Announcement Announcement Module
Collapse
No announcement yet.
Access Denied Permission with TilesConfigurer Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access Denied Permission with TilesConfigurer

    Hi,

    I am using Tiles2, and Spring 2.5.4 in a Java web application being deployed on Tomcat 5.0.27. The app works fine on the local machine but while deployment fails with the following exception.

    org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'tilesConfigurer' defined in ServletContext resource [/WEB-INF/myapp-servlet.xml]: Invocation of init method failed; nested exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader)

    org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.initializeBean(Abstract AutowireCapableBeanFactory.java:1337)
    org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.doCreateBean(AbstractAu towireCapableBeanFactory.java:473)
    org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory$1.run(AbstractAutowireC apableBeanFactory.java:409)
    java.security.AccessController.doPrivileged(Native Method)
    org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.createBean(AbstractAuto wireCapableBeanFactory.java:380)
    org.springframework.beans.factory.support.Abstract BeanFactory$1.getObject(AbstractBeanFactory.java:2 64)
    org.springframework.beans.factory.support.DefaultS ingletonBeanRegistry.getSingleton(DefaultSingleton BeanRegistry.java:221)
    org.springframework.beans.factory.support.Abstract BeanFactory.doGetBean(AbstractBeanFactory.java:261 )
    org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:185)
    org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:164)
    org.springframework.beans.factory.support.DefaultL istableBeanFactory.preInstantiateSingletons(Defaul tListableBeanFactory.java:429)
    org.springframework.context.support.AbstractApplic ationContext.finishBeanFactoryInitialization(Abstr actApplicationContext.java:729)
    org.springframework.context.support.AbstractApplic ationContext.refresh(AbstractApplicationContext.ja va:381)
    org.springframework.web.servlet.FrameworkServlet.c reateWebApplicationContext(FrameworkServlet.java:4 02)
    org.springframework.web.servlet.FrameworkServlet.i nitWebApplicationContext(FrameworkServlet.java:316 )
    org.springframework.web.servlet.FrameworkServlet.i nitServletBean(FrameworkServlet.java:282)
    org.springframework.web.servlet.HttpServletBean.in it(HttpServletBean.java:126)
    javax.servlet.GenericServlet.init(GenericServlet.j ava:211)
    sun.reflect.GeneratedMethodAccessor53.invoke(Unkno wn Source)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(Se curityUtil.java:239)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject .java:517)
    org.apache.catalina.security.SecurityUtil.execute( SecurityUtil.java:266)
    org.apache.catalina.security.SecurityUtil.doAsPriv ilege(SecurityUtil.java:157)
    org.apache.catalina.security.SecurityUtil.doAsPriv ilege(SecurityUtil.java:110)
    org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:117)
    org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:535)
    org.apache.catalina.authenticator.SingleSignOn.inv oke(SingleSignOn.java:417)
    org.apache.coyote.tomcat5.CoyoteAdapter.service(Co yoteAdapter.java:160)
    org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyo teHandler.java:300)
    org.apache.jk.common.HandlerRequest.invoke(Handler Request.java:374)
    org.apache.jk.common.ChannelSocket.invoke(ChannelS ocket.java:743)
    org.apache.jk.common.ChannelSocket.processConnecti on(ChannelSocket.java:675)
    org.apache.jk.common.SocketConnection.runIt(Channe lSocket.java:866)
    org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:683)
    java.lang.Thread.run(Thread.java:595)

