[
https://issues.apache.org/jira/browse/GERONIMO-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12600300#action_12600300
]
Kevan Miller commented on GERONIMO-4037:
----------------------------------------
Here's a potential workaround. Set the Xorg.apache.geronimo.JarFileClassLoader
property to "false". E.g.:
set JAVA_OPTS=-Djava.security.manager -Djava.security.policy=client.security
-DXorg.apache.geronimo.JarFileClassLoader=false
Your should be able to start Geronimo, now. This isn't really a fix. However,
for a relatively static deployment of Geronimo, this should work fine. If
you're using the server as a development environment and repeatedly
deploying/undeploying applications you'll find that deployment artifacts are
not properly deleted and you also may encounter ClassLoader memory leaks.
Some background -- on Windows we use our own JarFileClassLoader to read from
Jar files (rather than allow the ClassLoader implementation do the reading).
This allows us to avoid the extremely annoying problem of Windows locking jar
files (preventing us from deleting deployment artifacts after an undeploy).
It seems that the JarFileClassLoader is not working properly when you configure
a security manager. Here's some more info...
I agree with Dan that the GeronimoPolicyConfigurationFactory is not ideal.
However, I'm pretty sure that's not the cause of this problem. The Timer-2
thread indicates the problem, I think... I captured the following info I
captured locally:
{noformat}
Thread [main] (Evaluating)
GeronimoPolicy.implies(ProtectionDomain, Permission) line: 74
ProtectionDomain.implies(Permission) line: 195
AccessControlContext.checkPermission(Permission) line: 249
AccessController.checkPermission(Permission) line: 427
SecurityManager.checkPermission(Permission) line: 532
SecurityManager.checkRead(String) line: 871
File.canRead() line: 658
UrlResourceFinder.getClassPath() line: 151
UrlResourceFinder.getResource(String) line: 79
JarFileClassLoader$6.run() line: 278
AccessController.doPrivileged(PrivilegedExceptionAction<T>,
AccessControlContext) line: not available [native method]
JarFileClassLoader.findClass(String) line: 260
JarFileClassLoader(MultiParentClassLoader).loadClassInternal(String,
boolean, LinkedList<ClassLoader>) line: 470
JarFileClassLoader(MultiParentClassLoader).checkParents(String,
boolean, LinkedList<ClassLoader>) line: 498
JarFileClassLoader(MultiParentClassLoader).loadClassInternal(String,
boolean, LinkedList<ClassLoader>) line: 456
JarFileClassLoader(MultiParentClassLoader).checkParents(String,
boolean, LinkedList<ClassLoader>) line: 498
JarFileClassLoader(MultiParentClassLoader).loadOptimizedClass(String,
boolean) line: 407
JarFileClassLoader(MultiParentClassLoader).loadClass(String, boolean)
line: 278
JarFileClassLoader(ClassLoader).loadClass(String) line: 251
JarFileClassLoader(ClassLoader).loadClassInternal(String) line: 319
GeronimoPolicy.implies(ProtectionDomain, Permission) line: 74
ProtectionDomain.implies(Permission) line: 195
AccessControlContext.checkPermission(Permission) line: 249
AccessController.checkPermission(Permission) line: 427
SecurityManager.checkPermission(Permission) line: 532
SecurityManager.checkPropertyAccess(String) line: 1285
System.getProperty(String) line: 628
SecurityServiceImpl.sysOverRide(String, String) line: 101
SecurityServiceImpl.<init>(ClassLoader, ServerInfo, String, String,
String, String, String, String) line: 76
NativeConstructorAccessorImpl.newInstance0(Constructor, Object[]) line:
not available [native method]
NativeConstructorAccessorImpl.newInstance(Object[]) line: 39
DelegatingConstructorAccessorImpl.newInstance(Object[]) line: 27
Constructor<T>.newInstance(Object...) line: 494
GBeanInstance.createInstance() line: 948
GBeanInstanceState.attemptFullStart() line: 268
GBeanInstanceState.start() line: 102
GBeanInstanceState.startRecursive() line: 124
GBeanInstance.startRecursive() line: 555
BasicKernel.startRecursiveGBean(AbstractName) line: 379
ConfigurationUtil.startConfigurationGBeans(AbstractName, Configuration,
Kernel) line: 456
EditableKernelConfigurationManager(KernelConfigurationManager).start(Configuration)
line: 187
EditableKernelConfigurationManager(SimpleConfigurationManager).startConfiguration(Artifact,
LifecycleMonitor) line: 549
NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not
available [native method]
NativeMethodAccessorImpl.invoke(Object, Object[]) line: 39
DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 25
Method.invoke(Object, Object...) line: 585
ReflectionMethodInvoker.invoke(Object, Object[]) line: 34
GBeanOperation.invoke(Object, Object[]) line: 124
GBeanInstance.invoke(int, Object[]) line: 832
RawInvoker.invoke(int, Object[]) line: 57
