Ken C.,
Is the check within the ORB on these permissions
permission com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission "access";
permission java.lang.RuntimePermission "accessDeclaredMembers";
something new (note that this is in 9.1.1) or has this problem just
eluded our testing for a long time?
- Tim
dkoper_at_dev.java.net wrote:
> https://glassfish.dev.java.net/issues/show_bug.cgi?id=9166
> Issue #|9166
> Summary|error when running EJB client in ACC with security man
> |ager on
> Component|glassfish
> Version|9.1.1
> Platform|All
> OS/Version|All
> URL|
> Status|UNCONFIRMED
> Status whiteboard|
> Keywords|
> Resolution|
> Issue type|DEFECT
> Priority|P3
> Subcomponent|standalone_client
> Assigned to|tjquinn
> Reported by|dkoper
>
>
>
>
>
>
> ------- Additional comments from dkoper_at_dev.java.net Wed Aug 19 07:18:41 +0000 2009 -------
> When I run an EJB client in the ACC with the security manager enabled, I
> get an 'access denied' error message on GFv2.1:
>
> D:\GFv2.1\glassfish-v2.1-b60e\glassfish>bin\appclient -client
> ExitTestAppClientClient.jar
> 02/06/2009 10:44:00 AM com.sun.corba.ee.impl.util.Utility loadStub
> WARNING: "IOP01211405: (BAD_OPERATION) Exception in loadStub"
> org.omg.CORBA.BAD_OPERATION: vmcid: SUN minor code: 1405 completed: No
> at
> com.sun.corba.ee.impl.logging.UtilSystemException.exceptionInLoadStub(UtilSystemException.java:179)
> at
> com.sun.corba.ee.impl.logging.UtilSystemException.exceptionInLoadStub(UtilSystemException.java:197)
> at com.sun.corba.ee.impl.util.Utility.loadStub(Utility.java:856)
> [...]
> at
> com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:407)
> at javax.naming.InitialContext.lookup(InitialContext.java:392)
> at ejb30.Client.main(Client.java:14)
> [...]
> Caused by: java.security.AccessControlException: access denied
> (com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access)
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
> at
> java.security.AccessController.checkPermission(AccessController.java:546)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at
> com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.<init>(StubInvocationHandlerImpl.java:105)
> at
> com.sun.corba.ee.impl.presentation.rmi.bcel.StubFactoryBCELImpl.makeStub(StubFactoryBCELImpl.java:171)
> at com.sun.corba.ee.impl.util.Utility.loadStub(Utility.java:852)
>
> When I add the following privileges to the grant block in
> glassfish/lib/appclient.policy, the client can successfully access the
> deployed EJB.
>
> permission
> com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission "access";
> permission java.lang.RuntimePermission "accessDeclaredMembers";
>
> The client application was trying to do a JNDI lookup:
>
> Context gfic = new InitialContext();
> ejb30.ExitTestRemote bean =
> (ejb30.ExitTestRemote)gfic.lookup("java:comp/env/ejb/ExitTestBean");
>
> Shouldn't we have these privileges enabled in GlassFish by default?
>