users@glassfish.java.net

Re: security problem access denied

From: Siddharth Paralikar <s.paralikar_at_ncl.res.in>
Date: Wed, 22 Feb 2006 10:02:27 +0530

Thanks Amy for the blogs i could get my welcome page. I have given the
permissions as following

grant codeBase
"file:${com.sun.aas.installRoot}/domains/domain1/applications/j2ee-modules/biodiv/-"
{
    permission java.security.AllPermission;
};

grant codeBase
"file:${com.sun.aas.installRoot}/domains/domain1/generated/jsp/j2ee-modules/biodiv/-"
{
    permission java.security.AllPermission;
} ;

now when i give login and password it gives following error. I think
again it has to do with security.

Thanks

Siddharth

javax.servlet.ServletException
        javax.faces.webapp.FacesServlet.service(Unknown Source)
        sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        java.lang.reflect.Method.invoke(Method.java:585)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
        java.security.AccessController.doPrivileged(Native Method)
        javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
        org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
        org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:178)
        com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73)
        com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
        org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:223)
        com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:666)
        com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:573)
        com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:843)
        com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
        com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
        com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
        com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)

*root cause*

java.lang.NullPointerException
        org.ncl.backing.Login.login(Login.java:20)
        sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        java.lang.reflect.Method.invoke(Method.java:585)
        com.sun.el.parser.AstValue.invoke(AstValue.java:151)
        com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283)
        javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(Unknown Source)
        com.sun.faces.application.ActionListenerImpl.processAction(Unknown Source)
        javax.faces.component.UICommand.broadcast(Unknown Source)
        javax.faces.component.UIViewRoot.broadcastEvents(Unknown Source)
        javax.faces.component.UIViewRoot.processApplication(Unknown Source)
        com.sun.faces.lifecycle.InvokeApplicationPhase.execute(Unknown Source)
        com.sun.faces.lifecycle.LifecycleImpl.phase(Unknown Source)
        com.sun.faces.lifecycle.LifecycleImpl.execute(Unknown Source)
        javax.faces.webapp.FacesServlet.service(Unknown Source)
        sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        java.lang.reflect.Method.invoke(Method.java:585)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
        java.security.AccessController.doPrivileged(Native Method)
        javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
        org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
        org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:178)
        com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:73)
        com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
        org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:223)
        com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:666)
        com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:573)
        com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:843)
        com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
        com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
        com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
        com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)



Ken Paulsen wrote:
>
>
> As Amy mentioned below, you may want to check those blogs. The first
> one provides an easy way to turn off security. This will soon be the
> default experience in Glassfish, just as it is in JBoss, Tomcat, and
> many other containers. However, it will be very easy to re-enable a
> the security manager for Glassfish too to make it more secure.
>
> Good luck and please let us know if you find any other problems after
> disabling security (I don't expect that you will).
>
> Thanks!
>
> Ken
>
> Amy Roh wrote:
>
>> Siddharth Paralikar wrote:
>>
>>> I am trying to deploy my application WAR which is made using JSF,
>>> Spring and Hibernate. which is running in tomcat 5.5.9.
>>> Now it is giving following error. whether Spring and hibernate
>>> support is not there or is there any security settings i have to
>>> enable.
>>
>>
>>>
>>> I will try to make this application later with JSF and EJB3.
>>>
>>> thanks
>>>
>>> Siddharth
>>>
>>> *type* Exception report
>>>
>>> *message*
>>>
>>> *description* _The server encountered an internal error () that
>>> prevented it from fulfilling this request._
>>>
>>> *exception*
>>>
>>> javax.servlet.ServletException: access denied
>>> (java.lang.RuntimePermission getProtectionDomain)
>>
>>
>> Looks like your webapp doesn't have necessary security permission.
>> Some helpful blogs regarding security manager on GlassFish -
>>
>> http://blogs.sun.com/roller/page/paulsen?entry=configuring_the_security_manager_in
>>
>>
>> http://blogs.sun.com/roller/page/vkraemer?entry=equinox_hibernate_spring_glassfish
>>
>>
>> hth,
>> Amy
>>
>>> javax.faces.webapp.FacesServlet.service(Unknown Source)
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>
>>>
>>> *root cause*
>>>
>>> java.security.AccessControlException: access denied
>>> (java.lang.RuntimePermission getProtectionDomain)
>>>
>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
>>>
>>>
>>> java.security.AccessController.checkPermission(AccessController.java:427)
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> *****************************************************************
> This email is virus free by TrendMicro Inter Scan Security Suite.
> *****************************************************************
>
>