Announcement Announcement Module
Collapse
No announcement yet.
Java SecurityManager with SpringSecurity Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Java SecurityManager with SpringSecurity

    Hi! I try join Java Security Manager to project with SpringSecurity (SS). I have the goal: my project works with SS and has dataSource (db2 database) as authentication-manager. I added ScriptManager(ScriptEngine) to project. Now I tries to setup security of project, what deny untrusted code. I use NetBeans and in properties of Tomcat (6.0.20) setup "Use Security Manager". Next, I edited {catalina.base}/conf/catalina.police. I added next "grants":


    grant codeBase "file:${catalina.base}/webapps/myapp/-" {
    permission java.security.AllPermission;
    };
    grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/-" {
    permission java.security.AllPermission;
    };
    grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/lib/-" {
    permission java.security.AllPermission;
    };
    grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/classes/-" {
    permission java.security.AllPermission;
    };

    grant codeBase "file:${catalina.base}/work/Catalina/localhost/myapp/" {
    permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtim e";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    };

    grant codeBase "file:${catalina.base}/webapps/myapp/-" {
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.lang.reflect.ReflectPermission "accessDeclaredMembers";
    permission java.io.FilePermission "${catalina.home}${file.separator}myapp${file.sepa rator}*", "read";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    permission java.lang.RuntimePermission "*";
    permission java.util.PropertyPermission "*", "read";
    };


    And now problem. When I run my code under debuger I get next error:
    07.12.2010 2:06:02 org.apache.catalina.core.ApplicationContext log
    INFO: Initializing Spring root WebApplicationContext
    07.12.2010 2:06:04 org.apache.catalina.core.StandardContext listenerStart
    SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListe ner
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.http.UserDeta ilsServiceInjectionBeanPostProcessor#0': Initialization of bean failed; nested exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
    .................................................


    and tomcat out:

    Using CATALINA_BASE: /home/user/.netbeans/6.8/apache-tomcat-6.0.20_base
    Using CATALINA_HOME: /usr/local/apache-tomcat-6.0.20
    Using CATALINA_TMPDIR: /home/user/.netbeans/6.8/apache-tomcat-6.0.20_base/temp
    Using JRE_HOME: /usr/lib/jvm/java
    Using Security Manager
    Listening for transport dt_socket at address: 11555
    07.12.2010 2:04:43 org.apache.catalina.core.AprLifecycleListener init
    INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/../lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386/client:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/../lib/i386:/usr/lib/mpi/gcc/openmpi/lib:/usr/java/packages/lib/i386:/lib:/usr/lib
    07.12.2010 2:04:43 org.apache.coyote.http11.Http11Protocol init
    INFO: Initializing Coyote HTTP/1.1 on http-8084
    07.12.2010 2:04:43 org.apache.coyote.http11.Http11Protocol init
    INFO: Initializing Coyote HTTP/1.1 on http-9443
    07.12.2010 2:04:43 org.apache.catalina.startup.Catalina load
    INFO: Initialization processed in 1536 ms
    07.12.2010 2:04:43 org.apache.catalina.core.StandardService start
    INFO: Starting service Catalina
    07.12.2010 2:04:43 org.apache.catalina.core.StandardEngine start
    INFO: Starting Servlet Engine: Apache Tomcat/6.0.20
    07.12.2010 2:04:45 org.apache.catalina.loader.WebappClassLoader validateJarFile
    INFO: validateJarFile(/home/deniz/NetBeansProjects/opensee/build/web/WEB-INF/lib/servlet.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
    07.12.2010 2:04:45 org.apache.juli.ClassLoaderLogManager readConfiguration
    WARNING: Reading /home/deniz/NetBeansProjects/opensee/build/web/WEB-INF/classes/logging.properties is not permitted. See "per context logging" in the default catalina.policy file.
    07.12.2010 2:04:45 org.apache.catalina.core.StandardContext addApplicationListener
    INFO: The listener "com.sun.faces.config.ConfigureListener" is already configured for this context. The duplicate definition has been ignored.
    log4j:WARN No appenders could be found for logger (org.springframework.web.context.ContextLoader).
    log4j:WARN Please initialize the log4j system properly.
    07.12.2010 2:04:47 com.sun.faces.config.ConfigureListener contextInitialized
    INFO: Initializing Mojarra 2.0.2 (FCS b10) for context '/opensee'
    07.12.2010 2:04:47 org.apache.catalina.core.StandardContext start
    SEVERE: Error listenerStart
    07.12.2010 2:04:47 org.apache.catalina.core.StandardContext start
    SEVERE: Context [/opensee] startup failed due to previous errors
    07.12.2010 2:04:47 com.sun.faces.config.ConfigureListener contextDestroyed
    SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime
    java.lang.IllegalStateException: Application was not properly initialized at startup, could not find Factory: javax.faces.application.ApplicationFactory
    at javax.faces.FactoryFinder$FactoryManager.getFactor y(FactoryFinder.java:804)
    at javax.faces.FactoryFinder.getFactory(FactoryFinder .java:306)
    at com.sun.faces.config.InitFacesContext.getApplicati on(InitFacesContext.java:104)
    at com.sun.faces.config.ConfigureListener.contextDest royed(ConfigureListener.java:309)
    at org.apache.catalina.core.StandardContext.listenerS top(StandardContext.java:3973)
    at org.apache.catalina.core.StandardContext.stop(Stan dardContext.java:4577)
    .................


    Also, when I insert this grant:
    grant {
    permission java.security.AllPermission;
    };


    all ok.

    OS: openSUSE 11.1
    OpenJDK 1.6.0.0-b11

    For setup used this tutorial: http://www.mikeski.net/site/node/18

    Please, help me. Thanks all...

  • #2
    Have you tried enabling debug logging for the security configuration as outlined in the tomcat reference?

    Comment


    • #3
      Java SecurityManager with SpringSecurity

      Do you mean:
      export CATALINA_OPTS=-Djava.security.debug=all

      Yes, I exported this option.

      Comment


      • #4
        I'm not trying to just put you off, but you will probably have better results asking the tomcat forum as this is not a Spring Security specific issue.

        Comment

        Working...
        X