Java Security Manager に参加して、SpringSecurity (SS) のプロジェクトに参加してみます。私には目標があります。私のプロジェクトは SS で動作し、認証マネージャーとして dataSource (db2 データベース) を持っています。プロジェクトに ScriptManager(ScriptEngine) を追加しました。今、信頼できないコードを拒否するプロジェクトのセキュリティを設定しようとしています。NetBeans を使用し、Tomcat (6.0.20) のプロパティで「セキュリティ マネージャーを使用する」をセットアップします。次に、{catalina.base}/conf/catalina.police を編集しました。次の「助成金」を追加しました:
grant codeBase "file:${catalina.base}/webapps/myapp/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/lib/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/classes/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/work/Catalina/localhost/myapp/" {
permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtim e";
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
grant codeBase "file:${catalina.base}/webapps/myapp/-" {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.reflect.ReflectPermission "accessDeclaredMembers";
permission java.io.FilePermission "${catalina.home}${file.separator}myapp${file.sepa rator}*", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "*";
permission java.util.PropertyPermission "*", "read";
};
そして今問題。デバッガーでコードを実行すると、次のエラーが発生します。
07.12.2010 2:06:02 org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
07.12.2010 2:06:04 org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListe ner
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.http.UserDeta ilsServiceInjectionBeanPostProcessor#0': Initialization of bean failed; nested exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
.................................................
そしてトムキャットアウト:
Using CATALINA_BASE: /home/user/.netbeans/6.8/apache-tomcat-6.0.20_base
Using CATALINA_HOME: /usr/local/apache-tomcat-6.0.20
Using CATALINA_TMPDIR: /home/user/.netbeans/6.8/apache-tomcat-6.0.20_base/temp
Using JRE_HOME: /usr/lib/jvm/java
Using Security Manager
Listening for transport dt_socket at address: 11555
07.12.2010 2:04:43 org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/../lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386/client:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/../lib/i386:/usr/lib/mpi/gcc/openmpi/lib:/usr/java/packages/lib/i386:/lib:/usr/lib
07.12.2010 2:04:43 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8084
07.12.2010 2:04:43 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-9443
07.12.2010 2:04:43 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1536 ms
07.12.2010 2:04:43 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
07.12.2010 2:04:43 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.20
07.12.2010 2:04:45 org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(/home/deniz/NetBeansProjects/opensee/build/web/WEB-INF/lib/servlet.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
07.12.2010 2:04:45 org.apache.juli.ClassLoaderLogManager readConfiguration
WARNING: Reading /home/deniz/NetBeansProjects/opensee/build/web/WEB-INF/classes/logging.properties is not permitted. See "per context logging" in the default catalina.policy file.
07.12.2010 2:04:45 org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "com.sun.faces.config.ConfigureListener" is already configured for this context. The duplicate definition has been ignored.
log4j:WARN No appenders could be found for logger (org.springframework.web.context.ContextLoader).
log4j:WARN Please initialize the log4j system properly.
07.12.2010 2:04:47 com.sun.faces.config.ConfigureListener contextInitialized
INFO: Initializing Mojarra 2.0.2 (FCS b10) for context '/opensee'
07.12.2010 2:04:47 org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
07.12.2010 2:04:47 org.apache.catalina.core.StandardContext start
SEVERE: Context [/opensee] startup failed due to previous errors
07.12.2010 2:04:47 com.sun.faces.config.ConfigureListener contextDestroyed
SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime
java.lang.IllegalStateException: Application was not properly initialized at startup, could not find Factory: javax.faces.application.ApplicationFactory
at javax.faces.FactoryFinder$FactoryManager.getFactor y(FactoryFinder.java:804)
at javax.faces.FactoryFinder.getFactory(FactoryFinder .java:306)
at com.sun.faces.config.InitFacesContext.getApplicati on(InitFacesContext.java:104)
at com.sun.faces.config.ConfigureListener.contextDest royed(ConfigureListener.java:309)
at org.apache.catalina.core.StandardContext.listenerS top(StandardContext.java:3973)
at org.apache.catalina.core.StandardContext.stop(Stan dardContext.java:4577)
.................
また、この許可を挿入すると:
grant {
permission java.security.AllPermission;
};
大丈夫。
OS: openSUSE 11.1 OpenJDK 1.6.0.0-b11
セットアップには、このチュートリアルを使用します: http://www.mikeski.net/site/node/18
皆さんありがとう...