users@jersey.java.net

Re: [Jersey] "access denied" for Jersey JARs

From: Paul Sandoz <Paul.Sandoz_at_Sun.COM>
Date: Fri, 20 Nov 2009 10:35:57 +0100

On Nov 19, 2009, at 8:10 PM, Arun Gupta wrote:

> Hey Paul,
>
> Jersey 1.1.2-ea is the version as part of jar name. I'm signing all
> the jars bundled with the application, here is the complete list:
>
> activation.jar jaxb-xjc.jar
> asm-3.1.jar jersey-client-1.1.2-ea.jar
> commons-beanutils-1.8.0.jar jersey-core-1.1.2-ea.jar
> commons-collections-3.2.1.jar jersey-json-1.1.2-ea.jar
> commons-lang-2.4.jar jersey-server-1.1.2-ea.jar
> commons-logging-1.1.1.jar jersey-spring-1.1.2-ea.jar
> ezmorph-1.0.6.jar jettison-1.1.jar
> grizzly-servlet-webserver-1.9.9.jar json-lib-2.3-jdk15.jar
> jackson-core-asl-1.1.1.jar jsr173_api.jar
> jaxb-api.jar jsr311-api.jar
> jaxb-impl.jar
>
> The jars are signed using the following script:
>
> -- cut here --
> keytool -genkey -alias jfx -dname "CN=Arun Gupta, O=Sun Microsystems
> Inc." -validity 9999 -keystore jfx.keystore -keypass $KEY_PASS -
> storepass $STORE_PASS
> for jar in `find . -name "*.jar"`
> do
> echo "Signing $jar ..."
> jarsigner -keystore jfx.keystore -verbose -keypass $KEY_PASS -
> storepass $STORE_PASS $jar jfx
> done
> -- cut here --
>
> What could possibly be wrong ?
>

I am not sure as i do not have much experience in this area.

The error is occurring in the following code:

     private Object getFieldValue(final Object resource, final Field
f) {
         return AccessController.doPrivileged(new
PrivilegedAction<Object>() {
             public Object run() {
                 try {
                     if (!f.isAccessible()) {
                         f.setAccessible(true); // <---- access denied
                     }
                     return f.get(resource);
                 } catch (IllegalAccessException ex) {
                     throw new RuntimeException(ex);
                 }
             }
         });
     }

So i am guessing permissions have not been correctly granted?

Paul.