    root cause

    java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader)
    java.security.AccessControlContext.checkPermission (AccessControlContext.java:264)
    java.security.AccessController.checkPermission(Acc essController.java:427)
    java.lang.SecurityManager.checkPermission(Security Manager.java:532)
    java.lang.Thread.setContextClassLoader(Thread.java :1306)
    org.apache.tiles.util.ClassUtil.instantiate(ClassU til.java:82)
    org.apache.tiles.util.ClassUtil.instantiate(ClassU til.java:48)
    org.apache.tiles.factory.TilesContainerFactory.cre ateFactory(TilesContainerFactory.java:286)
    org.apache.tiles.factory.TilesContainerFactory.get Factory(TilesContainerFactory.java:144)
    org.apache.tiles.factory.TilesContainerFactory.get Factory(TilesContainerFactory.java:122)
    org.springframework.web.servlet.view.tiles2.TilesC onfigurer.createTilesContainer(TilesConfigurer.jav a:213)
    org.springframework.web.servlet.view.tiles2.TilesC onfigurer.afterPropertiesSet(TilesConfigurer.java: 201)
    org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.invokeInitMethods(Abstr actAutowireCapableBeanFactory.java:1368)
    org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.initializeBean(Abstract AutowireCapableBeanFactory.java:1334)
    org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.doCreateBean(AbstractAu towireCapableBeanFactory.java:473)
    org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory$1.run(AbstractAutowireC apableBeanFactory.java:409)
    java.security.AccessController.doPrivileged(Native Method)
    org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.createBean(AbstractAuto wireCapableBeanFactory.java:380)
    org.springframework.beans.factory.support.Abstract BeanFactory$1.getObject(AbstractBeanFactory.java:2 64)
    org.springframework.beans.factory.support.DefaultS ingletonBeanRegistry.getSingleton(DefaultSingleton BeanRegistry.java:221)
    org.springframework.beans.factory.support.Abstract BeanFactory.doGetBean(AbstractBeanFactory.java:261 )
    org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:185)
    org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:164)
    org.springframework.beans.factory.support.DefaultL istableBeanFactory.preInstantiateSingletons(Defaul tListableBeanFactory.java:429)
    org.springframework.context.support.AbstractApplic ationContext.finishBeanFactoryInitialization(Abstr actApplicationContext.java:729)
    org.springframework.context.support.AbstractApplic ationContext.refresh(AbstractApplicationContext.ja va:381)
    org.springframework.web.servlet.FrameworkServlet.c reateWebApplicationContext(FrameworkServlet.java:4 02)
    org.springframework.web.servlet.FrameworkServlet.i nitWebApplicationContext(FrameworkServlet.java:316 )
    org.springframework.web.servlet.FrameworkServlet.i nitServletBean(FrameworkServlet.java:282)
    org.springframework.web.servlet.HttpServletBean.in it(HttpServletBean.java:126)
    javax.servlet.GenericServlet.init(GenericServlet.j ava:211)
    sun.reflect.GeneratedMethodAccessor53.invoke(Unkno wn Source)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(Se curityUtil.java:239)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject .java:517)
    org.apache.catalina.security.SecurityUtil.execute( SecurityUtil.java:266)
    org.apache.catalina.security.SecurityUtil.doAsPriv ilege(SecurityUtil.java:157)
    org.apache.catalina.security.SecurityUtil.doAsPriv ilege(SecurityUtil.java:110)
    org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:117)
    org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:535)
    org.apache.catalina.authenticator.SingleSignOn.inv oke(SingleSignOn.java:417)
    org.apache.coyote.tomcat5.CoyoteAdapter.service(Co yoteAdapter.java:160)
    org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyo teHandler.java:300)
    org.apache.jk.common.HandlerRequest.invoke(Handler Request.java:374)
    org.apache.jk.common.ChannelSocket.invoke(ChannelS ocket.java:743)
    org.apache.jk.common.ChannelSocket.processConnecti on(ChannelSocket.java:675)
    org.apache.jk.common.SocketConnection.runIt(Channe lSocket.java:866)
    org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:683)
    java.lang.Thread.run(Thread.java:595)


    As the application is deployed on a shared hosting, I dont have access to Tomcat logs. Any idea what could be the cause of this error? A Google on the exception resulted in nothing

    Any pointers/suggestions are most welcome!

    Keep Walking,
    Sandy

  • #2
    The exception was due to the Class Loader being switched by the Tiles library to instantiate the TilesContainerFactory. Being on shared hosting, switching class loaders seems to be restrictive. The workaround was to write a wrapper over the org.apache.tiles.util.ClassUtil class to use the normal Class loading via Class.forName and skip out the methods where it resets the context loaders.

    Hope this helps (someone),
    Sandy

    Comment


    • #3
      tiles2 custom access denied and redirect

      Hi,

      i'm using tiles2, spring 2.5 and spring security 2.0.3

      1.i want to display a custom access denied page when an authenticated user tries to access a page without
      the role needed,for now i get a white empty page.
      my configuration:
      Code:
      	<definition name="EditProduct" extends="template">
      		<put-attribute name="content"  value="../edit.product?mode=EDIT" type="template" role="ACT_TEST_ACCESS_DENIED"/>		
      	</definition>
      how can achieve a custom access denied page?

      2.when accessing a url page without authenticating (login wasn't performed) i want to redirect the user to the login
      page regardless to the security needed for the asked page (sucured page or not).
      here is the exception i get:
      Code:
      	org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.apache.tiles.TilesException: ServletException including path 'mainTemplate.main'.
      	org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:583)
      	org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      	org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)
      	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359)
      	org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
      	org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
      	org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
      	org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
      	org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
      	org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:271)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
      	org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
      	org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
      	org.springframework.security.concurrent.ConcurrentSessionFilter.doFilterHttp(ConcurrentSessionFilter.java:99)
      	org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
      	org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:371)
      	org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:174)
      	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
      	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
      	org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96)
      	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
      
      
      root cause
      any help with the configuration will be appreciate.


      Thanks...

      Comment


      • #4
        From what it seems that Tiles encountered a problem rendering the tile 'mainTemplate.main'. This error is definitely not in the JSP (I assume you are using one) as the exception would have said that.

        From what I can sense it could be that Tiles is not able to find the tile, or one of the includes is missing. Could you double check that once? Try using a dummy tile to render it on a dummy URI. In case it works, then its an altogether different problem. Could you paste the relevant part of your tiles-defs.xml?

        Comment


        • #5
          enforcing login and custom access denied page

          Hi,
          thanks for your reply.

          i think i didn;t explain correctly what i want to todo.
          i want to achieve two things:
          1.for unauthenticated user - for any url (secured or not) will redirect to him login page (login enforcment).
          as recomended i used a simple page,called Dummy,i started with the unsecured page.
          when i login i can see the page (config is fine), but unauthenticated user also get the page whereas i would like him to be
          redirected to login page.how can i enforce login??

