8 Replies Latest reply on Nov 18, 2008 5:44 PM by Anil Saldanha

    Naming lookup needs a getClassloader permission

    Anil Saldanha Master

      Scott, from the following stacktrace, we see that the JNP layer needs to have a "getClassloader" permission. Should a privileged operation go in naming? If not, user applications who do any JNDI lookup will need to be assigned the "getClassloader" perm.

      EJBException:; nested exception is: javax.ejb.EJBException: javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Could not dereference object [Root exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)]]
      
      java.rmi.ServerException: EJBException:; nested exception is:
       javax.ejb.EJBException: javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Could not dereference object [Root exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)]]
       at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:365)
       at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:209)
       at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
       at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
       at org.jboss.ejb.Container.invoke(Container.java:1029)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
       at org.jboss.invocation.unified.server.UnifiedInvoker.invoke(UnifiedInvoker.java:232)
       at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908)
       at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:742)
       at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:695)
       at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:549)
       at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:230)
      Caused by: javax.ejb.EJBException: javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Could not dereference object [Root exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)]]
       at org.jboss.test.cmp2.audit.beans.AuditSessionBean.createCheck(AuditSessionBean.java:408)
       at org.jboss.test.cmp2.audit.beans.AuditSessionBean.createAuditMappedCheck(AuditSessionBean.java:330)
       at org.jboss.invocation.Invocation.performCall(Invocation.java:386)
       at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:228)
       at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:156)
       at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:173)
       at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
       at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
       at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
       at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
       at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228)
       at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211)
       at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:97)
       at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java:81)
       at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
       at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
       at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
       at org.jboss.ejb.Container.invoke(Container.java:1029)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
       at org.jboss.invocation.unified.server.UnifiedInvoker.invoke(UnifiedInvoker.java:232)
       at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908)
       at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:742)
       at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:695)
       at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:549)
       at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:230)
       at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:206)
       at org.jboss.remoting.Client.invoke(Client.java:1708)
       at org.jboss.remoting.Client.invoke(Client.java:612)
       at org.jboss.invocation.unified.interfaces.UnifiedInvokerProxy.invoke(UnifiedInvokerProxy.java:184)
       at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:365)
       at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:197)
       at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
       at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:87)
       at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
       at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:101)
       at $Proxy3.createAuditMappedCheck(Unknown Source)
       at org.jboss.test.cmp2.audit.test.AuditUnitTestCase.testUpdateAuditMappedChangedFields(AuditUnitTestCase.java:170)
       at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
       at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
       at junit.extensions.TestSetup.run(TestSetup.java:25)
      Caused by: javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Could not dereference object [Root exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)]]
       at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1339)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:804)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:820)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:673)
       at javax.naming.InitialContext.lookup(InitialContext.java:351)
       at org.jboss.test.cmp2.audit.beans.AuditSessionBean.getDataSource(AuditSessionBean.java:539)
       at org.jboss.test.cmp2.audit.beans.AuditSessionBean.getAuditData(AuditSessionBean.java:454)
       at org.jboss.test.cmp2.audit.beans.AuditSessionBean.createCheck(AuditSessionBean.java:398)
       at org.jboss.test.cmp2.audit.beans.AuditSessionBean.createAuditMappedCheck(AuditSessionBean.java:330)
       at org.jboss.invocation.Invocation.performCall(Invocation.java:386)
       at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:228)
       at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:156)
       at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:173)
       at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
       at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
       at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
       at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
       at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:228)
       at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:211)
       at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:97)
       at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invoke(PreSecurityInterceptor.java:81)
       at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
       at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
       at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:650)
       at org.jboss.ejb.Container.invoke(Container.java:1029)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
       at org.jboss.invocation.unified.server.UnifiedInvoker.invoke(UnifiedInvoker.java:232)
       at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908)
       at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:742)
       at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:695)
       at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:549)
       at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:230)
      Caused by: javax.naming.NamingException: Could not dereference object [Root exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)]
       at org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.java:1463)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:809)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:673)
       at javax.naming.InitialContext.lookup(InitialContext.java:351)
       at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1333)
      Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
       at java.security.AccessController.checkPermission(AccessController.java:427)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.ClassLoader.getParent(ClassLoader.java:1224)
       at org.jboss.util.loading.DelegatingClassLoader.loadClass(DelegatingClassLoader.java:92)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
       at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
       at java.lang.Class.forName0(Native Method)
       at java.lang.Class.forName(Class.java:242)
       at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:42)
       at javax.naming.spi.NamingManager.getObjectFactoryFromReference(NamingManager.java:129)
       at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:302)
       at org.jnp.interfaces.NamingContext.getObjectInstance(NamingContext.java:1438)
       at org.jnp.interfaces.NamingContext.getObjectInstanceWrapFailure(NamingContext.java:1455)