[
https://issues.apache.org/jira/browse/GERONIMO-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12670618#action_12670618
]
xuhaihong edited comment on GERONIMO-4037 at 2/4/09 9:05 PM:
--------------------------------------------------------
As said by Kevan, it is caused by the classloading. IMO, it should not be a
security issue. In Geronimo, we would register our own Policy,
PolicyConfigurationFactory objects to the security system. I changed the
intialization order of that two objects, so that default Policy object is still
in effect while the classloader loads the GeronimoPolicyConfigurationFactory.
It maybe a trick ^_^
With the patch applied, the server could be started successfully with the
security turns on.
The patch is based on the 2.2 trunk base. Please help to reivew it, thanks !
was (Author: xuhaihong):
As said by Kevan, it is caused by the classloading. IMO, it should not be a
security issue. In Geronimo, we would register our own Policy,
PolicyConfigurationFactory objects to the security system. I changed the
intialization order of that two objects, so that default Policy object is still
in effect while the classloader loads the GeronimoPolicyConfigurationFactory. I
maybe a trick ^_^
With the patch applied, the server could be started successfully with the
security turns on.
The patch is based on the 2.2 trunk base. Please help to reivew it, thanks !
> Geronimo 2.0.3 (and I guess at least 2.0.2) can't run with a security
> manager settled from the command line using -Djava.security.manager
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-4037
> URL: https://issues.apache.org/jira/browse/GERONIMO-4037
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: kernel, security
> Affects Versions: 2.0.2
> Environment: Windows Xp Sp2
> Reporter: Jacques Le Roux
> Priority: Blocker
> Attachments: Geronimo-4037.patch
>
>
> I'm facing an issue on Windows XPsp2: I can't run WASCE with a security
> manager settled from the command line using
> -Djava.security.manager-Djava.security.policy=client.policy options. I get
> the error below. Note that this is working properly under Linux (Ubuntu and
> Suze as well).
> C:\geronimo-tomcat6-jee5-2.0.3\bin>geronimo run
> Using GERONIMO_BASE: C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_HOME: C:\geronimo-tomcat6-jee5-2.0.3
> Using GERONIMO_TMPDIR: var\temp
> Using JRE_HOME: C:\Program Files\Java\jre1.5.0_11
> Listening for transport dt_socket at address: 5005
> Booting Geronimo Kernel (in Java 1.5.0_11)...
> Starting Geronimo Application Server v2.0.3-SNAPSHOT
> [***> ] 11% 27s Starting
> org.apac...15:57:28,625 ERROR [GBeanInstanceState] Error while starting;
> GBean is now in the FAILED state: abstractName="org.apache.geronimo.configs/
> j2ee-security/2.0.3-SNAPSHOT/car?ServiceModule=org.apache.geronimo.configs/j2ee-security/2.0.3-SNAPSHOT/car,j2eeType=GBean,name=SecurityService"
> java.lang.LinkageError:
> org/apache/geronimo/security/jacc/GeronimoPolicyConfigurationFactory
> at
> org.apache.geronimo.security.jacc.GeronimoPolicy.implies(GeronimoPolicy.java:74)
> at java.security.ProtectionDomain.implies(Unknown Source)
> at java.security.AccessControlContext.checkPermission(Unknown Source)
> at java.security.AccessController.checkPermission(Unknown Source)
> at java.lang.SecurityManager.checkPermission(Unknown Source)
> at java.lang.Thread.setContextClassLoader(Unknown Source)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:1056)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:268)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:102)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:124)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:553)
> at
> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:379)
> at
> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:448)
> at
> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:187)
> at
> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:530)
> at
> org.apache.geronimo.kernel.config.SimpleConfigurationManager$$FastClassByCGLIB$$ce77a924.invoke(<generated>)
> at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
> at
> org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
> at
> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:830)
> at
> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> at
> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
> at
> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> at
> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$7e14cd11.startConfiguration(<generated>)
> at
> org.apache.geronimo.system.main.EmbeddedDaemon.doStartup(EmbeddedDaemon.java:156)
> at
> org.apache.geronimo.system.main.EmbeddedDaemon.execute(EmbeddedDaemon.java:78)
> at
> org.apache.geronimo.kernel.util.MainConfigurationBootstrapper.main(MainConfigurationBootstrapper.java:45)
> at
> org.apache.geronimo.cli.AbstractCLI.executeMain(AbstractCLI.java:67)
> at org.apache.geronimo.cli.daemon.DaemonCLI.main(DaemonCLI.java:30)
> 15:57:28,640 WARN [BasicLifecycleMonitor] Exception occured while notifying
> listener
> [...]
> This is needed in order to launch the OFBiz RMIDispatcher (in other words to
> allow using RMI inside Apache OFBiz). That's why I put this issue as a
> blocker.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
