.jboss.resource.adapter.jms.inflow.JmsActivation.setupDLQ(JmsActivation.java:413)
at org.jboss.resource.adapter.jms.inflow.JmsActivation.setup(JmsActivation.java:351)
at
org.jboss.resource.adapter.jms.inflow.JmsActivation$SetupActivation.run(JmsActivation.java:729)
at org.jboss.resource.work.WorkWrapper.execute(WorkWrapper.java:205)
at org.jboss.util.threadpool.BasicTaskWrapper.run(BasicTaskWrapper.java:260)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
12:01:34,859 ERROR [ExceptionUtil]
ConnectionFactoryEndpoint[jboss.messaging.connectionfactory:service=ConnectionFactory]
createFailoverConnectionDelegate [mb-z2y983bh-1-4b8983bh-kwpr33-100j3]
Can somebody help ?
Solved the problem, that was happened when we are going to solve some other problem, that is com.arjuna transaction issue, in that jboss keep throwing messages non stop, to resolve that issue, some posts recommended delete the 'data' folder in jBoss, when we delete that, the hypersonic database script inside the data folder is also deleted, therefore the user Null issue came out, so what we did was restored the hypersonic db script and now it's working fine.
One other possibility is that the data-source specified in the DatabaseServerLoginModule bean, which is configured in "messaging-jboss-beans.xml", does not match the data-source you are using for JMS.
This would probably occur when you have replaced the "hsqldb-persistence-service.xml" file in the "deploy/messaging" directory of your server, with a customized persistence service file configured to the database you wish to use for JMS (e.g. "postgresql-persistence-service.xml").
If you do so, you will need to make sure that the value of the dsJndiName module option of the DatabaseServerLoginModule bean matches the JNDI name of the data-store in the new "-persistence-service.xml" file. Simply replace java:/DefaultDS with your data-source JNDI name (e.g. java:/MysqlDB or whatever).
Reference: http://www.mail-archive.com/jboss-user#lists.sourceforge.net/msg59720.html
Since few weeks we have some trouble with our external test environment (which is not operated by us). Our webapplication is connected to a soap webservice.
We are using:
metro 2.1.1 for the webservice client
java-1.5.0-ibm-1.5.0.12.4 is installed on the test environment.
tomcat version: 5.5.27
The first time trying to initialize the client on this environment, we are getting the following exception (only on this environment):
java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
at javax.xml.ws.Service.<init>(Service.java:57)
at com.xxx.xxx.xxx.xxxy.client.MyServiceRequestProvider_Service.<init>(MyServiceRequestProvider_Service.java:50)
at com.xxx.xxx.client.MyServiceRequester.<init>(MyServiceRequester.java:63)
at com.xxx.xxx.action.CheckAction.execute(CheckAction.java:120)
at com.xxx.xxx.webservice.validators.ApplicationValidatorImpl.validateCheck(ApplicationValidatorImpl.java:403)
at com.xxx.xxx.webservice.validators.ApplicationValidatorImpl$$EnhancerByGuice$$55e5e7ad.CGLIB$validateCheck$6(<generated>)
at com.xxx.xxx.webservice.validators.ApplicationValidatorImpl$$EnhancerByGuice$$55e5e7ad$$FastClassByGuice$$380e5720.invoke(<generated>)
at com.google.inject.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:187)
at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
at com.xxx.xxx.webservice.guice.interceptor.ValidationErrorInterceptor.invoke(ValidationErrorInterceptor.java:21)
at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
at com.xxx.xxx.webservice.guice.interceptor.PersistenzInterceptor.invoke(PersistenzInterceptor.java:35)
at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
at com.google.inject.InterceptorStackCallback.intercept(InterceptorStackCallback.java:45)
at com.xxx.xxx.webservice.validators.ApplicationValidatorImpl$$EnhancerByGuice$$55e5e7ad.validateCheck(<generated>)
at com.xxx.xxx.webservice.endpoint.xxxWS.order(xxxWS.java:99)
at com.xxx.xxx.webservice.endpoint.xxxWS$$EnhancerByGuice$$3bd5ffaf.CGLIB$order$1(<generated>)
at com.xxx.xxx.webservice.endpoint.xxxWS$$EnhancerByGuice$$3bd5ffaf$$FastClassByGuice$$806bc0a0.invoke(<generated>)
at com.google.inject.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:187)
at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
