I am developing a Java Web App using Google App Engine, the app use Maven, JSF and Objectify and works fine in devserver but in production give the following error:
com.sun.faces.config.ConfigureListener contextInitialized: Critical error during deployment:
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:375)
at java.security.AccessController.checkPermission(AccessController.java:565)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:56)
at com.google.apphosting.runtime.security.CustomSecurityManager.checkAccess(CustomSecurityManager.java:131)
at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:315)
at java.lang.Thread.init(Thread.java:378)
at java.lang.Thread.<init>(Thread.java:575)
at com.sun.faces.util.MojarraThreadFactory.newThread(MojarraThreadFactory.java:74)
at java.util.concurrent.ThreadPoolExecutor$Worker.<init>(ThreadPoolExecutor.java:599)
at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:931)
at java.util.concurrent.ThreadPoolExecutor.ensurePrestart(ThreadPoolExecutor.java:1611)
at java.util.concurrent.ScheduledThreadPoolExecutor.delayedExecute(ScheduledThreadPoolExecutor.java:305)
at java.util.concurrent.ScheduledThreadPoolExecutor.scheduleAtFixedRate(ScheduledThreadPoolExecutor.java:542)
at com.sun.faces.config.ConfigureListener.initConfigMonitoring(ConfigureListener.java:480)
at com.sun.faces.config.ConfigureListener.contextInitialized(ConfigureListener.java:227)
at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:199)
at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:174)
at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:134)
at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:484)
at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:438)
at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:445)
at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:220)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:309)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:301)
at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:442)
at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:251)
at java.lang.Thread.run(Thread.java:724)
Someone have faced a similar problem and can help me with a hint or maybe know the solution?
This has been asked many times, see the following questions for examples:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission
modifyThreadGroup)
Google App Engine modifyThreadGroup
problem
Certain operations with threads are disallowed in App Engine, and some part of your code is breaking the rules.
Like Adam points Google App Engine has some restrictions especially with native threads as described here:
https://cloud.google.com/appengine/docs/java/#threads
In JSF a solution for the single threaded enviroment used by Google App Engine is described here:
http://java.wildstartech.com/Java-Platform-Enterprise-Edition/JavaServer-Faces/javaserver-faces-20/configuring-javaserver-faces-20-to-run-on-the-google-appengine/javaserverfaces-20-and-google-app-engine-compatibility-issues
Additionally there could be another problem handling the JSF sessions, a possible solution is described here:
Session lost in Google App Engine using JSF
And finally a good detailed example of JSF in App Engine is described here:
http://java.wildstartech.com/Java-Platform-Enterprise-Edition/JavaServer-Faces/javaserver-faces-22/configuring-jsf-22-to-run-on-the-google-app-engine-using-eclipse
Related
I have been using Jersey v2.19 with Google Appengine v1.9.22 and it works fine in local devserver without any issue, but when i tried to deploy the application to appengine. I get multiple exceptions
Frameworks Used :
AppEngine Java 1.9.22
Jersey 2.19
Objectify 5.1.5
Guice 3.x
Gradle
Following is the exception i get in the log:
org.glassfish.jersey.internal.Errors logErrors: The following warnings have been detected: WARNING: Unknown HK2 failure detected:
MultiException stack 1 of 4
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
at com.google.appengine.runtime.Request.process-84bc59f0ba240851(Request.java)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:382)
at java.security.AccessController.checkPermission(AccessController.java:572)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1606)
at java.lang.ClassLoader.getSystemClassLoader(ClassLoader.java:1525)
at org.jvnet.hk2.internal.ProxyUtilities$1.run(ProxyUtilities.java:95)
at org.jvnet.hk2.internal.ProxyUtilities$1.run(ProxyUtilities.java:90)
at java.security.AccessController.doPrivileged(AccessController.java:34)
at org.jvnet.hk2.internal.ProxyUtilities.secureCreate(ProxyUtilities.java:90)
at org.jvnet.hk2.internal.ProxyUtilities.generateProxy(ProxyUtilities.java:206)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2038)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:105)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:87)
at org.glassfish.jersey.internal.inject.ContextInjectionResolver.resolve(ContextInjectionResolver.java:126)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:214)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:237)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:360)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:470)
at org.jvnet.hk2.internal.SingletonContext$1.compute(SingletonContext.java:82)
at org.jvnet.hk2.internal.SingletonContext$1.compute(SingletonContext.java:70)
at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture$1.call(Cache.java:97)
at java.util.concurrent.FutureTask.run(FutureTask.java:260)