RawOperationInvoker.invoke(AbstractName, Object[]) line: 35
ProxyMethodInterceptor.intercept(Object, Method, Object[], MethodProxy)
line: 96
EditableConfigurationManager$$EnhancerByCGLIB$$d521c36b.startConfiguration(Artifact,
LifecycleMonitor) line: not available
EmbeddedDaemon.doStartup() line: 158
EmbeddedDaemon.execute(Object) line: 79
MainConfigurationBootstrapper.main(MainConfigurationBootstrapper,
Object) line: 45
DaemonCLI(AbstractCLI).executeMain() line: 67
DaemonCLI.main(String[]) line: 30
{noformat}
JarFileClassLoader and UrlResourceFinder are Geronimo classes which are only
used on Windows (they avoid the extremely annoying Windows habit of jar files
getting locked by the OS). I think the problem here is that UrlResourceFinder
is not sufficiently privileged. Result is that we attempt to recursively load
the GeronimoPolicyConfigurationFactory. The ClassLoader is failing on this
recursive load of the GeronimoPolicyConfigurationFactory class. I'm pretty sure
that this is the cause of the LinkageError...
No fix yet. Probably won't look at this until tomorrow. If anybody wants to
jump in, have at it...
> Geronimo 2.0.3 (and I guess at least 2.0.2) can't run with a security
> manager settled from the command line using -Djava.security.manager
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-4037
> URL: https://issues.apache.org/jira/browse/GERONIMO-4037
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: kernel, security
> Affects Versions: 2.0.2
> Environment: Windows Xp Sp2
> Reporter: Jacques Le Roux
> Priority: Blocker
>
> I'm facing an issue on Windows XPsp2: I can't run WASCE with a security
> manager settled from the command line using
> -Djava.security.manager-Djava.security.policy=client.policy options. I get
> the error below. Note that this is working properly under Linux (Ubuntu and
> Suze as well).
> C:\geronimo-tomcat6-jee5-2.0.3\bin>geronimo run
> Using GERONIMO_BASE: C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_HOME: C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_TMPDIR: var\temp
> Using JRE_HOME: C:\Program Files\Java\jre1.5.0_11
> Listening for transport dt_socket at address: 5005
> Booting Geronimo Kernel (in Java 1.5.0_11)...
> Starting Geronimo Application Server v2.0.3-SNAPSHOT
> [***> ] 11% 27s Starting
> org.apac...15:57:28,625 ERROR [GBeanInstanceState] Error while starting;
> GBean is now in the FAILED state: abstractName="org.apache.geronimo.configs/
> j2ee-security/2.0.3-SNAPSHOT/car?ServiceModule=org.apache.geronimo.configs/j2ee-security/2.0.3-SNAPSHOT/car,j2eeType=GBean,name=SecurityService"
> java.lang.LinkageError:
> org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory
> at
> org.apache.geronimo.security.jacc.GeronimoPolicy.implies(GeronimoPolicy.java:74)
> at java.security.ProtectionDomain.implies(Unknown Source)
> at java.security.AccessControlContext.checkPermission(Unknown Source)
> at java.security.AccessController.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPermission(Unknown Source)
> at java.lang.Thread.setContextClassLoader(Unknown Source)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:1056)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:268)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:553)
> at
> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
> at
> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:448)
> at
> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187)
> at
> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:530)
> at
> org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
> at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
> at
> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> at
> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:830)
> at
> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> at
> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
> at
> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> at
> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$7e14cd11.startConfiguration(<generated>)
> at
> org.apache.geronimo.system.main.EmbeddedDaemon.doStartup(EmbeddedDaemon.java:156)
> at
> org.apache.geronimo.system.main.EmbeddedDaemon.execute(EmbeddedDaemon.java:78)
> at
> org.apache.geronimo.kernel.util.MainConfigurationBootstrapper.main(MainConfigurationBootstrapper.java:45)
> at
> org.apache.geronimo.cli.AbstractCLI.executeMain(AbstractCLI.java:67)
> at org.apache.geronimo.cli.daemon.DaemonCLI.main(DaemonCLI.java:30)
> 15:57:28,640 WARN [BasicLifecycleMonitor] Exception occured while notifying
> listener
> [...]
> This is needed in order to launch the OFBiz RMIDispatcher (in other words to
> allow using RMI inside Apache OFBiz). That's why I put this issue as a
> blocker.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
