Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Intelligence (Analytics)
Java 2 security WebSphere 7 AccessControlException in OSGILauncher
idp
Java 2 security WebSphere 7 AccessControlException in OSGILauncher<br />
<br />
On startup of a WebSphere application containing BIRT with Java 2 security enabled AccessControlExceptions occur.<br />
<br />
<br />
config.ini contains an entry for eclipse.security as follows. <br />
eclipse.security=java.security.Policy<br />
<br />
The behaviour of the application does not change for different values for eclipse.security. <br />
A different AccessControlException occurs if it does not exist in this file<br />
<br />
<br />
was.policy contents for the webComponent section includes<br />
<strong class='bbc'>permission java.security.SecurityPermission "setPolicy";</strong><br />
<br />
<br />
The application logs include the following stacktrace:<br />
<br />
[11/22/11 10:55:20:432 GMT] 0000000a SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Refer to the InfoCenter for further information.<br />
<br />
Permission:<br />
<br />
setPolicy : Access denied (<strong class='bbc'>java.security.SecurityPermission setPolicy</strong>)<br />
<br />
<br />
Code:<br />
<br />
org.eclipse.birt.core.framework.osgi.OSGILauncher in {file:/var/WebSphere7/profiles/Dev1Profile/installedApps/Dev1Cell/example.ear/example.war/WEB-INF/lib/core-api-2.6.0.jar}<br />
<br />
<br />
<br />
Stack Trace:<br />
<br />
java.security.AccessControlException: Access denied (java.security.SecurityPermission setPolicy)<br />
at java.security.AccessController.checkPermission(AccessController.java:108)<br />
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)<br />
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:206)<br />
at java.security.Policy.checkSecurityPermission(Policy.java:245)<br />
at java.security.Policy.setPolicy(Policy.java:537)<br />
at org.eclipse.birt.core.framework.osgi.OSGILauncher.setupSecurityPolicy(OSGILauncher.java:725)<br />
at org.eclipse.birt.core.framework.osgi.OSGILauncher.doStartup(OSGILauncher.java:163)<br />
at org.eclipse.birt.core.framework.osgi.OSGILauncher.access$0(OSGILauncher.java:94)<br />
at org.eclipse.birt.core.framework.osgi.OSGILauncher$1.run(OSGILauncher.java:79)<br />
at java.security.AccessController.doPrivileged(AccessController.java:251)<br />
at org.eclipse.birt.core.framework.osgi.OSGILauncher.startup(OSGILauncher.java:75)<br />
at org.eclipse.birt.core.framework.Platform.startup(Platform.java:79)<br />
at com.example.reporting.engine.ReportGenerator.<init>(ReportGenerator.java:103)<br />
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)<br />
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:56)<br />
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:39)<br />
<br />
<br />
2011-11-22 10:55:20,538 [Reporting] SEVERE The BIRT Report Platform threw an error: Can not startup the OSGI framework<br />
2011-11-22 10:55:20,539 [Reporting] FINER THROW org.eclipse.birt.core.exception.BirtException: Can not startup the OSGI framework<br />
at org.eclipse.birt.core.framework.Platform.startup(Platform.java:91)<br />
at com.example.reporting.engine.ReportGenerator.<init>(ReportGenerator.java:103)<br />
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)<br />
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:56)<br />
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:39)<br />
at java.lang.reflect.Constructor.newInstance(Constructor.java:527)<br />
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)<br />
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:87)<br />
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:248)<br />
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:925)<br />
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:835)<br />
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)<br />
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)<br />
at java.security.AccessController.doPrivileged(AccessController.java:224)<br />
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)<br />
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)<br />
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:206)<br />
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)<br />
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)<br />
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)<br />
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)<br />
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)<br />
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:479)<br />
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:162)<br />
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:925)<br />
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:835)<br />
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)<br />
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)<br />
at java.security.AccessController.doPrivileged(AccessController.java:224)<br />
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)<br />
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)<br />
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:206)<br />
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)<br />
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)<br />
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)<br />
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)<br />
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)<br />
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)<br />
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255)<br />
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)<br />
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)<br />
at com.ibm.ws.webcontainer.webapp.WebApp.notifyServletContextCreated(WebApp.java:1707)<br />
at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinish(WebApp.java:380)<br />
at com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize(WebAppImpl.java:299)<br />
at com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication(WebGroupImpl.java:100)<br />
at com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication(VirtualHostImpl.java:166)<br />
at com.ibm.ws.webcontainer.WSWebContainer.addWebApp(WSWebContainer.java:731)<br />
at com.ibm.ws.webcontainer.WSWebContainer.addWebApplication(WSWebContainer.java:616)<br />
at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:376)<br />
at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:668)<br />
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1123)<br />
at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1319)<br />
at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:610)<br />
at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:944)<br />
at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:726)<br />
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:2048)<br />
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:441)<br />
at com.ibm.ws.runtime.component.CompositionUnitImpl.start(CompositionUnitImpl.java:123)<br />
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:384)<br />
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.access$300(CompositionUnitMgrImpl.java:112)<br />
at com.ibm.ws.runtime.component.CompositionUnitMgrImpl$CUInitializer.run(CompositionUnitMgrImpl.java:951)<br />
at com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run(WsComponentImpl.java:349)<br />
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1604)<br />
Caused by: org.eclipse.birt.core.exception.CoreException: org.eclipse.birt.core.framework.FrameworkException: Can not start up OSGI - Access denied (java.security.SecurityPermission setPolicy)<br />
at org.eclipse.birt.core.framework.osgi.OSGILauncher.startup(OSGILauncher.java:90)<br />
at org.eclipse.birt.core.framework.Platform.startup(Platform.java:79)<br />
... 62 more<br />
<br />
<br />
Adding <br />
permission java.security.AllPermission;<br />
to the webComponent section of was.policy allows the application to start successfully.<br />
<br />
This implies that the permission java.security.SecurityPermission "setPolicy"; entry in was.policy was ignored but that permission java.security.AllPermission; worked.<br />
<br />
Can anyone explain this behaviour?<br />
<br />
What are the correct values for config.ini to allow deployment of a web application which includes BIRT to be deployed in WebSphere 7 with Java 2 security enabled and a was.policy with fine grained security permissions?<br />
<br />
Thanks<br />
<br />
Ian
Find more posts tagged with
Comments
JasonW
have you read over this bugzilla entry?
https://bugs.eclipse.org/bugs/show_bug.cgi?id=182161
Jason
idp
Jason
Thanks for the reply. I have looked at the bugzilla entry. These links were also useful
http://log.illsley.org/2010/11/29/osgi-java-security-manager-and-keeping-things-simple/
http://publib.boulder.ibm.com/infocenter/wasinfo/fep/index.jsp?topic=/com.ibm.websphere.osgifep.multiplatform.doc/topics/ca_java2sec.html
http://publib.boulder.ibm.com/infocenter/wasinfo/fep/index.jsp?topic=/com.ibm.websphere.osgifep.multiplatform.doc/topics/thread_ta_dev_deployapp.html
This looks like an OSGI/WAS permissions issue. AllPermission is not accepted for a production deployment.
I am going to restructure the deployment to use an EBA asset and grant permissions through permission.perm in OSGI-INF
Thanks for your help
Regards
Ian
JasonW
Ian,
It would be great if an update on how that approach works when you finish.
Jason