at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture.run(Cache.java:154)
at org.glassfish.hk2.utilities.cache.Cache.compute(Cache.java:199)
at org.jvnet.hk2.internal.SingletonContext.findOrCreate(SingletonContext.java:121)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2065)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:105)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:87)
at org.glassfish.jersey.internal.inject.Providers.getAllRankedProviders(Providers.java:247)
at org.glassfish.jersey.server.ApplicationHandler.getProcessingProviders(ApplicationHandler.java:758)
at org.glassfish.jersey.server.ApplicationHandler.initialize(ApplicationHandler.java:536)
at org.glassfish.jersey.server.ApplicationHandler.access$500(ApplicationHandler.java:183)
at org.glassfish.jersey.server.ApplicationHandler$3.call(ApplicationHandler.java:349)
at org.glassfish.jersey.server.ApplicationHandler$3.call(ApplicationHandler.java:346)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.processWithException(Errors.java:255)
at org.glassfish.jersey.server.ApplicationHandler.(ApplicationHandler.java:346)
at org.glassfish.jersey.servlet.WebComponent.(WebComponent.java:339)
at org.glassfish.jersey.servlet.ServletContainer.init(ServletContainer.java:170)
at org.glassfish.jersey.servlet.ServletContainer.init(ServletContainer.java:393)
at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:662)
at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:437)
at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:444)
at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:230)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:308)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:300)
at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:441)
at java.lang.Thread.run(Thread.java:745)
MultiException stack 2 of 4
java.lang.IllegalArgumentException: While attempting to create a Proxy for javax.servlet.http.HttpServletRequest in scope org.glassfish.jersey.process.internal.RequestScoped an error occured while creating the proxy
at org.jvnet.hk2.internal.ProxyUtilities.generateProxy(ProxyUtilities.java:212)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2038)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:105)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:87)
at org.glassfish.jersey.internal.inject.ContextInjectionResolver.resolve(ContextInjectionResolver.java:126)
... trimmed
MultiException stack 3 of 4
java.lang.IllegalArgumentException: While attempting to resolve the dependencies of com.app.webapp.filters.WebApiAuthFilter errors were found
MultiException stack 4 of 4
java.lang.IllegalStateException: Unable to perform operation: resolve on com.app.webapp.filters.WebApiAuthFilter
i have searched for possible fix, but couldn't able to find anything relates to my problem, i dint use JDO or JPA so the asm jar incompatibility is not the cause.
Any idea on how to resolve this issue ?
Update :
I tried to figure out the cause for this exception, I have an Filter in which i have injected HttpServletRequest , exception is thrown because of that, not sure why though.
#Provider
#WebApiAuth
public class AuthFilter implements ContainerRequestFilter {
// problem is because of injecting this
#Context
protected HttpServletRequest servletRequest;
}
This is probably too late for you, but in the interest of helping others -- I was facing the same problem trying to get access to request.getRemoteAddr(). Injecting HttpServletRequest threw this error at runtime, and none of the environment variables, request properties, or headers contained the remote address.
https://stackoverflow.com/a/23590606/3037408
Provides a working solution that adds a 'remote_addr' header into the jersey/jaxrs headers. If you needed to access something other than the remote_addr from the HttpServletRequest, you could probably insert the relevant data into the headers or some other property for later access as well.
I am in panic mode today and would very much appreciate your precious help:
Since three hours now our Java-based Google App Engine application is throwing AccessControlExceptions when it tries to load a FreeMarker template. The code of this application did not change for 11 days. Since approximately 3h however each template loading request throws something like this:
java.security.AccessControlException: access denied ("java.io.FilePermission" "/WEB-INF/freemarker/panel/root.ftl" "read")
at com.google.appengine.runtime.Request.process-e5a6df6e4f6e9c58(Request.java)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:382)
at java.security.AccessController.checkPermission(AccessController.java:572)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at java.io.File.isFile(File.java:961)
at freemarker.cache.FileTemplateLoader$2.run(FileTemplateLoader.java:165)
at java.security.AccessController.doPrivileged(AccessController.java:63)
at freemarker.cache.FileTemplateLoader.findTemplateSource(FileTemplateLoader.java:161)
at freemarker.cache.TemplateCache.acquireTemplateSource(TemplateCache.java:628)
at freemarker.cache.TemplateCache.findTemplateSource(TemplateCache.java:618)
at freemarker.cache.TemplateCache.getTemplate(TemplateCache.java:316)
at freemarker.cache.TemplateCache.getTemplate(TemplateCache.java:205)
at freemarker.template.Configuration.getTemplate(Configuration.java:740)
at freemarker.template.Configuration.getTemplate(Configuration.java:665)
...
