Uploaded image for project: 'Weld'
  1. Weld
  2. WELD-32

Web Beans App Throws Exception In GlassFish v3 with Secutiry Mgr Enabled.

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Out of Date
    • Affects Version/s: 1.0.0.CR1
    • Fix Version/s: None
    • Component/s: GlassFish Integration
    • Labels:
      None
    • Environment:

      MACOS X, GlassFish v3

      Description

      GlassFish v3 started with Security Mgr enabled.
      Web Beans numberguess app deploys fine. But upon visiting the first page of the app:

      1.
      Aug 4, 2009 11:24:04 AM com.sun.enterprise.security.provider.BasePolicyWrapper$2 run
      2.
      INFO: JACC Policy Provider: Failed Permission Check, context(webbeans-numberguess-jsf2/webbeans-numberguess-jsf2)- permission((java.lang.reflect.ReflectPermission suppressAccessChecks))
      3.
      Aug 4, 2009 11:24:04 AM com.sun.faces.application.view.FaceletViewHandlingStrategy handleRenderException
      4.
      SEVERE: Error Rendering View[/home.xhtml]
      5.
      javax.el.ELException: /home.xhtml @13,117 rendered="#

      {game.number gt game.guess and game.guess ne 0}

      ": java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
      6.
      at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:107)
      7.
      at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:190)
      8.
      at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:414)
      9.
      at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1604)
      10.
      at javax.faces.render.Renderer.encodeChildren(Renderer.java:168)
      11.
      at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:846)
      12.
      at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1610)
      13.
      at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1613)
      14.
      at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:280)
      15.
      at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:126)
      16.
      at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:127)
      17.
      at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97)
      18.
      at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
      19.
      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:311)
      20.
      at sun.reflect.GeneratedMethodAccessor160.invoke(Unknown Source)
      21.
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      22.
      at java.lang.reflect.Method.invoke(Method.java:597)
      23.
      at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:319)
      24.
      at java.security.AccessController.doPrivileged(Native Method)
      25.
      at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
      26.
      at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:352)
      27.
      at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:209)
      28.
      at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1498)
      29.
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:293)
      30.
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
      31.
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
      32.
      at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
      33.
      at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
      34.
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
      35.
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
      36.
      at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:338)
      37.
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:237)
      38.
      at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:202)
      39.
      at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:752)
      40.
      at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:660)
      41.
      at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:911)
      42.
      at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:164)
      43.
      at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
      44.
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
      45.
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
      46.
      at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
      47.
      at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
      48.
      at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
      49.
      at com.sun.grizzly.NIOContext.execute(NIOContext.java:510)
      50.
      at com.sun.grizzly.SelectorHandlerRunner.handleSelectedKey(SelectorHandlerRunner.java:357)
      51.
      at com.sun.grizzly.SelectorHandlerRunner.handleSelectedKeys(SelectorHandlerRunner.java:257)
      52.
      at com.sun.grizzly.SelectorHandlerRunner.doSelect(SelectorHandlerRunner.java:194)
      53.
      at com.sun.grizzly.SelectorHandlerRunner.run(SelectorHandlerRunner.java:129)
      54.
      at com.sun.grizzly.util.FixedThreadPool$BasicWorker.dowork(FixedThreadPool.java:379)
      55.
      at com.sun.grizzly.util.FixedThreadPool$BasicWorker.run(FixedThreadPool.java:360)
      56.
      at java.lang.Thread.run(Thread.java:637)
      57.
      Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
      58.
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
      59.
      at java.security.AccessController.checkPermission(AccessController.java:546)
      60.
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      61.
      at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
      62.
      at org.jboss.webbeans.util.Reflections.lookupMethod(Reflections.java:536)
      63.
      at org.jboss.webbeans.util.Reflections.lookupMethod(Reflections.java:513)
      64.
      at org.jboss.webbeans.introspector.jlr.WBMethodImpl.invokeOnInstance(WBMethodImpl.java:196)
      65.
      at org.jboss.webbeans.injection.MethodInjectionPoint.invokeOnInstance(MethodInjectionPoint.java:143)
      66.
      at org.jboss.webbeans.bean.ProducerMethodBean.produceInstance(ProducerMethodBean.java:84)
      67.
      at org.jboss.webbeans.bean.AbstractProducerBean.create(AbstractProducerBean.java:341)
      68.
      at org.jboss.webbeans.context.DependentContext.get(DependentContext.java:82)
      69.
      at org.jboss.webbeans.BeanManagerImpl.getReference(BeanManagerImpl.java:915)
      70.
