Hi,
I use MyFaces 1.1.5 on WebSphere 5.1 with the Java 2 security enabled.
The new improvement (http://issues.apache.org/jira/browse/MYFACES-1423)
in MyFaces 1.1.5 causes lot of permission stacks at the startup of my
web
application:
[3/23/07 16:39:33:219 CET] 726dfdd0 SecurityManag W SECJ0314W: Current
Java 2 Security policy reported a potential violation of Java 2 Security
Permission. Please refer to Problem Determination Guide for further
information.
Permission:
\E:\DB2-8.2\db2jcc.jar : access denied (java.io.FilePermission
\E:\DB2-8.2\db2jcc.jar read)
Code:
org.apache.myfaces.shared_impl.util.ClassUtils in
{file:/E:/WebSphere51/AppServer/installedApps/1tvry1j/BRES-Console.ear/j
rules-bres-management.war/WEB-INF/lib/myfaces-impl-1.1.5.jar}
Stack Trace:
java.security.AccessControlException: access denied
(java.io.FilePermission \E:\DB2-8.2\db2jcc.jar read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.
java(Compiled
Code))
at
java.security.AccessController.checkPermission(AccessController.java(Com
piled
Code))
at
java.lang.SecurityManager.checkPermission(SecurityManager.java(Compiled
Code))
at
com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager
.java(Compiled
Code))
at sun.misc.URLClassPath.check(URLClassPath.java(Compiled Code))
at sun.misc.URLClassPath.checkURL(URLClassPath.java(Inlined Compiled
Code))
at java.net.URLClassLoader$3.next(URLClassLoader.java(Compiled
Code))
at
java.net.URLClassLoader$3.hasMoreElements(URLClassLoader.java:694)
at
sun.misc.CompoundEnumeration.next(CompoundEnumeration.java(Inlined
Compiled Code))
at
sun.misc.CompoundEnumeration.hasMoreElements(CompoundEnumeration.java(Co
mpiled
Code))
at
sun.misc.CompoundEnumeration.next(CompoundEnumeration.java(Inlined
Compiled Code))
at
sun.misc.CompoundEnumeration.hasMoreElements(CompoundEnumeration.java(Co
mpiled
Code))
at
sun.misc.CompoundEnumeration.next(CompoundEnumeration.java(Inlined
Compiled Code))
at
sun.misc.CompoundEnumeration.hasMoreElements(CompoundEnumeration.java(Co
mpiled
Code))
at
sun.misc.CompoundEnumeration.next(CompoundEnumeration.java(Inlined
Compiled Code))
at
sun.misc.CompoundEnumeration.hasMoreElements(CompoundEnumeration.java(Co
mpiled
Code))
at
sun.misc.CompoundEnumeration.next(CompoundEnumeration.java(Inlined
Compiled Code))
at
sun.misc.CompoundEnumeration.hasMoreElements(CompoundEnumeration.java(Co
mpiled
Code))
at
org.apache.myfaces.shared_impl.util.ClassUtils.getResources(ClassUtils.j
ava:250)
at
org.apache.myfaces.config.FacesConfigurator.logMetaInf(FacesConfigurator
.java:177)
at
org.apache.myfaces.config.FacesConfigurator.configure(FacesConfigurator.
java:137)
at
org.apache.myfaces.webapp.StartupServletContextListener.initFaces(Startu
pServletContextListener.java:68)
at
org.apache.myfaces.webapp.StartupServletContextListener.contextInitializ
ed(StartupServletContextListener.java:51)
at
com.ibm.ws.webcontainer.srt.WebGroup.notifyServletContextCreated(WebGrou
p.java:1745)
at com.ibm.ws.webcontainer.webapp.WebApp.init(WebApp.java:288)
at
com.ibm.ws.webcontainer.srt.WebGroup.loadWebApp(WebGroup.java:408)
at com.ibm.ws.webcontainer.srt.WebGroup.init(WebGroup.java:212)
at
com.ibm.ws.webcontainer.WebContainer.addWebApplication(WebContainer.java
:1047)
at
com.ibm.ws.runtime.component.WebContainerImpl.install(WebContainerImpl.j
ava:136)
at
com.ibm.ws.runtime.component.WebContainerImpl.start(WebContainerImpl.jav
a:356)
at
com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl
.java:517)
at
com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectS
tart(DeployedApplicationImpl.java:808)
at
com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl
.java:354)
at
com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedAppli
cationImpl.java:578)
at
com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(Applica
tionMgrImpl.java:311)
at
com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl
.java:268)
at
com.ibm.ws.runtime.component.ContainerImpl.startComponents(ContainerImpl
.java:536)
at
com.ibm.ws.runtime.component.ContainerImpl.start(ContainerImpl.java:413)
at
com.ibm.ws.runtime.component.ApplicationServerImpl.start(ApplicationServ
erImpl.java:152)
at
com.ibm.ws.runtime.component.ContainerImpl.startComponents(ContainerImpl
.java:536)
at
com.ibm.ws.runtime.component.ContainerImpl.start(ContainerImpl.java:413)
at
com.ibm.ws.runtime.component.ServerImpl.start(ServerImpl.java:246)
at com.ibm.ws.runtime.WsServer.start(WsServer.java:128)
at com.ibm.ws.runtime.WsServer.main(WsServer.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:85)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:58)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:60)
at java.lang.reflect.Method.invoke(Method.java:391)
at com.ibm.ws.bootstrap.WSLauncher.run(WSLauncher.java:222)
at java.lang.Thread.run(Thread.java:567)
As you can see, if I want to fix the permission issues I must give read
access to all JARs loaded in WebSphere, but I want avoid this.
I see that you check the log level before you enter into the method
logMetaInf, but I can't deactivate logs.
Could you add a flag to deactivate this log in your next version ?
Thanks,
Nicolas
