I am in panic mode today and would very much appreciate your precious help:
Since three hours now our Java-based Google App Engine application is throwing AccessControlExceptions when it tries to load a FreeMarker template. The code of this application did not change for 11 days. Since approximately 3h however each template loading request throws something like this:
java.security.AccessControlException: access denied ("java.io.FilePermission" "/WEB-INF/freemarker/panel/root.ftl" "read")
at com.google.appengine.runtime.Request.process-e5a6df6e4f6e9c58(Request.java)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:382)
at java.security.AccessController.checkPermission(AccessController.java:572)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at java.io.File.isFile(File.java:961)
at freemarker.cache.FileTemplateLoader$2.run(FileTemplateLoader.java:165)
at java.security.AccessController.doPrivileged(AccessController.java:63)
at freemarker.cache.FileTemplateLoader.findTemplateSource(FileTemplateLoader.java:161)
at freemarker.cache.TemplateCache.acquireTemplateSource(TemplateCache.java:628)
at freemarker.cache.TemplateCache.findTemplateSource(TemplateCache.java:618)
at freemarker.cache.TemplateCache.getTemplate(TemplateCache.java:316)
at freemarker.cache.TemplateCache.getTemplate(TemplateCache.java:205)
at freemarker.template.Configuration.getTemplate(Configuration.java:740)
at freemarker.template.Configuration.getTemplate(Configuration.java:665)
...
As you can see the problem seems to be that the application is not allowed to load this file any more, although it was allowed to load it in the past.
Did the behaviour of App Engine change when it comes to file reading permissions? Am I missing something?
Thanksalot for your input!
This is a known issue, see the public issue tracker for more details: https://code.google.com/p/googleappengine/issues/detail?id=11766
Related
I am migrating my application from Tomcat to Google App Engine (1.9.1). I am running jsf 2.2 on servlet 2.5 and I am facing an issue with reading files from file system. I have code that creates a file on the file system as follows:
File file = new File("C:\\tempFolder");
if(file.isDirectory()){
// do writing stuff here
}
On Tomcat I was not getting any exceptions on the above code, but on Google App Engine I am getting the following exception:
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\tempFolder" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:429)
Why am I getting this exception, and how to fix it?
why i am getting this exception
GAE environment is sandboxed for a number of reasons. This means that you cannot do a lot of things you could normally do on your local machine.
This also includes write access to the file system.
how to fix it
Find another way to persist your data (database, for example).
You can read a little bit more on sandbox restrictions here.
I am trying to run the example of the RMI application given in the Oracle website http://docs.oracle.com/javase/tutorial/rmi/running.html.
However, trying both Eclipse and in the command line, I can't run the server nor the client.
In fact, when running in Eclipse I get this error:
ComputeEngine exception:
java.security.AccessControlException: access denied ("java.net.SocketPermission" "127.0.0.1:1099" "connect,resolve")
I also have changed the VM Argument like this:
For the ComputeEngine (server):
-Djava.security.manager -Djava.rmi.server.codebase=file:/Users/name/Documents/workspace/PiComputationRM/src/compute/compute.jar -Djava.security.policy=/Users/name/Documents/workspace/PiComputationRM/server.policy
For the ComputePi (client):
-Djava.security.policy=/Users/name/Documents/workspace/PiComputationRM/client.policy
The content of my client and server policy is:
grant {
permission java.security.AllPermission;
};
Also when I try to run the server in terminal with:
java -Djava.security.policy="server.policy" src/engine/ComputeEngine.java
I got this error:
Error: Could not find or load main class src.engine.ComputeEngine.java
Please any help, I have spent many hours on the Internet in vain ??
ComputeEngine exception:
java.security.AccessControlException: access denied ("java.net.SocketPermission" "127.0.0.1:1099" "connect,resolve")
You are using a security manager and you haven't granted that permission in your .policy file.
