jetty and java web start, permission error with signed jars and appropriate perms

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

jetty and java web start, permission error with signed jars and appropriate perms

Roy Rim
Hi guys,

I have an app with an embedded jetty server that I am trying to distribute via
Java Web Start.  I'm getting a java.security.AccessControlException: access
denied (java.io.FilePermission ...) even though all my jars are signed and my
jnlp file has all permissions.

Let me describe how jetty is started in my app.

Originally I had a war file that contained my web application.  I decided to
include the war file in my main application jar.  When my application starts,
the war file is extracted.  This works fine.  However, when I do this to start
jetty:
---------------------------------------
WebApplicationContext app = server.addWebApplication( CONTEXT_PATH,
warFile.getPath() );
app.setDefaultsDescriptor(null);
app.setExtractWAR( true );
HttpContext hc = server.addContext( CONTEXT_PATH + "/images" );
hc.setResourceBase( tempdir + "/webapp/images" );
hc.addHandler( new ResourceHandler() );
server.start(); //start (and run) the server
---------------------------------------

I get the AccessControlException (pasted below).  Which shouldn't happen since
all my jars are signed and my jnlp file has the
<security><all-permissions/></security> tags in it.  I'd really appreciate it if
anyone could explain what I'm missing here and if there is a solution or a
better way to do this.

Thank you,

Roy

---------------------------------------
org.mortbay.util.MultiException[java.security.AccessControlException: access
denied (java.io.FilePermission
    D:\temp\windows\Jetty__8090__seccas\webapp read)]
        at org.mortbay.http.HttpServer.doStart(HttpServer.java:731)
        at org.mortbay.util.Container.start(Container.java:72)
        at com.seccas.jetty.StartJetty.main(StartJetty.java:104)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at com.sun.javaws.Launcher.executeApplication(Unknown Source)
        at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
        at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
        at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
        at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
        at com.sun.javaws.Launcher.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
java.security.AccessControlException: access denied (java.io.FilePermission
D:\temp\windows\Jetty__8090__seccas\webapp read)
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkRead(Unknown Source)
        at java.io.File.isDirectory(Unknown Source)
        at org.mortbay.util.FileResource.isDirectory(FileResource.java:208)
        at org.mortbay.util.FileResource.addPath(FileResource.java:133)
        at org.mortbay.http.ResourceCache.getResource(ResourceCache.java:243)
        at org.mortbay.http.HttpContext.getResource(HttpContext.java:2142)
        at
org.mortbay.jetty.servlet.WebApplicationContext
    .getResource(WebApplicationContext.java:787)
        at
org.mortbay.jetty.servlet.ServletHandler
    .getResourceAsStream(ServletHandler.java:749)
        at
org.mortbay.jetty.servlet.ServletHandler$Context
    .getResourceAsStream(ServletHandler.java:1076)
        at org.apache.struts.action.ActionServlet
        .initServlet(ActionServlet.java:1429)
        at org.apache.struts.action.ActionServlet.init(ActionServlet.java:466)
        at javax.servlet.GenericServlet.init(GenericServlet.java:168)
        at org.mortbay.jetty.servlet.ServletHolder
        .initServlet(ServletHolder.java:383)
        at org.mortbay.jetty.servlet.ServletHolder.start(ServletHolder.java:243)
        at
org.mortbay.jetty.servlet.ServletHandler
    .initializeServlets(ServletHandler.java:445)
        at
org.mortbay.jetty.servlet.WebApplicationHandler
    .initializeServlets(WebApplicationHandler.java:323)
        at
org.mortbay.jetty.servlet.WebApplicationContext
    .doStart(WebApplicationContext.java:511)
        at org.mortbay.util.Container.start(Container.java:72)
        at org.mortbay.http.HttpServer.doStart(HttpServer.java:753)
        at org.mortbay.util.Container.start(Container.java:72)
        at com.seccas.jetty.StartJetty.main(StartJetty.java:104)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at com.sun.javaws.Launcher.executeApplication(Unknown Source)
        at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
        at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
        at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
        at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
        at com.sun.javaws.Launcher.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
java.security.AccessControlException: access denied (java.io.FilePermission
D:\temp\windows\Jetty__8090__seccas\webapp read)
        at java.security.AccessControlContext.checkPermission(Unknown Source)
        at java.security.AccessController.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkPermission(Unknown Source)
        at java.lang.SecurityManager.checkRead(Unknown Source)
        at java.io.File.isDirectory(Unknown Source)
        at org.mortbay.util.FileResource.isDirectory(FileResource.java:208)
        at org.mortbay.util.FileResource.addPath(FileResource.java:133)
        at org.mortbay.http.ResourceCache.getResource(ResourceCache.java:243)
        at org.mortbay.http.HttpContext.getResource(HttpContext.java:2142)
        at
org.mortbay.jetty.servlet.WebApplicationContext
    .getResource(WebApplicationContext.java:787)
        at
org.mortbay.jetty.servlet.ServletHandler
    .getResourceAsStream(ServletHandler.java:749)
        at
org.mortbay.jetty.servlet.ServletHandler$Context
    .getResourceAsStream(ServletHandler.java:1076)
        at org.apache.struts.action.ActionServlet
        .initServlet(ActionServlet.java:1429)
        at org.apache.struts.action.ActionServlet
        .init(ActionServlet.java:466)
        at javax.servlet.GenericServlet.init(GenericServlet.java:168)
        at org.mortbay.jetty.servlet.ServletHolder
        .initServlet(ServletHolder.java:383)
        at org.mortbay.jetty.servlet.ServletHolder
        .start(ServletHolder.java:243)
        at
org.mortbay.jetty.servlet.ServletHandler
    .initializeServlets(ServletHandler.java:445)
        at
org.mortbay.jetty.servlet.WebApplicationHandler
    .initializeServlets(WebApplicationHandler.java:323)
        at
org.mortbay.jetty.servlet.WebApplicationContext
    .doStart(WebApplicationContext.java:511)
        at org.mortbay.util.Container.start(Container.java:72)
        at org.mortbay.http.HttpServer.doStart(HttpServer.java:753)
        at org.mortbay.util.Container.start(Container.java:72)
        at com.seccas.jetty.StartJetty.main(StartJetty.java:104)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at com.sun.javaws.Launcher.executeApplication(Unknown Source)
        at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
        at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
        at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
        at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
        at com.sun.javaws.Launcher.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
---------------------------------------





