Встроенный Jetty с политиками безопасности Java

Я использую встроенный причал. Мое приложение загружает внешнюю войну. Я хочу ограничить возможности загружаемого веб-приложения, поэтому я применил политику безопасности Java. Теперь мое приложение запускается, но когда я пытаюсь запустить развернутое веб-приложение, оно падает. Война извлекается в $JETTY_HOME/temp/${webapp}/webapp/

политика

grant codeBase "file:${jetty.appserver.homeDirectory}/app/-" {
    permission java.security.AllPermission; 

};

grant codeBase "file:${jetty.appserver.homeDirectory}/temp/-" {
    permission java.io.FilePermission "file:${jetty.appserver.homeDirectory}/temp/-", "read";
};

grant { 
    permission java.net.SocketPermission "*", "accept,resolve";
    permission java.io.FilePermission "${java.home}${/}-", "read";
    permission java.io.FilePermission "${jetty.appserver.homeDirectory}${/}-", "read";
    permission java.io.FilePermission "file:${jetty.appserver.homeDirectory}/temp/-", "read";
    permission java.io.FilePermission "/usr/lib/jvm/jdk1.6.0_25/lib/tools.jar", "read";
    permission java.util.PropertyPermission "*", "read";
    permission java.lang.RuntimePermission "getClassLoader";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*";

    permission java.lang.RuntimePermission "org.springframework.*";
};

исключение

    2012-12-18 17:12:13.191: org.springframework.web.servlet.DispatcherServlet ERROR - Context initialization failed
java.lang.UnsupportedOperationException
    at org.springframework.core.env.ReadOnlySystemAttributesMap.keySet(ReadOnlySystemAttributesMap.java:88)
    at org.springframework.core.env.MapPropertySource.getPropertyNames(MapPropertySource.java:41)
    at org.springframework.core.env.EnumerablePropertySource.containsProperty(EnumerablePropertySource.java:70)
    at org.springframework.core.env.SystemEnvironmentPropertySource.resolvePropertyName(SystemEnvironmentPropertySource.java:109)
    at org.springframework.core.env.SystemEnvironmentPropertySource.getProperty(SystemEnvironmentPropertySource.java:90)
    at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:73)
    at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:59)
    at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:414)
    at org.springframework.core.env.AbstractEnvironment.doGetActiveProfiles(AbstractEnvironment.java:235)
    at org.springframework.core.env.AbstractEnvironment.getActiveProfiles(AbstractEnvironment.java:222)
    at org.springframework.core.env.AbstractEnvironment.merge(AbstractEnvironment.java:396)
    at org.springframework.context.support.AbstractApplicationContext.setParent(AbstractApplicationContext.java:392)
    at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:585)
    at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
    at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
    at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
    at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
    at javax.servlet.GenericServlet.init(GenericServlet.java:241)
    at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:463)
    at org.eclipse.jetty.servlet.ServletHolder.doStart(ServletHolder.java:283)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
    at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:770)
    at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
    at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1214)
    at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:676)
    at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:455)
    at mycompany.application.transport.jetty.appserver.WebAppContextWrapper.doStart(WebAppContextWrapper.java:64)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.startHandler(JettyAppServer.java:272)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:202)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:137)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
    at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
    at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
    at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360)
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
    at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
    at sun.rmi.transport.Transport$1.run(Transport.java:159)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)
2012-12-18 17:12:13.192: /b WARN - unavailable
java.lang.UnsupportedOperationException
    at org.springframework.core.env.ReadOnlySystemAttributesMap.keySet(ReadOnlySystemAttributesMap.java:88)
    at org.springframework.core.env.MapPropertySource.getPropertyNames(MapPropertySource.java:41)
    at org.springframework.core.env.EnumerablePropertySource.containsProperty(EnumerablePropertySource.java:70)
    at org.springframework.core.env.SystemEnvironmentPropertySource.resolvePropertyName(SystemEnvironmentPropertySource.java:109)
    at org.springframework.core.env.SystemEnvironmentPropertySource.getProperty(SystemEnvironmentPropertySource.java:90)
    at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:73)
    at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:59)
    at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:414)
    at org.springframework.core.env.AbstractEnvironment.doGetActiveProfiles(AbstractEnvironment.java:235)
    at org.springframework.core.env.AbstractEnvironment.getActiveProfiles(AbstractEnvironment.java:222)
    at org.springframework.core.env.AbstractEnvironment.merge(AbstractEnvironment.java:396)
    at org.springframework.context.support.AbstractApplicationContext.setParent(AbstractApplicationContext.java:392)
    at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:585)
    at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
    at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
    at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
    at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
    at javax.servlet.GenericServlet.init(GenericServlet.java:241)
    at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:463)
    at org.eclipse.jetty.servlet.ServletHolder.doStart(ServletHolder.java:283)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
    at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:770)
    at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
    at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1214)
    at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:676)
    at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:455)
    at mycompany.application.transport.jetty.appserver.WebAppContextWrapper.doStart(WebAppContextWrapper.java:64)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.startHandler(JettyAppServer.java:272)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:202)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:137)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
    at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
    at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
    at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360)
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
    at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
    at sun.rmi.transport.Transport$1.run(Transport.java:159)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)

2 ответа

Решение

Спасибо за ваши ответы, однако я решил эту ошибку после осмотра.

Исключение генерируется, потому что Spring не может прочитать свойства среды jvm, которые не видны напрямую в этом исключении. Но как только вы добавите следующее разрешение:

permission java.lang.RuntimePermission "getenv.*";

Это исправит вышеуказанную ошибку.

В версии Spring 3.1 вы должны добавить эти параметры контекста в ваш web.xml чтобы начать с включенным менеджером безопасности.

<context-param>
   <param-name>spring.profiles.default</param-name>
   <param-value>default</param-value>
</context-param>
<context-param>
   <param-name>spring.profiles.active</param-name>
   <param-value>default</param-value>
</context-param>
Другие вопросы по тегам