Hi, As you can imagine this has become a bit of a showstopper for me. I've added a bug report but as yet it has not been assigned or commented on etc. Just wondering how long these issues take to fix? Assume we're talking months? Need to have some idea to determine how to move forward.
Many thanks, Neil -----Original Message----- From: Werner Punz [mailto:werner.p...@gmail.com] Sent: 04 March 2016 07:36 To: users@myfaces.apache.org Subject: Re: FW: Tomcat Security Exceptions on deployment of example war (reformatted) Hi this is clearly a bug. Can you please put a bugreport on https://issues.apache.org/jira/browse/MYFACES Werner Am 02.03.16 um 23:12 schrieb Neil Richards: > Hi, > > I've been having trouble deploying my MyFaces(2.2.9) app on Tomcat 8 > with the security manager enabled, so I then tried deploying the > myfaces-example-simple-1.1.14.war and had the same problem. I need the > security manager enabled as I am deploying in production on a shared Tomcat > instance and the hosts will not allow the RuntimePermissions on > org.apache.catalina.core, org.apache.catalina.servlets or > org.apache.jasper.compiler. These are the stack traces I get: > > 02-Mar-2016 22:08:54.902 INFO [localhost-startStop-1] > org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security > Violation, attempt to use Re stricted Class: > org.apache.catalina.servlets.DefaultServlet > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" > "accessClassInPackage.org.apache.catalina.servlets") > at > java.security.AccessControlContext.checkPermission(AccessControlContex > t.java > :472) > at > java.security.AccessController.checkPermission(AccessController.java:884) > at > java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > at > java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564) > at > org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass > Loader > Base.java:1243) > at > org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass > Loader > Base.java:1142) > at java.lang.Class.forName0(Native Method) > at java.lang.Class.forName(Class.java:264) > at > org.apache.myfaces.ee6.MyFacesContainerInitializer.isDelegatedFacesSer > vlet(M > yFacesContainerInitializer.java:280) > at > org.apache.myfaces.ee6.MyFacesContainerInitializer.onStartup(MyFacesCo > ntaine > rInitializer.java:150) > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java: > 5244) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase. > java:7 > 25) > at > org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase. > java:153) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase. > java:143) > at java.security.AccessController.doPrivileged(Native Method) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:699) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) > at > org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:939) > at > org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1812) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j > ava:11 > 42) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor. > java:6 > 17) > at java.lang.Thread.run(Thread.java:745) > > 02-Mar-2016 22:08:59.435 INFO [localhost-startStop-1] > org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security > Violation, attempt to use Re stricted Class: > org.apache.jasper.compiler.JspRuntimeContext > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" > "accessClassInPackage.org.apache.jasper.compiler") > at > java.security.AccessControlContext.checkPermission(AccessControlContex > t.java > :472) > at > java.security.AccessController.checkPermission(AccessController.java:884) > at > java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > at > java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564) > at > org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass > Loader > Base.java:1243) > at > org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClass > Loader > Base.java:1142) > at java.lang.Class.forName0(Native Method) > at java.lang.Class.forName(Class.java:264) > at > org.apache.myfaces.webapp.Jsp21FacesInitializer.getJspFactory(Jsp21Fac > esInit > ializer.java:88) > at > org.apache.myfaces.webapp.Jsp21FacesInitializer.initContainerIntegrati > on(Jsp > 21FacesInitializer.java:62) > at > org.apache.myfaces.webapp.AbstractFacesInitializer.initFaces(AbstractF > acesIn > itializer.java:172) > at > org.apache.myfaces.webapp.StartupServletContextListener.contextInitial > ized(S > tartupServletContextListener.java:121) > at > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java: > 4810) > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java: > 5255) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase. > java:7 > 25) > at > org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:131) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase. > java:153) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase. > java:143) > at java.security.AccessController.doPrivileged(Native Method) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:699) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) > at > org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:939) > at > org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1812) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j > ava:11 > 42) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor. > java:6 > 17) > at java.lang.Thread.run(Thread.java:745) > > I previously had a 2.1.9 version running on Tomcat 6 without any problems. > Is it true that now MyFaces cannot be deployed in these circumstances? > If not, can anyone tell me how I can overcome these problems? > > Many thanks, > Neil > > >
