4 Replies Latest reply on Jan 30, 2007 3:23 PM by genman

Applets communicating with EJBs

newhere Dec 12, 2006 7:41 PM

Hello gurus,
I am trying to follow the example here:
http://www.huihoo.com/jboss/online_manual/3.0/ch13s21.html

Though slightly modified so I could debug a bit. (needed to add some additional jars to the applet's ARCHIVE tag, use Context.XXX constants as opposed to hard coded strings for keys when creating the jndi properties for the InitialContext, etc)

After calling InitialContext.lookup( myJndiName );
I get the following exception (on the client side)


java.security.AccessControlException: access denied (java.util.PropertyPermission SERIALIZATION read)
 at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
 at java.security.AccessController.checkPermission(AccessController.java:427)
 at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
 at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
 at java.lang.System.getProperty(System.java:662)
 at org.jboss.remoting.serialization.SerializationStreamFactory.<clinit>(SerializationStreamFactory.java:54)
 at org.jboss.invocation.unified.interfaces.JavaSerializationManager.register(JavaSerializationManager.java:80)
 at org.jboss.invocation.unified.interfaces.JavaSerializationManager.register(JavaSerializationManager.java:61)
 at org.jboss.invocation.unified.interfaces.JavaSerializationManager.<clinit>(JavaSerializationManager.java:55)
 at java.lang.Class.forName0(Native Method)
 at java.lang.Class.forName(Class.java:164)
 at org.jboss.invocation.InvokerInterceptor.<clinit>(InvokerInterceptor.java:86)
 at sun.misc.Unsafe.ensureClassInitialized(Native Method)
 at sun.reflect.UnsafeFieldAccessorFactory.newFieldAccessor(UnsafeFieldAccessorFactory.java:25)
 at sun.reflect.ReflectionFactory.newFieldAccessor(ReflectionFactory.java:122)
 at java.lang.reflect.Field.acquireFieldAccessor(Field.java:917)
 at java.lang.reflect.Field.getFieldAccessor(Field.java:898)
 at java.lang.reflect.Field.getLong(Field.java:527)
 at java.io.ObjectStreamClass.getDeclaredSUID(ObjectStreamClass.java:1586)
 at java.io.ObjectStreamClass.access$700(ObjectStreamClass.java:52)
 at java.io.ObjectStreamClass$2.run(ObjectStreamClass.java:408)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.io.ObjectStreamClass.<init>(ObjectStreamClass.java:400)
 at java.io.ObjectStreamClass.lookup(ObjectStreamClass.java:297)
 at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:531)
 at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1552)
 at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1466)
 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1699)
 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
 at java.io.ObjectInputStream.readObject(ObjectInputStream.java:348)
 at org.jboss.proxy.Interceptor.readExternal(Interceptor.java:80)
 at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1755)
 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1717)
 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
 at java.io.ObjectInputStream.readObject(ObjectInputStream.java:348)
 at org.jboss.proxy.Interceptor.readExternal(Interceptor.java:80)
 at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1755)
 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1717)
 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
 at java.io.ObjectInputStream.readObject(ObjectInputStream.java:348)
 at org.jboss.proxy.Interceptor.readExternal(Interceptor.java:80)
 at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1755)
 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1717)
 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
 at java.io.ObjectInputStream.readObject(ObjectInputStream.java:348)
 at org.jboss.proxy.ClientContainer.readExternal(ClientContainer.java:156)
 at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1755)
 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1717)
 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
 at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1908)
 at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1832)
 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719)
 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
 at java.io.ObjectInputStream.readObject(ObjectInputStream.java:348)
 at java.rmi.MarshalledObject.get(MarshalledObject.java:135)
 at org.jnp.interfaces.MarshalledValuePair.get(MarshalledValuePair.java:72)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:652)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:587)
 at javax.naming.InitialContext.lookup(InitialContext.java:351)
 at MainApplet.callEjbButton_actionPerformed(MainApplet.java:93)
 at MainApplet$1.actionPerformed(MainApplet.java:36)
 at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1849)
 at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2169)
 at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:420)
 at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:258)
 at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
 at java.awt.Component.processMouseEvent(Component.java:5501)
 at javax.swing.JComponent.processMouseEvent(JComponent.java:3135)
 at java.awt.Component.processEvent(Component.java:5266)
 at java.awt.Container.processEvent(Container.java:1966)
 at java.awt.Component.dispatchEventImpl(Component.java:3968)
 at java.awt.Container.dispatchEventImpl(Container.java:2024)
 at java.awt.Component.dispatchEvent(Component.java:3803)
 at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4212)
 at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3892)
 at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3822)
 at java.awt.Container.dispatchEventImpl(Container.java:2010)
 at java.awt.Component.dispatchEvent(Component.java:3803)
 at java.awt.EventQueue.dispatchEvent(EventQueue.java:463)
 at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
 at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
 at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
 at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
 at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)

