具有Java安全策略的嵌入式Jetty
[英]Embedded Jetty with Java Security Policies
问题描述
I am using embedded jetty. 
我正在使用嵌入式码头。 My application loads an external war. 我的应用程序加载了外部战争。 I want to restrict what the loaded web application can do so I applied a Java security policy. 我想限制已加载的Web应用程序可以执行的操作,因此我应用了Java安全策略。 Now my application starts but when I try to start the deployed web application it crashes. 现在,我的应用程序启动了,但是当我尝试启动已部署的Web应用程序时,它崩溃了。 The war gets extracted to $JETTY_HOME/temp/${webapp}/webapp/ 战争被提取到$ JETTY_HOME / temp / $ {webapp} / webapp /
Policy 政策
grant codeBase "file:${jetty.appserver.homeDirectory}/app/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${jetty.appserver.homeDirectory}/temp/-" {
permission java.io.FilePermission "file:${jetty.appserver.homeDirectory}/temp/-", "read";
};
grant {
permission java.net.SocketPermission "*", "accept,resolve";
permission java.io.FilePermission "${java.home}${/}-", "read";
permission java.io.FilePermission "${jetty.appserver.homeDirectory}${/}-", "read";
permission java.io.FilePermission "file:${jetty.appserver.homeDirectory}/temp/-", "read";
permission java.io.FilePermission "/usr/lib/jvm/jdk1.6.0_25/lib/tools.jar", "read";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*";
permission java.lang.RuntimePermission "org.springframework.*";
};
Exception 例外
2012-12-18 17:12:13.191: org.springframework.web.servlet.DispatcherServlet ERROR - Context initialization failed
java.lang.UnsupportedOperationException
at org.springframework.core.env.ReadOnlySystemAttributesMap.keySet(ReadOnlySystemAttributesMap.java:88)
at org.springframework.core.env.MapPropertySource.getPropertyNames(MapPropertySource.java:41)
at org.springframework.core.env.EnumerablePropertySource.containsProperty(EnumerablePropertySource.java:70)
at org.springframework.core.env.SystemEnvironmentPropertySource.resolvePropertyName(SystemEnvironmentPropertySource.java:109)
at org.springframework.core.env.SystemEnvironmentPropertySource.getProperty(SystemEnvironmentPropertySource.java:90)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:73)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:59)
at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:414)
at org.springframework.core.env.AbstractEnvironment.doGetActiveProfiles(AbstractEnvironment.java:235)
at org.springframework.core.env.AbstractEnvironment.getActiveProfiles(AbstractEnvironment.java:222)
at org.springframework.core.env.AbstractEnvironment.merge(AbstractEnvironment.java:396)
at org.springframework.context.support.AbstractApplicationContext.setParent(AbstractApplicationContext.java:392)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:585)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
at javax.servlet.GenericServlet.init(GenericServlet.java:241)
at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:463)
at org.eclipse.jetty.servlet.ServletHolder.doStart(ServletHolder.java:283)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:770)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1214)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:676)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:455)
at mycompany.application.transport.jetty.appserver.WebAppContextWrapper.doStart(WebAppContextWrapper.java:64)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at mycompany.application.transport.jetty.appserver.JettyAppServer.startHandler(JettyAppServer.java:272)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:202)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:137)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
2012-12-18 17:12:13.192: /b WARN - unavailable
java.lang.UnsupportedOperationException
at org.springframework.core.env.ReadOnlySystemAttributesMap.keySet(ReadOnlySystemAttributesMap.java:88)
at org.springframework.core.env.MapPropertySource.getPropertyNames(MapPropertySource.java:41)
at org.springframework.core.env.EnumerablePropertySource.containsProperty(EnumerablePropertySource.java:70)
at org.springframework.core.env.SystemEnvironmentPropertySource.resolvePropertyName(SystemEnvironmentPropertySource.java:109)
at org.springframework.core.env.SystemEnvironmentPropertySource.getProperty(SystemEnvironmentPropertySource.java:90)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:73)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:59)
at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:414)
at org.springframework.core.env.AbstractEnvironment.doGetActiveProfiles(AbstractEnvironment.java:235)
at org.springframework.core.env.AbstractEnvironment.getActiveProfiles(AbstractEnvironment.java:222)
at org.springframework.core.env.AbstractEnvironment.merge(AbstractEnvironment.java:396)
at org.springframework.context.support.AbstractApplicationContext.setParent(AbstractApplicationContext.java:392)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:585)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
at javax.servlet.GenericServlet.init(GenericServlet.java:241)
at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:463)
at org.eclipse.jetty.servlet.ServletHolder.doStart(ServletHolder.java:283)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:770)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1214)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:676)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:455)
at mycompany.application.transport.jetty.appserver.WebAppContextWrapper.doStart(WebAppContextWrapper.java:64)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at mycompany.application.transport.jetty.appserver.JettyAppServer.startHandler(JettyAppServer.java:272)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:202)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:137)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
2 个解决方案
解决方案1
0 2013-02-14 09:25:03
With Spring 3.1 version, you have to add these context parameters to your web.xml to get it start with security manager enabled. 在Spring 3.1版本中,必须将这些上下文参数添加到web.xml以使其在启用安全管理器的情况下开始。
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>default</param-value>
</context-param>
<context-param>
<param-name>spring.profiles.active</param-name>
<param-value>default</param-value>
</context-param>
解决方案2
0 已采纳 2013-02-15 09:31:09
Thank you for your responses, however I have solved this error after looking around. 感谢您的答复,不过环顾四周后,我已解决了该错误。
The exception is generated because spring is unable to read jvm's environment properties which is not directly visible in this exception. 因为spring无法读取jvm的环境属性(在此异常中不直接可见),所以生成了该异常。 But once you add the following permission: 但是一旦添加以下权限:
permission java.lang.RuntimePermission "getenv.*";
It will fix the above error. 它将解决以上错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Java / Jetty:如何向嵌入式Jetty添加过滤器 - Java / Jetty: How to Add Filter to Embedded Jetty
在 Spring 中的嵌入式 Jetty 上配置 Spring 安全性 - Configure Spring Security on embedded Jetty in Spring
Java 嵌入式码头正在接受 HTTP TRACE 方法 - Java embedded jetty is accepting HTTP TRACE method
Embedded Jetty无法识别Spring MVC Security - Embedded Jetty doesn't recognise Spring MVC Security
如何为嵌入式码头/弹簧安全启用HTTP摘要? - How to enable HTTP digest for embedded jetty / spring security?
带有嵌入式Jetty和Jersey的java.lang.IncompatibleClassChangeError(无GAE) - java.lang.IncompatibleClassChangeError with embedded Jetty and Jersey (no GAE)
带有Spring MVC的嵌入式Jetty - Embedded Jetty with Spring MVC
嵌入式Jetty Spring MVC - Embedded Jetty Spring MVC
Gradle +嵌入式码头 - Gradle + Embedded Jetty
嵌入式Jetty和Spring Web MVC - Embedded Jetty and Spring Web MVC
相关标签