Naming lookup needs a getClassloader permission
anil.saldhana Nov 18, 2008 11:20 AMScott, from the following stacktrace, we see that the JNP layer needs to have a "getClassloader" permission. Should a privileged operation go in naming? If not, user applications who do any JNDI lookup will need to be assigned the "getClassloader" perm.
EJBException:; nested exception is: javax.ejb.EJBException: javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Could not dereference object [Root exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)]] java.rmi.ServerException: EJBException:; nested exception is: javax.ejb.EJBException: javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Could not dereference object [Root exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)]] at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:365) at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:209) at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138) at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650) at org.jboss.ejb.Container.invoke(Container.java:1029) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668) at org.jboss.invocation.unified.server.UnifiedInvoker.invoke(UnifiedInvoker.java:232) at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908) at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:742) at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:695) at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:549) at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:230) Caused by: javax.ejb.EJBException: javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Could not dereference object [Root exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)]] at org.jboss.test.cmp2.audit.beans.AuditSessionBean.createCheck(AuditSessionBean.java:408) at org.jboss.test.cmp2.audit.beans.AuditSessionBean.createAuditMappedCheck(AuditSessionBean.java:330) at org.jboss.invocation.Invocation.performCall(Invocation.java:386) at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:228) at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:156) at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:173) at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63) at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121) at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350) at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181) at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228) at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211) at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:97) at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java:81) at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205) at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138) at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650) at org.jboss.ejb.Container.invoke(Container.java:1029) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668) at org.jboss.invocation.unified.server.UnifiedInvoker.invoke(UnifiedInvoker.java:232) at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908) at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:742) at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:695) at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:549) at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:230) at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:206) at org.jboss.remoting.Client.invoke(Client.java:1708) at org.jboss.remoting.Client.invoke(Client.java:612) at org.jboss.invocation.unified.interfaces.UnifiedInvokerProxy.invoke(UnifiedInvokerProxy.java:184) at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:365) at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:197) at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61) at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:87) at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112) at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:101) at $Proxy3.createAuditMappedCheck(Unknown Source) at org.jboss.test.cmp2.audit.test.AuditUnitTestCase.testUpdateAuditMappedChangedFields(AuditUnitTestCase.java:170) at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24) at junit.extensions.TestSetup$1.protect(TestSetup.java:21) at junit.extensions.TestSetup.run(TestSetup.java:25) Caused by: javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Could not dereference object [Root exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)]] at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1339) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:804) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:820) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:673) at javax.naming.InitialContext.lookup(InitialContext.java:351) at org.jboss.test.cmp2.audit.beans.AuditSessionBean.getDataSource(AuditSessionBean.java:539) at org.jboss.test.cmp2.audit.beans.AuditSessionBean.getAuditData(AuditSessionBean.java:454) at org.jboss.test.cmp2.audit.beans.AuditSessionBean.createCheck(AuditSessionBean.java:398) at org.jboss.test.cmp2.audit.beans.AuditSessionBean.createAuditMappedCheck(AuditSessionBean.java:330) at org.jboss.invocation.Invocation.performCall(Invocation.java:386) at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:228) at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:156) at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:173) at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63) at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121) at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350) at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181) at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228) at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211) at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:97) at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java:81) at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205) at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138) at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650) at org.jboss.ejb.Container.invoke(Container.java:1029) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668) at org.jboss.invocation.unified.server.UnifiedInvoker.invoke(UnifiedInvoker.java:232) at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908) at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:742) at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:695) at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:549) at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:230) Caused by: javax.naming.NamingException: Could not dereference object [Root exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)] at org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.java:1463) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:809) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:673) at javax.naming.InitialContext.lookup(InitialContext.java:351) at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1333) Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) at java.security.AccessController.checkPermission(AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.ClassLoader.getParent(ClassLoader.java:1224) at org.jboss.util.loading.DelegatingClassLoader.loadClass(DelegatingClassLoader.java:92) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:242) at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:42) at javax.naming.spi.NamingManager.getObjectFactoryFromReference(NamingManager.java:129) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:302) at org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1438) at org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.java:1455)