I notice up towards the top of the stack trace,
org.jboss.remoting.serialization.SerializationStreamFactory
is trying to call System.getProperty() I assume this has somethign to do with this security problem from within the browser sandbox?

Though it seems this exception is only logged in the java console and not thrown, since execution continues and does not go to the catch clause which is catching SecutrityException and I am returned a non null object reference. I narrow this reference (this is the how interface) then I call create() and I receive the following exception and this exception is actually raised this time, not just logged.

Exception in thread "AWT-EventQueue-2" java.lang.ExceptionInInitializerError
 at org.jboss.proxy.SecurityInterceptor$3.run(SecurityInterceptor.java:102)
 at java.security.AccessController.doPrivileged(Native Method)
 at org.jboss.proxy.SecurityInterceptor$2.getPrincipal(SecurityInterceptor.java:116)
 at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:58)
 at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:184)
 at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
 at $Proxy0.create(Unknown Source)
 at MainApplet.callEjbButton_actionPerformed(MainApplet.java:102)
 at MainApplet$1.actionPerformed(MainApplet.java:36)
 at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1849)
 at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2169)
 at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:420)
 at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:258)
 at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
 at java.awt.Component.processMouseEvent(Component.java:5501)
 at javax.swing.JComponent.processMouseEvent(JComponent.java:3135)
 at java.awt.Component.processEvent(Component.java:5266)
 at java.awt.Container.processEvent(Container.java:1966)
 at java.awt.Component.dispatchEventImpl(Component.java:3968)
 at java.awt.Container.dispatchEventImpl(Container.java:2024)
 at java.awt.Component.dispatchEvent(Component.java:3803)
 at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4212)
 at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3892)
 at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3822)
 at java.awt.Container.dispatchEventImpl(Container.java:2010)
 at java.awt.Component.dispatchEvent(Component.java:3803)
 at java.awt.EventQueue.dispatchEvent(EventQueue.java:463)
 at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
 at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
 at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
 at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
 at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission org.jboss.security.SecurityAssociation.ThreadLocal read)
 at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
 at java.security.AccessController.checkPermission(AccessController.java:427)
 at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
 at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
 at java.lang.System.getProperty(System.java:662)
 at org.jboss.security.SecurityActions$2.run(SecurityActions.java:46)
 at java.security.AccessController.doPrivileged(Native Method)
 at org.jboss.security.SecurityActions$1.getProperty(SecurityActions.java:41)
 at org.jboss.security.SecurityActions.getProperty(SecurityActions.java:73)
 at org.jboss.security.SecurityAssociation.<clinit>(SecurityAssociation.java:141)
 ... 32 more

Again I see jboss code trying to call System.getProperty() is this what is causing this security problem? What property is it looking for? Can I supply this property to the InitialContext somehow so that it doesn't need to look in the system env for it?

Thanks for any help

1. Re: Applets communicating with EJBs

newhere Dec 12, 2006 10:44 PM (in response to newhere)

Was this a bug that was fixed years ago and now a regression??

http://www.mail-archive.com/jboss-development@lists.sourceforge.net/msg07112.html //www.mail-archive.com/jboss-development@lists.sourceforge.net/msg07112.html
Actions
2. Re: Applets communicating with EJBs

newhere Dec 14, 2006 4:19 AM (in response to newhere)

Does anyone know if this is a bug or not?

Or if this is not the appropriate place to ask if this is expected behavior, does anyone know where I should ask?
Actions
3. Re: Applets communicating with EJBs

dnc Jan 30, 2007 1:19 PM (in response to newhere)

Hi,

I have the same promblem too :(

Maybe someone figured it out?
Actions
4. Re: Applets communicating with EJBs

genman Jan 30, 2007 3:23 PM (in response to newhere)

The logging is done in the latest code base and is normal.

The second error looks suspicious. If you have tested using the latest versions of things, raise an issue on the security forum, including the version and code and config causing issues.
Actions

Go to original post