Embedded Jetty with Java Security Policies
Question
I am using embedded jetty. My application loads an external war. I want to restrict what the loaded web application can do so I applied a Java security policy. Now my application starts but when I try to start the deployed web application it crashes. The war gets extracted to $JETTY_HOME/temp/${webapp}/webapp/
Policy
grant codeBase "file:${jetty.appserver.homeDirectory}/app/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${jetty.appserver.homeDirectory}/temp/-" {
permission java.io.FilePermission "file:${jetty.appserver.homeDirectory}/temp/-", "read";
};
grant {
permission java.net.SocketPermission "*", "accept,resolve";
permission java.io.FilePermission "${java.home}${/}-", "read";
permission java.io.FilePermission "${jetty.appserver.homeDirectory}${/}-", "read";
permission java.io.FilePermission "file:${jetty.appserver.homeDirectory}/temp/-", "read";
permission java.io.FilePermission "/usr/lib/jvm/jdk1.6.0_25/lib/tools.jar", "read";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*";
permission java.lang.RuntimePermission "org.springframework.*";
};
Exception
2012-12-18 17:12:13.191: org.springframework.web.servlet.DispatcherServlet ERROR - Context initialization failed
java.lang.UnsupportedOperationException
at org.springframework.core.env.ReadOnlySystemAttributesMap.keySet(ReadOnlySystemAttributesMap.java:88)
at org.springframework.core.env.MapPropertySource.getPropertyNames(MapPropertySource.java:41)
at org.springframework.core.env.EnumerablePropertySource.containsProperty(EnumerablePropertySource.java:70)
at org.springframework.core.env.SystemEnvironmentPropertySource.resolvePropertyName(SystemEnvironmentPropertySource.java:109)
at org.springframework.core.env.SystemEnvironmentPropertySource.getProperty(SystemEnvironmentPropertySource.java:90)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:73)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:59)
at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:414)
at org.springframework.core.env.AbstractEnvironment.doGetActiveProfiles(AbstractEnvironment.java:235)
at org.springframework.core.env.AbstractEnvironment.getActiveProfiles(AbstractEnvironment.java:222)
at org.springframework.core.env.AbstractEnvironment.merge(AbstractEnvironment.java:396)
at org.springframework.context.support.AbstractApplicationContext.setParent(AbstractApplicationContext.java:392)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:585)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
at javax.servlet.GenericServlet.init(GenericServlet.java:241)
at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:463)
at org.eclipse.jetty.servlet.ServletHolder.doStart(ServletHolder.java:283)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:770)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1214)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:676)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:455)
at mycompany.application.transport.jetty.appserver.WebAppContextWrapper.doStart(WebAppContextWrapper.java:64)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at mycompany.application.transport.jetty.appserver.JettyAppServer.startHandler(JettyAppServer.java:272)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:202)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:137)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
2012-12-18 17:12:13.192: /b WARN - unavailable
java.lang.UnsupportedOperationException
at org.springframework.core.env.ReadOnlySystemAttributesMap.keySet(ReadOnlySystemAttributesMap.java:88)
at org.springframework.core.env.MapPropertySource.getPropertyNames(MapPropertySource.java:41)
at org.springframework.core.env.EnumerablePropertySource.containsProperty(EnumerablePropertySource.java:70)
at org.springframework.core.env.SystemEnvironmentPropertySource.resolvePropertyName(SystemEnvironmentPropertySource.java:109)
at org.springframework.core.env.SystemEnvironmentPropertySource.getProperty(SystemEnvironmentPropertySource.java:90)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:73)
at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:59)
at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:414)
at org.springframework.core.env.AbstractEnvironment.doGetActiveProfiles(AbstractEnvironment.java:235)
at org.springframework.core.env.AbstractEnvironment.getActiveProfiles(AbstractEnvironment.java:222)
at org.springframework.core.env.AbstractEnvironment.merge(AbstractEnvironment.java:396)
at org.springframework.context.support.AbstractApplicationContext.setParent(AbstractApplicationContext.java:392)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:585)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
at javax.servlet.GenericServlet.init(GenericServlet.java:241)
at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:463)
at org.eclipse.jetty.servlet.ServletHolder.doStart(ServletHolder.java:283)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:770)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1214)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:676)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:455)
at mycompany.application.transport.jetty.appserver.WebAppContextWrapper.doStart(WebAppContextWrapper.java:64)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
at mycompany.application.transport.jetty.appserver.JettyAppServer.startHandler(JettyAppServer.java:272)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:202)
at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:137)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
2 answers
solution1
0 2013-02-14 09:25:03
With Spring 3.1 version, you have to add these context parameters to your web.xml to get it start with security manager enabled.
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>default</param-value>
</context-param>
<context-param>
<param-name>spring.profiles.active</param-name>
<param-value>default</param-value>
</context-param>
solution2
0 ACCPTED 2013-02-15 09:31:09
Thank you for your responses, however I have solved this error after looking around.
The exception is generated because spring is unable to read jvm's environment properties which is not directly visible in this exception. But once you add the following permission:
permission java.lang.RuntimePermission "getenv.*";
It will fix the above error.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Java / Jetty: How to Add Filter to Embedded Jetty
Configure Spring Security on embedded Jetty in Spring
Java embedded jetty is accepting HTTP TRACE method
Embedded Jetty doesn't recognise Spring MVC Security
How to enable HTTP digest for embedded jetty / spring security?
java.lang.IncompatibleClassChangeError with embedded Jetty and Jersey (no GAE)
Embedded Jetty with Spring MVC
Embedded Jetty Spring MVC
Gradle + Embedded Jetty
Embedded Jetty and Spring Web MVC
Related Tags