> -Arun
>
> Paul Sandoz wrote:
>> Hi Arun.
>> What version of Jersey are you using? What jersey jars have you
>> signed?
>> Are you getting any other AccessControlException other than the
>> ones you have presented?
>> All i can guess is that the jars are not correctly signed.
>> Paul.
>> On Nov 17, 2009, at 9:40 PM, Arun Gupta wrote:
>>> I'm signing and bundling jsr311-api.jar and other Jersey jars as
>>> part of a JavaFX JNLP application. The permissions are explicitly
>>> set to:
>>>
>>> <security>
>>> <all-permissions/>
>>> </security>
>>>
>>> Even then loading the JNLP throws "access denied" error with the
>>> following traces.
>>>
>>> Any suggestions on what might be causing this error ?
>>>
>>>
>>> Reading certificates from 11 http://blogs.sun.com/arungupta/resource/glassfish/jsr311-api.jar
>>> | /Users/arungupta/Library/Caches/Java/cache/6.0/39/
>>> bc906e7-554b6fd1.idx
>>> Nov 17, 2009 12:36:09 PM
>>> com.sun.jersey.core.spi.component.ProviderFactory
>>> __getComponentProvider
>>> SEVERE: The provider class, class
>>> com.sun.jersey.core.impl.provider.xml.SAXParserContextProvider,
>>> could not be instantiated. Processing will continue but the class
>>> will not be utilized
>>> java.security.AccessControlException: access denied
>>> (java.lang.reflect.ReflectPermission suppressAccessChecks)
>>> at
>>> java
>>> .security
>>> .AccessControlContext.checkPermission(AccessControlContext.java:264)
>>> at
>>> java
>>> .security.AccessController.checkPermission(AccessController.java:
>>> 427)
>>> at
>>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>> at
>>> java
>>> .lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:
>>> 107)
>>> at com.sun.jersey.core.spi.component.ComponentInjector
>>> $2.run(ComponentInjector.java:143)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component.ComponentInjector.getFieldValue(ComponentInjector.java:
>>> 139)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi.component.ComponentInjector.inject(ComponentInjector.java:84)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component
>>> .ComponentConstructor.getInstance(ComponentConstructor.java:141)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component
>>> .ProviderFactory.__getComponentProvider(ProviderFactory.java:159)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component
>>> .ProviderFactory.getComponentProvider(ProviderFactory.java:130)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi.component.ProviderServices.getComponent(ProviderServices.java:
>>> 190)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component
>>> .ProviderServices.getProvidersAndServices(ProviderServices.java:139)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .factory
>>> .InjectableProviderFactory
>>> .configure(InjectableProviderFactory.java:98)
>>> at com.sun.jersey.api.client.Client.<init>(Client.java:210)
>>>
>>>
>>>
>>> Nov 17, 2009 12:36:09 PM
>>> com.sun.jersey.core.spi.component.ProviderFactory
>>> __getComponentProvider
>>> SEVERE: The provider class, class
>>> com
>>> .sun.jersey.core.impl.provider.xml.XMLStreamReaderContextProvider,
>>> could not be instantiated. Processing will continue but the class
>>> will not be utilized
>>> java.security.AccessControlException: access denied
>>> (java.lang.reflect.ReflectPermission suppressAccessChecks)
>>> at
>>> java
>>> .security
>>> .AccessControlContext.checkPermission(AccessControlContext.java:264)
>>> at
>>> java
>>> .security.AccessController.checkPermission(AccessController.java:
>>> 427)
>>> at
>>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>> at
>>> java
>>> .lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:
>>> 107)
>>> at com.sun.jersey.core.spi.component.ComponentInjector
>>> $2.run(ComponentInjector.java:143)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component.ComponentInjector.getFieldValue(ComponentInjector.java:
>>> 139)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi.component.ComponentInjector.inject(ComponentInjector.java:84)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component
>>> .ComponentConstructor.getInstance(ComponentConstructor.java:141)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component
>>> .ProviderFactory.__getComponentProvider(ProviderFactory.java:159)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component
>>> .ProviderFactory.getComponentProvider(ProviderFactory.java:130)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi.component.ProviderServices.getComponent(ProviderServices.java:
>>> 190)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component
>>> .ProviderServices.getProvidersAndServices(ProviderServices.java:139)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .factory
>>> .InjectableProviderFactory
>>> .configure(InjectableProviderFactory.java:98)
>>> at com.sun.jersey.api.client.Client.<init>(Client.java:210)
>>> at com.sun.jersey.api.client.Client.<init>(Client.java:139)
>>>
>>>
>>> Nov 17, 2009 12:36:09 PM
>>> com.sun.jersey.core.spi.component.ProviderFactory
>>> __getComponentProvider
>>> SEVERE: The provider class, class
>>> com
>>> .sun.jersey.core.impl.provider.xml.DocumentBuilderFactoryProvider,
>>> could not be instantiated. Processing will continue but the class
>>> will not be utilized
>>> java.security.AccessControlException: access denied
>>> (java.lang.reflect.ReflectPermission suppressAccessChecks)
>>> at
>>> java
>>> .security
>>> .AccessControlContext.checkPermission(AccessControlContext.java:264)
>>> at
>>> java
>>> .security.AccessController.checkPermission(AccessController.java:
>>> 427)
>>> at
>>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>> at
>>> java
>>> .lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:
>>> 107)
>>> at com.sun.jersey.core.spi.component.ComponentInjector
>>> $2.run(ComponentInjector.java:143)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component.ComponentInjector.getFieldValue(ComponentInjector.java:
>>> 139)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi.component.ComponentInjector.inject(ComponentInjector.java:84)
>>>
>>>
>>> Nov 17, 2009 12:36:09 PM
>>> com.sun.jersey.core.spi.component.ProviderFactory
>>> __getComponentProvider
>>> SEVERE: The provider class, class
>>> com.sun.jersey.core.impl.provider.xml.TransformerFactoryProvider,
>>> could not be instantiated. Processing will continue but the class
>>> will not be utilized
>>> java.security.AccessControlException: access denied
>>> (java.lang.reflect.ReflectPermission suppressAccessChecks)
>>> at
>>> java
>>> .security
>>> .AccessControlContext.checkPermission(AccessControlContext.java:264)
>>> at
>>> java
>>> .security.AccessController.checkPermission(AccessController.java:
>>> 427)
>>> at
>>> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>> at
>>> java
>>> .lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:
>>> 107)
>>> at com.sun.jersey.core.spi.component.ComponentInjector
>>> $2.run(ComponentInjector.java:143)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component.ComponentInjector.getFieldValue(ComponentInjector.java:
>>> 139)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi.component.ComponentInjector.inject(ComponentInjector.java:84)
>>> at
>>> com
>>> .sun
>>> .jersey
>>> .core
>>> .spi
>>> .component
>>> .ComponentConstructor.getInstance(ComponentConstructor.java:141)
>>>
>>> Thanks,
>>> -Arun
>>>
>>> --
>>> Need Application Server ? Download from http://glassfish.org
>>> Blog: http://blog.arungupta.me
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
>> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
> --
> Need Application Server ? Download from http://glassfish.org
> Blog: http://blog.arungupta.me
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>