[
https://issues.apache.org/jira/browse/GERONIMO-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12600616#action_12600616
]
Kevan Miller commented on GERONIMO-4037:
----------------------------------------
Just to clarify what I think is going on.. It's more of a chicken and egg
problem that prevents a successful load of the
GeronimoPolicyConfigurationFactory class. Note that the second call to
GeronimoPolicy.implies() is triggered by File.canRead(). Which is being invoked
by UrlResourceFinder. The system ClassLoader would not require this second
SecurityManager check, it has permission to read files...
Cycle goes like this:
1. System.getProperty() needs a SecurityManager check to see if the operation
should be permitted.
2. To do this, we need to load the GeronimoPolicyConfigurationFactory class.
3. To load the class, JarFileClassLoader/UrlResourceFinder need to read the Jar
file.
4. To read the jar file, we need to load the GeronimoPolicyConfigurationFactory
class... Uh oh...
5. To load the class, we need to read the jar file.
6. To read the jar file, we need to load GeronimoPolicyConfigurationFactory
I'm a relative newbie to security policy configuration. Hoping that's enough to
get someone going... Send an email or ping me on IRC to discuss further
> Geronimo 2.0.3 (and I guess at least 2.0.2) can't run with a security
> manager settled from the command line using -Djava.security.manager
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-4037
> URL: https://issues.apache.org/jira/browse/GERONIMO-4037
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: kernel, security
> Affects Versions: 2.0.2
> Environment: Windows Xp Sp2
> Reporter: Jacques Le Roux
> Priority: Blocker
>
> I'm facing an issue on Windows XPsp2: I can't run WASCE with a security
> manager settled from the command line using
> -Djava.security.manager-Djava.security.policy=client.policy options. I get
> the error below. Note that this is working properly under Linux (Ubuntu and
> Suze as well).
> C:\geronimo-tomcat6-jee5-2.0.3\bin>geronimo run
> Using GERONIMO_BASE: C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_HOME: C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_TMPDIR: var\temp
> Using JRE_HOME: C:\Program Files\Java\jre1.5.0_11
> Listening for transport dt_socket at address: 5005
> Booting Geronimo Kernel (in Java 1.5.0_11)...
> Starting Geronimo Application Server v2.0.3-SNAPSHOT
> [***> ] 11% 27s Starting
> org.apac...15:57:28,625 ERROR [GBeanInstanceState] Error while starting;
> GBean is now in the FAILED state: abstractName="org.apache.geronimo.configs/
> j2ee-security/2.0.3-SNAPSHOT/car?ServiceModule=org.apache.geronimo.configs/j2ee-security/2.0.3-SNAPSHOT/car,j2eeType=GBean,name=SecurityService"
> java.lang.LinkageError:
> org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory
> at
> org.apache.geronimo.security.jacc.GeronimoPolicy.implies(GeronimoPolicy.java:74)
> at java.security.ProtectionDomain.implies(Unknown Source)
> at java.security.AccessControlContext.checkPermission(Unknown Source)
> at java.security.AccessController.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPermission(Unknown Source)
> at java.lang.Thread.setContextClassLoader(Unknown Source)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:1056)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:268)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:553)
> at
> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
> at
> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:448)
> at
> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187)
> at
> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:530)
> at
> org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
> at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
> at
> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> at
> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:830)
> at
> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> at
> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
> at
> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> at
> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$7e14cd11.startConfiguration(<generated>)
> at
> org.apache.geronimo.system.main.EmbeddedDaemon.doStartup(EmbeddedDaemon.java:156)
> at
> org.apache.geronimo.system.main.EmbeddedDaemon.execute(EmbeddedDaemon.java:78)
> at
> org.apache.geronimo.kernel.util.MainConfigurationBootstrapper.main(MainConfigurationBootstrapper.java:45)
> at
> org.apache.geronimo.cli.AbstractCLI.executeMain(AbstractCLI.java:67)
> at org.apache.geronimo.cli.daemon.DaemonCLI.main(DaemonCLI.java:30)
> 15:57:28,640 WARN [BasicLifecycleMonitor] Exception occured while notifying
> listener
> [...]
> This is needed in order to launch the OFBiz RMIDispatcher (in other words to
> allow using RMI inside Apache OFBiz). That's why I put this issue as a
> blocker.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