          2.as for authenticated user: when accessing to secured url without the role needed i want to display a
          custom access denied page.
          as suggested i used a the simple Dummy page (the previuos error was caused by the extension of my page),
          after i secured it with a role my user don't own.
          tring to access it after login - i get a white empty page.
          in the log i get :
          org.apache.tiles.impl.BasicTilesContainer: - Render request recieved for definition 'Dummy'
          org.apache.tiles.impl.BasicTilesContainer: - Access to definition 'Dummy' denied. User not in role '[ACT_TEST_ACCESS_DENIED]
          which is great - but now i would like the custom accsess denied page to be displayed.

          here is my configuration:

          security.xml:
          Code:
          <http entry-point-ref="authenticationEntryPoint" access-denied-page="/accessDenied.jsp"> 
          	<concurrent-session-control max-sessions="1"/>  
             	<logout logout-success-url="/login"/>  
          </http>
          it seems that tiles don't use spring access-denied-page attribute....

          web.xml:
          Code:
          <servlet>
          	<servlet-name>main</servlet-name>
          		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          	<load-on-startup>1</load-on-startup>
          </servlet>
          <servlet-mapping>
          	<servlet-name>main</servlet-name>
          	<url-pattern>*.main</url-pattern>
          </servlet-mapping>	
          
          <servlet>
          	<servlet-name>tiles</servlet-name>
          	<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          	<load-on-startup>1</load-on-startup>
          </servlet>
          <servlet-mapping>
          	<servlet-name>tiles</servlet-name>
          	<url-pattern>*.html</url-pattern>
          </servlet-mapping>
          tiles-servlet.xml:
          Code:
          <bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles2.TilesConfigurer">
          	<property name="definitions">
          		<list><value>/WEB-INF/defs/definitions.xml</value></list>
          	</property>
          	</bean>
          		<bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
          		<property name="viewClass" value="org.springframework.web.servlet.view.tiles2.TilesView"/>
          </bean>
          <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
          	<property name="mappings">
          		<props>
          			<prop key="/*.html">viewController</prop>
          		</props>
          	</property>
          </bean>
          <bean id="viewController" class="org.springframework.web.servlet.mvc.UrlFilenameViewController"/>
          definitions.xml:
          Code:
          <tiles-definitions>
          	<definition name="Dummy" template="Dummy.main" role="ACT_TEST_ACCESS_DENIED">
          	</definition>
          </tiles-definitions>
          main-servlet.xml:
          Code:
          <bean name="/Dummy.main" class="org.springframework.web.servlet.mvc.ParameterizableViewController">
          	<property name="viewName">
          		<value>jsp/Dummy.jsp</value>
          	</property>
          </bean>
          Dummy.jsp:
          Code:
          <%@ page language="java" contentType="text/html; charset=windows-1255"
              pageEncoding="windows-1255"%>
          <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
          <html>
          <head>
          <meta http-equiv="Content-Type" content="text/html; charset=windows-1255">
          <title>Insert title here</title>
          </head>
          <body>
          	Dummy!!!!
          </body>
          </html>
          accessDenied.jsp:
          Code:
          <%@ page language="java" contentType="text/html; charset=windows-1255"
              pageEncoding="windows-1255"%>
          <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
          <html>
          <head>
          <meta http-equiv="Content-Type" content="text/html; charset=windows-1255">
          <title>Insert title here</title>
          </head>
          <body>
          	Access denied!!
          </body>
          </html>
          </body>
          </html>

          Comment


          • #6
            login redirect works, custom access denied - don't work

            Hi,

            first issue was resolved:

            unauthenticated user is redirected to login page for each rul request.
            This is done by:

            Code:
              <beans:bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
              	<beans:property name="loginFormUrl" value="/project.login"/>
              </beans:bean>
            	
               <http entry-point-ref="authenticationEntryPoint" access-denied-page="/accessDenied.jsp" 
            						    access-decision-manager-ref="accessDecisionManager"> 
               	<intercept-url pattern="/**.html" access="SHOULD_LOGIN" />
                    <intercept-url pattern="/**/**.jsp" access="SHOULD_LOGIN" />
                    <intercept-url pattern="/**.jsp" access="SHOULD_LOGIN" />
                   	
            	<concurrent-session-control max-sessions="1"/>  
               	<logout logout-success-url="/project.login"/>  
               </http>
            
              <beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> 
                    <beans:property name="decisionVoters" ref="roleVoter"> 
                    </beans:property> 
                </beans:bean> 
               
              <!-- RoleVoter definition is needed as the prefix was changed from "ROLE_" to support "SHOULD_LOGIN" -->
             <beans:bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
            	<beans:property name = "rolePrefix" value = "" />
             </beans:bean>
            ther idea is to configured all url's to be secured ,<intercept-url> creates FilterSecurityInterceptor,
            which redirects unauthenticated user to authenticationEntryPoint = loging page.

            i'm still struggling with tiles displaying custom access denied page instead of new page...
            Any ideas?

            Comment

            Working...
            X