Я пытаюсь присоединиться к Java Security Manager, чтобы проектировать с помощью SpringSecurity (SS). У меня есть цель: мой проект работает с SS и имеет источник данных (база данных db2) в качестве менеджера аутентификации. Я добавил ScriptManager (ScriptEngine) в проект. Сейчас я пытаюсь настроить безопасность проекта, что отрицают ненадежный код. Я использую NetBeans и в свойствах Tomcat (6.0.20) настройку «Использование Security Manager». Затем я отредактировал {catalina.base} /conf/catalina.police. Я добавил следующие «гранты»:
grant codeBase "file:${catalina.base}/webapps/myapp/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/lib/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/classes/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/work/Catalina/localhost/myapp/" {
permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtim e";
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
grant codeBase "file:${catalina.base}/webapps/myapp/-" {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.reflect.ReflectPermission "accessDeclaredMembers";
permission java.io.FilePermission "${catalina.home}${file.separator}myapp${file.sepa rator}*", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "*";
permission java.util.PropertyPermission "*", "read";
};
А теперь проблема. Когда я запускаю свой код в отладчике, я получаю следующую ошибку:
07.12.2010 2:06:02 org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
07.12.2010 2:06:04 org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListe ner
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.http.UserDeta ilsServiceInjectionBeanPostProcessor#0': Initialization of bean failed; nested exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
.................................................
и вытащить:
Using CATALINA_BASE: /home/user/.netbeans/6.8/apache-tomcat-6.0.20_base
Using CATALINA_HOME: /usr/local/apache-tomcat-6.0.20
Using CATALINA_TMPDIR: /home/user/.netbeans/6.8/apache-tomcat-6.0.20_base/temp
Using JRE_HOME: /usr/lib/jvm/java
Using Security Manager
Listening for transport dt_socket at address: 11555
07.12.2010 2:04:43 org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/../lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386/client:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/../lib/i386:/usr/lib/mpi/gcc/openmpi/lib:/usr/java/packages/lib/i386:/lib:/usr/lib
07.12.2010 2:04:43 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8084
07.12.2010 2:04:43 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-9443
07.12.2010 2:04:43 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1536 ms
07.12.2010 2:04:43 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
07.12.2010 2:04:43 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.20
07.12.2010 2:04:45 org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(/home/deniz/NetBeansProjects/opensee/build/web/WEB-INF/lib/servlet.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
07.12.2010 2:04:45 org.apache.juli.ClassLoaderLogManager readConfiguration
WARNING: Reading /home/deniz/NetBeansProjects/opensee/build/web/WEB-INF/classes/logging.properties is not permitted. See "per context logging" in the default catalina.policy file.
07.12.2010 2:04:45 org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "com.sun.faces.config.ConfigureListener" is already configured for this context. The duplicate definition has been ignored.
log4j:WARN No appenders could be found for logger (org.springframework.web.context.ContextLoader).
log4j:WARN Please initialize the log4j system properly.
07.12.2010 2:04:47 com.sun.faces.config.ConfigureListener contextInitialized
INFO: Initializing Mojarra 2.0.2 (FCS b10) for context '/opensee'
07.12.2010 2:04:47 org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
07.12.2010 2:04:47 org.apache.catalina.core.StandardContext start
SEVERE: Context [/opensee] startup failed due to previous errors
07.12.2010 2:04:47 com.sun.faces.config.ConfigureListener contextDestroyed
SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime
java.lang.IllegalStateException: Application was not properly initialized at startup, could not find Factory: javax.faces.application.ApplicationFactory
at javax.faces.FactoryFinder$FactoryManager.getFactor y(FactoryFinder.java:804)
at javax.faces.FactoryFinder.getFactory(FactoryFinder .java:306)
at com.sun.faces.config.InitFacesContext.getApplicati on(InitFacesContext.java:104)
at com.sun.faces.config.ConfigureListener.contextDest royed(ConfigureListener.java:309)
at org.apache.catalina.core.StandardContext.listenerS top(StandardContext.java:3973)
at org.apache.catalina.core.StandardContext.stop(Stan dardContext.java:4577)
.................
Кроме того, когда я вставляю этот грант:
grant {
permission java.security.AllPermission;
};
все ок.
ОС: openSUSE 11.1
OpenJDK 1.6.0.0-b11
Для настройки использовали этот урок: http://www.mikeski.net/site/node/18
Спасибо всем ...