I also have changed the VM Argument like this:
For the ComputeEngine (server):
-Djava.security.manager -Djava.rmi.server.codebase=file:/Users/name/Documents/workspace/PiComputationRM/src/compute/compute.jar -Djava.security.policy=/Users/name/Documents/workspace/PiComputationRM/server.policy
Several problems there:
a file: codebase isn't going to work unless it specifies a shared location that is visible by that name to the client and the Registry. This doesn't look like one of those.
you need to check whether that is the correct name for the policy file
you don't even need a security manager or policy in the server, unless the client is setting its own codebase and is going to provide classes to you. That doesn't happen in this example.
For the ComputePi (client):
-Djava.security.policy=/Users/name/Documents/workspace/PiComputationRM/client.policy
Double-check this name.
Also when I try to run the server in terminal with:
java -Djava.security.policy="server.policy" src/engine/ComputeEngine.java
I got this error:
Error: Could not find or load main class src.engine.ComputeEngine.java
Of course you did. You gave a compiler command to the JVM. Use the command provided in the tutorial. You don't name .java files to the JVM.
I have spent many hours on the Internet in vain
You should have been double-checking your work against the tutorial instead. You've misread the tutorial in at least two places.
I would also question whether you really need the codebase feature at all. I would start by removing it, and the security managers, altogether, and just get it working without them. It's too much of a complication for a first RMI project.
I am trying to execute this jnlp application.
However, I keep receiving this security exception:
java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:399)
at java.lang.Class.newInstance0(Class.java:370)
at java.lang.Class.newInstance(Class.java:322)
at com.sun.javafx.applet.FXApplet2.init(FXApplet2.java:63)
at com.sun.deploy.uitoolkit.impl.fx.FXApplet2Adapter.init(FXApplet2Adapter.java:207)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Thread.java:722)
Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.net.useSystemProxies" "write")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:364)
at java.security.AccessController.checkPermission(AccessController.java:560)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.setProperty(System.java:783)
at ensemble.Ensemble2.<clinit>(Ensemble2.java:77)
... 10 more
I tried changing the security settings in the Java control panel (OSX 10.8.3), but they seem to be disabled and I cannot modify them (I do can check the "Enable Java content in the browser" option, but it is resetted when I click apply). This is shown in the following figure:
Is there another mechanism for bypassing the Java security manager and being able to execute a jnlp application ?
UPDATE:
After reinstalling Java I was finally able to change the security options in the Java Control panel (I did not do anything special, just reinstall it from scratch). Unfortunately, when I execute the jnlp application it dies silently without showing any errors. This problem could be related to the fact that I am using the jdk 1.8 (since the jnlp application requires javafx) and it is just a preview version (and OSX does not seem to like a lot Java these days...), it is my best guess but I cannot be completely sure.
Possible reasons for this:
I have heard that Java 7 on Mac is still not stable.
By default JNLP files run in a "sandbox" to prevent malicious code from wreaking havoc on your system. This sandbox restricts access to the local filesystem and local network. I imagine that system properties are restricted too, and it looks like the app is trying to write to them. To allow unrestricted access, you need to sign the JAR file and configure the JNLP file with <security><all-permissions/></security>
I want Oracle Data Integrator 10.1.3 to be able to connect to Active Directory running on a Windows 2003.
I'm using SnpsLdapDriver but so far I'm dead unable to make it work.
I keep getting error 52e : Insufficient Credentials. I tried every possible possible way I could - locking my account numerous times- and just nothing but errors.
jdbc:snps:ldap?ldap_url=ldap://128.1.1.121:389/DC=mydc,DC=int??base?(objectClass=*)&ldap_password='encrypted_password_through_snpsldapo.jar'
I tried everything I could find on google....
HELP ????
TIA
52e is the LDAP error code indicating either an invalid user principal or invalid user password.
When I am running RMI Server in netbeans I am getting java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
What to do?
You need to set the permissions within a policy file. An example can be found at the RMI tutorial site and also further information concering policy files.