-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: jetty and java web start, permission error with signed jars and appropriate perms

Greg Wilkins-5
Roy Rim wrote:
> Hi guys,
>
> I have an app with an embedded jetty server that I am trying to distribute via
> Java Web Start.  I'm getting a java.security.AccessControlException: access
> denied (java.io.FilePermission ...) even though all my jars are signed and my
> jnlp file has all permissions.

I can't really see anything wrong here?

Are you signing the jetty jar as well? or are you putting jetty classes into
your own jar?

Can you write an com.acme.TestMain class that just opens a file and see if
you can get that to work via web start?

regards



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss
Reply | Threaded
Open this post in threaded view
|

Re: jetty and java web start, permission error with signed jars and appropriate perms

Roy Rim
Greg Wilkins <gregw <at> mortbay.com> writes:

> Roy Rim wrote:
> > Hi guys,
> >
> > I have an app with an embedded jetty server that I am trying to distribute
> > via
> > Java Web Start.  I'm getting a java.security.AccessControlException: access
> > denied (java.io.FilePermission ...) even though all my jars are signed and
> > my
> > jnlp file has all permissions.
>
> I can't really see anything wrong here?
>
> Are you signing the jetty jar as well? or are you putting jetty classes into
> your own jar?
>
> Can you write an com.acme.TestMain class that just opens a file and see if
> you can get that to work via web start?

Hi Greg,

I finally found the solution (dimly remembered my signed applet experience
many years ago).

I had to create a new AllPermission policy, which in my opinion, doesn't
make any sense.  I signed all my jars.  I added the all-permissions tag to my
jnlp file.  The Policy.setPolicty( ... ) step isn't mentioned in any Java Web
Start guides.  Very annoying considering that I had no problems extracting the
.war file from the .jar file and saving it to the user's harddrive.

Any idea why the JVM would consider it OK for my main app to extract a file
from my jar to the harddrive, but not let Jetty READ from the directory that
gets extracted from the .war file?  bizarre.

Roy





-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
jetty-discuss mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-discuss