This content has been marked as final.
Show 4 replies
-
1. Re: Enabling Security Manager in Glassfish v3 Final
nickarls Dec 13, 2009 12:30 PM (in response to cory_prowse)Could be, please post the full stack trace.
I noticed the issue is open and the patch unapplied so I guess the issue has not gone away by itself. I'll talk to Pete when he gets back in case he has some Grand Scheme regarding security control for reflection operations (as he hints in the JIRA comments)
-
2. Re: Enabling Security Manager in Glassfish v3 Final
cory_prowse Dec 17, 2009 3:28 AM (in response to cory_prowse)No problem, here is the code in question is:
@Resource private javax.ejb.EJBContext currentEjbContext; public boolean isInRoleAdmin() { return currentEjbContext.isCallerInRole("admin"); }
The full stacktrace is:
java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107) at org.jboss.weld.util.Reflections.lookupMethod(Reflections.java:646) at org.jboss.weld.util.Reflections.lookupMethod(Reflections.java:623) at org.jboss.weld.util.Reflections.lookupMethod(Reflections.java:605) at org.jboss.weld.bean.proxy.ClientProxyMethodHandler.invoke(ClientProxyMethodHandler.java:113) at au.projectx.UserBean_$$_javassist_19.isInRoleAdmin(UserBean_$$_javassist_19.java) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.el.BeanELResolver.getValue(BeanELResolver.java:302) at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:175) at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72) at com.sun.el.parser.AstValue.getValue(AstValue.java:116) at com.sun.el.parser.AstValue.getValue(AstValue.java:163) at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:219) at org.jboss.weld.el.WeldValueExpression.getValue(WeldValueExpression.java:71) at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:102) at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:190) at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:416) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1607) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1616) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1616) at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:380) at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:126) at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:273) at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:127) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:313) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:319) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:352) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:209) at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1516) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97) at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185) at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:332) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:233) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165) at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791) at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693) at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954) at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170) at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88) at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76) at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53) at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57) at com.sun.grizzly.ContextTask.run(ContextTask.java:69) at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330) at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309) at java.lang.Thread.run(Thread.java:637)
-
3. Re: Enabling Security Manager in Glassfish v3 Final
nickarls Dec 17, 2009 7:36 AM (in response to cory_prowse)Yep, I'm working on WELD-32
-
4. Re: Enabling Security Manager in Glassfish v3 Final
pmuir Jan 21, 2010 7:44 PM (in response to cory_prowse)Cory, please make sure to vote for the issue so we can judge interest...