As you can see the problem seems to be that the application is not allowed to load this file any more, although it was allowed to load it in the past.
Did the behaviour of App Engine change when it comes to file reading permissions? Am I missing something?
Thanksalot for your input!
This is a known issue, see the public issue tracker for more details: https://code.google.com/p/googleappengine/issues/detail?id=11766
I am migrating my application from Tomcat to Google App Engine (1.9.1). I am running jsf 2.2 on servlet 2.5 and I am facing an issue with reading files from file system. I have code that creates a file on the file system as follows:
File file = new File("C:\\tempFolder");
if(file.isDirectory()){
// do writing stuff here
}
On Tomcat I was not getting any exceptions on the above code, but on Google App Engine I am getting the following exception:
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\tempFolder" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:429)
Why am I getting this exception, and how to fix it?
why i am getting this exception
GAE environment is sandboxed for a number of reasons. This means that you cannot do a lot of things you could normally do on your local machine.
This also includes write access to the file system.
how to fix it
Find another way to persist your data (database, for example).
You can read a little bit more on sandbox restrictions here.
I am trying to execute this jnlp application.
However, I keep receiving this security exception:
java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:399)
at java.lang.Class.newInstance0(Class.java:370)
at java.lang.Class.newInstance(Class.java:322)
at com.sun.javafx.applet.FXApplet2.init(FXApplet2.java:63)
at com.sun.deploy.uitoolkit.impl.fx.FXApplet2Adapter.init(FXApplet2Adapter.java:207)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Thread.java:722)
Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.net.useSystemProxies" "write")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:364)
at java.security.AccessController.checkPermission(AccessController.java:560)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.setProperty(System.java:783)
at ensemble.Ensemble2.<clinit>(Ensemble2.java:77)
... 10 more
I tried changing the security settings in the Java control panel (OSX 10.8.3), but they seem to be disabled and I cannot modify them (I do can check the "Enable Java content in the browser" option, but it is resetted when I click apply). This is shown in the following figure:
Is there another mechanism for bypassing the Java security manager and being able to execute a jnlp application ?
UPDATE:
After reinstalling Java I was finally able to change the security options in the Java Control panel (I did not do anything special, just reinstall it from scratch). Unfortunately, when I execute the jnlp application it dies silently without showing any errors. This problem could be related to the fact that I am using the jdk 1.8 (since the jnlp application requires javafx) and it is just a preview version (and OSX does not seem to like a lot Java these days...), it is my best guess but I cannot be completely sure.
Possible reasons for this:
I have heard that Java 7 on Mac is still not stable.
By default JNLP files run in a "sandbox" to prevent malicious code from wreaking havoc on your system. This sandbox restricts access to the local filesystem and local network. I imagine that system properties are restricted too, and it looks like the app is trying to write to them. To allow unrestricted access, you need to sign the JAR file and configure the JNLP file with <security><all-permissions/></security>
I am trying to execute this program,
http://java.sun.com/developer/technicalArticles/ThirdParty/WebCrawler/WebCrawler.java
The program compiles without any error after i referred this page,
http://www.velocityreviews.com/forums/t146972-web-crawler.html
But while executing using the command "appletviewer WebCrawler.html" i get this exception..
Exception in thread "Thread-4"
java.security.AccessControlException:access denied(java.net.SocketPermission java.sun.com:80 connect,resolve)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1034)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.http.HttpClient.<init>(HttpClient.java:233)
at sun.net.www.http.HttpClient.New(HttpClient.java:306)
at sun.net.www.http.HttpClient.New(HttpClient.java:323)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:860)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:801)
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:726)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049)
at java.net.URL.openStream(URL.java:1010)
at WebCrawler.robotSafe(WebCrawler.java:139)
at WebCrawler.run(WebCrawler.java:235)
at java.lang.Thread.run(Thread.java:619)
How do i make it work.?
By default, an applet may only connect to the same server + port from which it is located. You could do one of the following:
Convert the app into an application, removng the security restriction
Use a trusted/signed applet
Also you could have a look at configuring the crossdomain for the applet, see:
http://weblogs.java.net/blog/2008/05/28/java-doodle-crossdomainxml-support
It's pretty straight forward to self-sign an applet (which you can do for free). If you don't sign the applet you'll only get bare minimum security access and won't give access to the sockets.
Simple 3 step guide is here:
http://www.narendranaidu.com/2007/11/3-easy-steps-to-self-sign-applet-jar.html
or a more in-depth explination:
http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html