Ken's Java Blog

Ken Paulsen has been working for Sun Microsystems, Inc. since 1999. His primary focus has been on Web Application Frameworks, in fact, he has built a couple of his own (see the JSFTemplating Java.net project). Recently his interests have been centered around AJAX and JavaServer™ Faces, in particular how these technologies apply to the GlassFish Admin GUI. Ken is also a member of the JSF 2.0 Expert Group (JSR-314).


All | General | Glassfish | JavaServer Faces

Main | Use Java EE 5 Faster... »
Wednesday February 08, 2006 20060208 Configuring the Security Manager in GlassFish


Have you ever attempted to install an application on GlassFish, SJS Application Server, or another Java EE application server and run into an exception like this (Click here to skip this long stack trace):

javax.servlet.ServletException
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:313)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:178)
    java.security.AccessController.doPrivileged(Native Method)
    com.jivesoftware.util.SetResponseCharacterEncodingFilter.doFilter(SetResponseCharacterEncodingFilter.java:53)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:234)
    java.security.AccessController.doPrivileged(Native Method)
    com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
    com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:234)
    java.security.AccessController.doPrivileged(Native Method)
    com.jivesoftware.base.PresenceFilter.doFilter(PresenceFilter.java:113)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:234)
    java.security.AccessController.doPrivileged(Native Method)
    com.jivesoftware.util.SetRequestCharacterEncodingFilter.doFilter(SetRequestCharacterEncodingFilter.java:48)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:234)
    java.security.AccessController.doPrivileged(Native Method)
    com.jivesoftware.util.JiveSetupFilter.doFilter(JiveSetupFilter.java:44)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:234)

root cause

java.lang.ExceptionInInitializerError
    java.lang.Class.forName0(Native Method)
    java.lang.Class.forName(Class.java:164)
    com.jivesoftware.util.ClassUtils.loadNormalClass(ClassUtils.java:121)
    com.jivesoftware.util.ClassUtils.loadClass(ClassUtils.java:83)
    com.jivesoftware.util.ClassUtils.access$100(ClassUtils.java:37)
    com.jivesoftware.util.ClassUtils$JiveObjectFactory.getClassInstance(ClassUtils.java:245)
    com.opensymphony.xwork.ObjectFactory.buildBean(ObjectFactory.java:105)
    com.opensymphony.xwork.ObjectFactory.buildResult(ObjectFactory.java:159)
    com.opensymphony.xwork.DefaultActionInvocation.createResult(DefaultActionInvocation.java:147)
    com.opensymphony.xwork.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:255)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:182)
    com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.jivesoftware.forum.action.JiveExceptionInterceptor.intercept(JiveExceptionInterceptor.java:63)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.jivesoftware.base.action.JiveObjectLoaderInterceptor.intercept(JiveObjectLoaderInterceptor.java:56)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.opensymphony.webwork.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:71)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
    com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:164)
    com.opensymphony.xwork.DefaultActionProxy.execute(DefaultActionProxy.java:116)
    com.opensymphony.webwork.dispatcher.ServletDispatcher.serviceAction(ServletDispatcher.java:272)
    com.jivesoftware.base.util.JiveWebWorkServlet.service(JiveWebWorkServlet.java:64)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:822)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:178)
    java.security.AccessController.doPrivileged(Native Method)
    com.jivesoftware.util.SetResponseCharacterEncodingFilter.doFilter(SetResponseCharacterEncodingFilter.java:53)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:234)
    java.security.AccessController.doPrivileged(Native Method)
    com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
    com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:234)
    java.security.AccessController.doPrivileged(Native Method)
    com.jivesoftware.base.PresenceFilter.doFilter(PresenceFilter.java:113)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:234)
    java.security.AccessController.doPrivileged(Native Method)
    com.jivesoftware.util.SetRequestCharacterEncodingFilter.doFilter(SetRequestCharacterEncodingFilter.java:48)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:234)
    java.security.AccessController.doPrivileged(Native Method)
    com.jivesoftware.util.JiveSetupFilter.doFilter(JiveSetupFilter.java:44)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:585)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:262)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:295)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:234)
 
This is what happenned to me while I was attempting to try out Jive Forums from Jive Software.  Jive Forums provide (you guessed it!) forums, or message boards, in which a community can collaborate.  While evaluating several java-based Forum packages, I found Jive Forums to be significantly ahead of their competition -- if you need forum software, make sure you take a look at this package.

