Встроенный Jetty с политиками безопасности Java
Я использую встроенный причал. Мое приложение загружает внешнюю войну. Я хочу ограничить возможности загружаемого веб-приложения, поэтому я применил политику безопасности Java. Теперь мое приложение запускается, но когда я пытаюсь запустить развернутое веб-приложение, оно падает. Война извлекается в $JETTY_HOME/temp/${webapp}/webapp/
политика
grant codeBase "file:${jetty.appserver.homeDirectory}/app/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${jetty.appserver.homeDirectory}/temp/-" {
permission java.io.FilePermission "file:${jetty.appserver.homeDirectory}/temp/-", "read";
};
grant {
permission java.net.SocketPermission "*", "accept,resolve";
permission java.io.FilePermission "${java.home}${/}-", "read";
permission java.io.FilePermission "${jetty.appserver.homeDirectory}${/}-", "read";
permission java.io.FilePermission "file:${jetty.appserver.homeDirectory}/temp/-", "read";
permission java.io.FilePermission "/usr/lib/jvm/jdk1.6.0_25/lib/tools.jar", "read";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*";
permission java.lang.RuntimePermission "org.springframework.*";
};
исключение
2012-12-18 17:12:13.191: org.springframework.web.servlet.DispatcherServlet ERROR - Context initialization failed
java.lang.UnsupportedOperationException
at org.springframework.core.env.ReadOnlySystemAttributesMap.keySet(ReadOnlySystemAttributesMap.java:88)
at org.springframework.core.env.MapPropertySource.getPropertyNames(MapPropertySource.java:41)
at org.springframework.core.env.EnumerablePropertySource.containsProperty(EnumerablePropertySource.java:70)
at org.springframework.core.env.SystemEnvironmentPropertySource.resolvePropertyName(SystemEnvironmentPropertySource.java:109)
at org.springframework.core.env.SystemEnvironmentPropertySource.getProperty(SystemEnvironmentPropertySource.java:90)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:73)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:59)
at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:414)
at org.springframework.core.env.AbstractEnvironment.doGetActiveProfiles(AbstractEnvironment.java:235)
at org.springframework.core.env.AbstractEnvironment.getActiveProfiles(AbstractEnvironment.java:222)
at org.springframework.core.env.AbstractEnvironment.merge(AbstractEnvironment.java:396)
at org.springframework.context.support.AbstractApplicationContext.setParent(AbstractApplicationContext.java:392)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:585)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
at javax.servlet.GenericServlet.init(GenericServlet.java:241)
at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:463)
at org.eclipse.jetty.servlet.ServletHolder.doStart(ServletHolder.java:283)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:770)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1214)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:676)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:455)
at mycompany.application.transport.jetty.appserver.WebAppContextWrapper.doStart(WebAppContextWrapper.java:64)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at mycompany.application.transport.jetty.appserver.JettyAppServer.startHandler(JettyAppServer.java:272)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:202)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:137)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
2012-12-18 17:12:13.192: /b WARN - unavailable
java.lang.UnsupportedOperationException
at org.springframework.core.env.ReadOnlySystemAttributesMap.keySet(ReadOnlySystemAttributesMap.java:88)
at org.springframework.core.env.MapPropertySource.getPropertyNames(MapPropertySource.java:41)
at org.springframework.core.env.EnumerablePropertySource.containsProperty(EnumerablePropertySource.java:70)
at org.springframework.core.env.SystemEnvironmentPropertySource.resolvePropertyName(SystemEnvironmentPropertySource.java:109)
at org.springframework.core.env.SystemEnvironmentPropertySource.getProperty(SystemEnvironmentPropertySource.java:90)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:73)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:59)
at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:414)
at org.springframework.core.env.AbstractEnvironment.doGetActiveProfiles(AbstractEnvironment.java:235)
at org.springframework.core.env.AbstractEnvironment.getActiveProfiles(AbstractEnvironment.java:222)
at org.springframework.core.env.AbstractEnvironment.merge(AbstractEnvironment.java:396)
at org.springframework.context.support.AbstractApplicationContext.setParent(AbstractApplicationContext.java:392)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:585)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
at javax.servlet.GenericServlet.init(GenericServlet.java:241)
at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:463)
at org.eclipse.jetty.servlet.ServletHolder.doStart(ServletHolder.java:283)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:770)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1214)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:676)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:455)
at mycompany.application.transport.jetty.appserver.WebAppContextWrapper.doStart(WebAppContextWrapper.java:64)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at mycompany.application.transport.jetty.appserver.JettyAppServer.startHandler(JettyAppServer.java:272)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:202)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:137)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
2 ответа
Спасибо за ваши ответы, однако я решил эту ошибку после осмотра.
Исключение генерируется, потому что Spring не может прочитать свойства среды jvm, которые не видны напрямую в этом исключении. Но как только вы добавите следующее разрешение:
permission java.lang.RuntimePermission "getenv.*";
Это исправит вышеуказанную ошибку.
В версии Spring 3.1 вы должны добавить эти параметры контекста в ваш web.xml
чтобы начать с включенным менеджером безопасности.
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>default</param-value>
</context-param>
<context-param>
<param-name>spring.profiles.active</param-name>
<param-value>default</param-value>
</context-param>