at com.xxx.xxx.webservice.guice.interceptor.RsvAgeManipulatorInterceptor.invoke(RsvAgeManipulatorInterceptor.java:95)
at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
at com.xxx.xxx.webservice.guice.interceptor.ValueConverterInterceptor.invoke(ValueConverterInterceptor.java:101)
at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
at com.xxx.xxx.webservice.guice.interceptor.DataValidationInterceptor.invoke(DataValidationInterceptor.java:31)
at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
at com.xxx.xxx.webservice.guice.interceptor.UserValidationInterceptor.invoke(UserValidationInterceptor.java:36)
at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
at com.xxx.xxx.webservice.guice.interceptor.SessionInitializerInterceptor.invoke(SessionInitializerInterceptor.java:65)
at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:66)
at com.google.inject.InterceptorStackCallback.intercept(InterceptorStackCallback.java:45)
at com.xxx.xxx.webservice.endpoint.xxxWS$$EnhancerByGuice$$3bd5ffaf.order(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at com.sun.xml.ws.api.server.InstanceResolver$1.invoke(InstanceResolver.java:250)
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:150)
at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethodHandler.java:261)
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:100)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482)
at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:314)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:608)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:259)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapter.java:207)
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:159)
at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:194)
at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:775)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:704)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:897)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:811)
Caused by: java.lang.SecurityException: java.util.ServiceLoader - protected system package 'java.util'
at java.lang.ClassLoader.checkClassName(ClassLoader.java:213)
at java.lang.ClassLoader.defineClass(ClassLoader.java:255)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:151)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:600)
at java.net.URLClassLoader.access$400(URLClassLoader.java:124)
at java.net.URLClassLoader$ClassFinder.run(URLClassLoader.java:1055)
at java.security.AccessController.doPrivileged(AccessController.java:274)
at java.net.URLClassLoader.findClass(URLClassLoader.java:492)
at java.lang.ClassLoader.loadClass(ClassLoader.java:640)
at java.lang.ClassLoader.loadClass(ClassLoader.java:632)
at java.lang.ClassLoader.loadClass(ClassLoader.java:606)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1346)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1205)
at java.lang.Class.forNameImpl(Native Method)
at java.lang.Class.forName(Class.java:130)
at javax.xml.ws.spi.Provider.<clinit>(Provider.java:55)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
... 68 more
Further attempts to initialize this client results in:
2012-09-26 11:34:56,016 ERROR [TP-Processor7] com.xxx.xxx.client.MyServiceRequester#<init>(65): Error initialising MyServiceRequestProvider_Service
java.lang.NoClassDefFoundError: javax.xml.ws.spi.Provider (initialization failure)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:134)
at javax.xml.ws.Service.<init>(Service.java:57)
...
It seems that there are some security issues within the metro Provider class.
I think the following snipped of the class javax.xml.ws.spi.Provider of metro is the source of the failure:
static {
Method tLoadMethod = null;
Method tIteratorMethod = null;
try {
Class<?> clazz = Class.forName("java.util.ServiceLoader");
tLoadMethod = clazz.getMethod("load", Class.class);
tIteratorMethod = clazz.getMethod("iterator");
} catch(ClassNotFoundException ce) {
// Running on Java SE 5
} catch(NoSuchMethodException ne) {
// Shouldn't happen
}
loadMethod = tLoadMethod;
iteratorMethod = tIteratorMethod;
}
It seems that instead of throwing an ClassNotFoundException the Classloader throws an SecurityException, which is not catched by the
static initializer.