Anyway, back to the error.  This stack trace appeared in my web browser and wasn't particularly useful.  However, I am well trained to look in the server.log file to see if there is more information... and in this case there is.  So, Tip #1: look in the server.log file.  This can be accomplished by using your favorite text editor (open <glassfish-install-root>/domains/domain1/logs/server.log).  Or, you may use the admin GUI (http://localhost:4848 -- replace localhost & 4848 if necessary) to view the Logs.  Just Login and click on "Search Log Files."  A much more useful message in the log file shows:


[#|2006-02-07T09:11:31.124-0800|INFO|sun-appserver-pe9.0|javax.enterprise.system.core.security|_ThreadID=11;_ThreadName=httpWorkerThread-8080-2;_ApplicationName=URI:/jive/index.jspa;|JACC Policy Provider: PolicyWrapper.implies, context(jive__jive)- permission((ognl.OgnlInvokePermission invoke.com.jivesoftware.base.action.ConditionalInterceptor.setDisallow)) domain that failed(ProtectionDomain  (file:/glassfish/pe/publish/glassfish/domains/domain1/applications/j2ee-modules/jive/WEB-INF/lib/webwork.jar <no signer certificates>;)
 WebappClassLoader

  delegate: true

  repositories:

    /WEB-INF/classes/

----------> Parent Classloader:

EJBClassLoader :
urlSet = []
doneCalled = false
 Parent -> java.net.URLClassLoader@1386918
 
This message indicates that permission "ognl.OgnlInvokePermission" is needed for webwork.jar.

So why does this deploy and run without errors on some other Java EE Servers, but GlassFish complains?  Answer: GlassFish is much more security conscious.  The GlassFish server uses a security manager to protect your machine from the apps (and more importantly from the users of those applications).  However, this means you need to configure security when you need to relax the permissions so that certain pieces of functionality work (as in this case).  It is worth noting that GlassFish can run without a security manager (just like Tomcat, JBoss and other JavaEE application servers) by simply removing the following line from the domain.xml file:


-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy


However, while this is possible (and is the quickest way to solve this exception)... consider the security risks you may be introducing!  You will have to evaluate what your security requirements are and whether you can afford to take that risk.  You've been warned. ;)

Now lets look at a couple other ways to address this:

1) Turn off security for a single application

2) Grant permission to a single jar file

Both of these options involve editing the "server.policy" file, or the "generated/policy/<application-name>/granted.policy".  Beware that if you redeploy, the granted.policy file will be overwritten.  However, the granted.policy file is more efficient because the changes you make will only apply to the single application.  Changes to the global server.policy will apply to all applications.

When editing these files, you may choose to use a text editor... or the J2SE "policytool" (swing based gui).  Here is an example server.policy entry that grants all permissions to webwork.jar:

grant codeBase "file:${com.sun.aas.installRoot}/domains/domain1/applications/j2ee-modules/jive/WEB-INF/lib/webwork.jar" {
        permission java.security.AllPermission;
};
This will solve the exception above.  After making this change you will have to restart the server.

Depending on the package you are configuring, you may find (as I did while getting Jive to run) that several of the .jar files require additional security settings.  You may choose to use a "wildcard" to match all paths / files, and turn off security for the whole application:


grant codeBase "file:${com.sun.aas.installRoot}/domains/domain1/applications/j2ee-modules/jive/-" {
        permission java.security.AllPermission;
};
grant codeBase "file:${com.sun.aas.installRoot}/domains/domain1/generated/jsp/j2ee-modules/jive/-" {
        permission java.security.AllPermission;
};
The above 2 grant statements will give all the permissions Jive needs to run on GlassFish (and more).  The '-' character at the end will match any file in the "jive" directory or a subdirectory.  While this approach doesn't expose your whole server, it does open security for this application wide open.

You may want to experiment and grant only the specific settings that are required by the application -- I was only evaluating Jive and got too lazy to configure it for a secure deployment scenario.

These same techniques apply to any software package (including WebWork and OpenSymphony, which are used by Jive Forums).

If you made it all the way to the bottom of this blog, please take the time to post a comment about your opinion as to how important a security manager is to you and your applications.

Thanks!

Ken

Posted by Ken Paulsen ( Feb 08 2006, 05:21:02 AM PST ) Permalink Comments [3]

Trackback URL: http://blogs.sun.com/paulsen/entry/configuring_the_security_manager_in
Comments:

I am surprised that the folks at Jive don't sign the jars that they are selling to people. That seems like a reasonable thing to do. I ran into similar issues with Equinox, which is based on Spring and Hibernate. I was a little less forgiving with my permission grants, so I could see just how tight the GlassFish policy really is. Folks can look at http://blogs.sun.com/roller/page/vkraemer?entry=equinox_hibernate_spring_glassfish to see "my story".

Posted by vince kraemer on February 08, 2006 at 07:48 AM PST #

Vince, Definitely: we're looking at signing our jars to make things like this easier. Cheers, --Bill

Posted by Bill Lynch on February 21, 2006 at 04:46 PM PST #

I am using jdk1.5 and tomcat 5.0.24.hile accessing one of the java file methods from javascript method
(eg.window.opener.document.mainapp.mainpanel.obstacleInsert(str); )
I am getting below error in java console:-

java.lang.Exception: java.lang.ClassCastException: MainPanel
at sun.plugin.com.DispatchImpl.invokeImpl(Unknown Source)
at sun.plugin.com.DispatchImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.com.DispatchImpl.invoke(Unknown Source)

Can you please suggest me how to resolve this?

Regards,
Jitendra

Posted by jitendra singh bhati on December 11, 2008 at 12:18 AM PST #

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

Today's Page Hits: 45