Re: [jetty-users] Jetty 6: Problem with security manager

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Jetty 6: Problem with security manager

From: Jesse McConnell <jesse.mcconnell@xxxxxxxxx>
Date: Tue, 17 May 2011 07:53:55 -0500
Delivered-to: jetty-users@xxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=Skauau3PcgSsefoXm/4SwiK1jA9g1olTc0g0vjDJCJqu5B0CGGJV5tNmLNrI/UOODp U/V+Pf558jvWNrTzXaVLRpa/s+P1jyiwWwkB/nQ6WtD1gGqgvX6IlvUM0VJ0Ab8qZKUg J/WhBIqLGYoxHn5dod9MI/TZxxvK3MVesJFlU=
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Trying to embed arbitrary software into an application running with
the security manager, without having any ability to tweak the security
manager policy or permissions is a terrible situation.  Off the top of
my head your basically out of luck, if you take a look at jetty-7's
jetty-policy module there are a number of policy files in there that
we have tweaked to work with the security manager and that will give
you and idea what sorts of permissions would need to be granted.
There are many properties that need to be able to be looked for just
to get things running.

Now I don't know anything about your permission setup so its possible
that those system properties are globally granted and your just
getting stymied by this particular check in which case your only
option is to read the code and see if it can be removed, and then
remove it from a local copy and build of jetty6.  I would probably
start there and see how far you get.

Alternately if you can figure out if its possible for you to add a
codeBase to the policy implementation on the jvm you can grant those
permissions as needed to just the jetty codeBases.  I am not sure how
savvy you are on the security manager usage and if you have looked for
that option at all.

cheers,
jesse

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx

On Tue, May 17, 2011 at 06:18, Steffen Bach <sba@xxxxxxxxxx> wrote:
> Hi list.
>
> I'm attempting to embed Jetty 6.1.26 in an application that is to be run on a Kyocera Mita printer, which is CDC-1.1 compatible.
>
> I have followed http://docs.codehaus.org/display/JETTY/J2ME+CDC to configure Jetty without XML.
>
> Whenever I try to launch my application on the printer I receive the following stack trace:
> java.lang.ExceptionInInitializerError
>   at java.lang.J9VMInternals.initialize(Unknown Source)
>   at java.lang.J9VMInternals.initialize(Unknown Source)
>   at org.mortbay.jetty.Server.doStart(Unknown Source)
>   at org.mortbay.component.AbstractLifeCycle.start(Unknown Source)
>   at auth_test.ConfigWebServer.start(Unknown Source)
>   at auth_test.HyPASActivator.start(Unknown Source)
>   at com.ibm.osg.smf.BundleContext$1.run(Unknown Source)
>   at java.security.AccessController.doPrivileged(Unknown Source)
>   at com.ibm.osg.smf.BundleContext.start(Unknown Source)
>   at com.ibm.osg.smf.Bundle.startWorker(Unknown Source)
>   at com.ibm.osg.smf.Bundle.start(Unknown Source)
>   at jp.co.kyoceramita.ksf.app.mngr.Proxy.start(Unknown Source)
>   at jp.co.kyoceramita.ksf.app.mngr.StartAppTask.start(Unknown Source)
>   at jp.co.kyoceramita.ksf.app.mngr.TaskWorker.run(Unknown Source)
>   at java.lang.Thread.run(Unknown Source)
> Caused by: java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers )
>   at java.security.AccessController.checkPermission(Unknown Source)
>   at java.lang.SecurityManager.checkPermission(Unknown Source)
>   at java.lang.SecurityManager.checkMemberAccess(Unknown Source)
>   at java.lang.Class.checkMemberAccess(Unknown Source)
>   at java.lang.Class.getDeclaredFields(Unknown Source)
>   at org.mortbay.jetty.AbstractGenerator.<clinit>(Unknown Source)
>   at java.lang.J9VMInternals.initializeImpl(Native Method)
>   ... 15 more
>
> Packages starting with "auth_test." are written by me and in my control. The rest packages are outside of my control, although I could use a custom build of Jetty if needed. I have *no* control over the Security Manager settings and cannot change them in any way.
>
> auth_test.ConfigWebServer is a wrapper around 'Server srv = new Server(18080)' (no handlers atm, but will be needed if I can get it to run) with a start and stop method.
>
> Is there a way around this issue?
>
> I'm up for narrowing down the failing line in o.m.j.Server.doStart if it is needed in order to aid in the solution of this problem.
>
>
> - Steffen
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>

References:
- [jetty-users] Jetty 6: Problem with security manager
  - From: Steffen Bach

Prev by Date: [jetty-users] Jetty 6: Problem with security manager
Next by Date: [jetty-users] jsessionId cookie question.
Previous by thread: [jetty-users] Jetty 6: Problem with security manager
Next by thread: [jetty-users] jsessionId cookie question.
Index(es):
- Date
- Thread

Breadcrumbs