What can be the cause of this behaviour (some policy settings?) and how can we prevent this. The application is running on our local test environment, and was running on the external environment too. The external provider denies any changes of the environment.
Is this behaviour IBM-JDK specific ?
EDIT:
I found the following in the JDK 5.0 API class java.security.SecureClassLoader :
SecurityException - if an attempt is made to add this class to a
package that contains classes that were signed by a different set of
certificates than this class, or if the class name begins with
"java.".
But souldn't this happen to all Metro clients running on tomcat ?
EDIT:
Thanks a lot for the advice! There is actually the path of a JDK 1.6 rt.jar in the classpath. And therefore the ServiceLoader class is found but not allowed to load within the Provider.
Thanks to Sean,
There actually was the path of a JDK 1.6 rt.jar in the classpath. And therefore the ServiceLoader class is found but not allowed to load within the Provider.
I am having a jar archive environment which is gonna call my class in a folder like this:
java -jar "emarket.jar" ../tournament 100
My compiled class is deployed into the ../tournament folder, this command runs well.
After I changed my code to load a properties file, it gets the following exception message:
Exception in thread "main" java.security.AccessControlException: access denied (java.io.FilePermission agent.properties read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.FileInputStream.<init>(Unknown Source)
at java.io.FileInputStream.<init>(Unknown Source)
at Agent10479475.getPropertiesFromConfigFile(Agent10479475.java:110)
at Agent10479475.<init>(Agent10479475.java:100)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at emarket.client.EmarketSandbox.instantiateClientObjects(EmarketSandbox.java:92)
at emarket.client.EmarketSandbox.<init>(EmarketSandbox.java:27)
at emarket.client.EmarketSandbox.main(EmarketSandbox.java:166)
I am wondering why this security checking will fail. I issue the getPropertitiesFromConfigFile() function inside my class's default constructor, like this:
public class Agent10479475 extends AbstractClientAgent
{
//default constructor
public Agent10479475()
{
//set all properties to their default values in constructor
FT_THRESHOLD = 400;
FT_THRESHOLD_MARGIN = 50;
printOut("Now loading properties from a config file...", "");
getPropertiesFromConfigFile();
printOut("Finished loading","");
}
private void getPropertiesFromConfigFile()
{
Properties props = new Properties();
try
{
props.load(new FileInputStream("agent.properties"));
FT_THRESHOLD = Long.parseLong(props.getProperty("FT_THRESHOLD"));
FT_THRESHOLD_MARGIN = Long.parseLong(props.getProperty("FT_THRESHOLD_MARGIN "));
}
catch(java.io.FileNotFoundException fnfex)
{
printOut("CANNOT FIND PROPERTIES FILE :", fnfex);
}
catch(java.io.IOException ioex)
{
printOut("IOEXCEPTION OCCURED :", ioex);
}
}
}
My class is loading its own .properties file under the same folder. why would the Java environment complains about such a denial of access?
Must I config the emarket.client.EmarketSandbox class, which is not written by me and stored inside the emarket.jar, to access my agent.properties file?
Any hints or suggestions is much appreciated. Many thanks in advance.
Permissions are required to access the system properties files, and your code is clearly running in a sandbox that does not grant the permission. You either need to
modify the sandbox security rules to allow access to that file,
add a specific API you can call to pass the "agent.properties" file contents, or
find some other way to get the properties to your code that doesn't involve reading a file at all.
An example of the last might to pass the properties in the file as command line arguments, or put the file into your JAR file so that you can read it as a resource (modulo the security sandbox not blocking that as well.)
But it must be said that there is something weird about a JAR file that won't let you read files on your own machine. Why is it doing this? Is this a homework exercise ... about security managers, permissions, etc?
You can put the file "agent.properties" inside your jar and access it via getResourceAsStream. As I don't know your security policy in your sandbox in detail, that might work with the permissions or not.