      at org.jboss.webbeans.BeanManagerImpl.getInjectableReference(BeanManagerImpl.java:953)
      71.
      at org.jboss.webbeans.injection.FieldInjectionPoint.inject(FieldInjectionPoint.java:74)
      72.
      at org.jboss.webbeans.bean.AbstractClassBean.injectBoundFields(AbstractClassBean.java:217)
      73.
      at org.jboss.webbeans.bean.SimpleBean.create(SimpleBean.java:121)
      74.
      at org.jboss.webbeans.context.AbstractMapContext.get(AbstractMapContext.java:97)
      75.
      at org.jboss.webbeans.bean.proxy.ClientProxyMethodHandler.getProxiedInstance(ClientProxyMethodHandler.java:127)
      76.
      at org.jboss.webbeans.bean.proxy.ClientProxyMethodHandler.invoke(ClientProxyMethodHandler.java:96)
      77.
      at org.jboss.webbeans.examples.numberguess.Game_$$javassist_5.getNumber(Game$$_javassist_5.java)
      78.
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      79.
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      80.
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      81.
      at java.lang.reflect.Method.invoke(Method.java:597)
      82.
      at javax.el.BeanELResolver.getValue(BeanELResolver.java:302)
      83.
      at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:175)
      84.
      at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72)
      85.
      at com.sun.el.parser.AstValue.getValue(AstValue.java:116)
      86.
      at com.sun.el.parser.AstValue.getValue(AstValue.java:163)
      87.
      at com.sun.el.parser.AstGreaterThan.getValue(AstGreaterThan.java:54)
      88.
      at com.sun.el.parser.AstAnd.getValue(AstAnd.java:54)
      89.
      at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:219)
      90.
      at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:102)
      91.
      ... 50 more
      92.
      Aug 4, 2009 11:24:04 AM org.apache.catalina.core.StandardWrapperValve log
      93.
      WARNING: StandardWrapperValve[Faces Servlet]: PWC1406: Servlet.service() for servlet Faces Servlet threw exception
      94.
      java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
      95.
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
      96.
      at java.security.AccessController.checkPermission(AccessController.java:546)
      97.
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      98.
      at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
      99.
      at org.jboss.webbeans.util.Reflections.lookupMethod(Reflections.java:536)
      100.
      at org.jboss.webbeans.util.Reflections.lookupMethod(Reflections.java:513)
      101.
      at org.jboss.webbeans.introspector.jlr.WBMethodImpl.invokeOnInstance(WBMethodImpl.java:196)
      102.
      at org.jboss.webbeans.injection.MethodInjectionPoint.invokeOnInstance(MethodInjectionPoint.java:143)
      103.
      at org.jboss.webbeans.bean.ProducerMethodBean.produceInstance(ProducerMethodBean.java:84)
      104.
      at org.jboss.webbeans.bean.AbstractProducerBean.create(AbstractProducerBean.java:341)
      105.
      at org.jboss.webbeans.context.DependentContext.get(DependentContext.java:82)
      106.
      at org.jboss.webbeans.BeanManagerImpl.getReference(BeanManagerImpl.java:915)
      107.
      at org.jboss.webbeans.BeanManagerImpl.getInjectableReference(BeanManagerImpl.java:953)
      108.
      at org.jboss.webbeans.injection.FieldInjectionPoint.inject(FieldInjectionPoint.java:74)
      109.
      at org.jboss.webbeans.bean.AbstractClassBean.injectBoundFields(AbstractClassBean.java:217)
      110.
      at org.jboss.webbeans.bean.SimpleBean.create(SimpleBean.java:121)
      111.
      at org.jboss.webbeans.context.AbstractMapContext.get(AbstractMapContext.java:97)
      112.
      at org.jboss.webbeans.bean.proxy.ClientProxyMethodHandler.getProxiedInstance(ClientProxyMethodHandler.java:127)
      113.
      at org.jboss.webbeans.bean.proxy.ClientProxyMethodHandler.invoke(ClientProxyMethodHandler.java:96)
      114.
      at org.jboss.webbeans.examples.numberguess.Game_$$javassist_5.getNumber(Game$$_javassist_5.java)
      115.
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      116.
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      117.
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      118.
      at java.lang.reflect.Method.invoke(Method.java:597)
      119.
      at javax.el.BeanELResolver.getValue(BeanELResolver.java:302)
      120.
      at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:175)
      121.
      at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72)
      122.
      at com.sun.el.parser.AstValue.getValue(AstValue.java:116)
      123.
      at com.sun.el.parser.AstValue.getValue(AstValue.java:163)
      124.
      at com.sun.el.parser.AstGreaterThan.getValue(AstGreaterThan.java:54)
      125.
      at com.sun.el.parser.AstAnd.getValue(AstAnd.java:54)
      126.
      at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:219)
      127.
      at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:102)
      128.
      at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:190)
      129.
      at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:414)
      130.
      at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1604)
      131.
      at javax.faces.render.Renderer.encodeChildren(Renderer.java:168)
      132.
      at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:846)
      133.
      at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1610)
      134.
      at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1613)
      135.
      at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:280)
      136.
      at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:126)
      137.
      at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:127)
      138.
      at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97)
      139.
      at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
      140.
      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:311)
      141.
      at sun.reflect.GeneratedMethodAccessor160.invoke(Unknown Source)
      142.
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      143.
      at java.lang.reflect.Method.invoke(Method.java:597)
      144.
      at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:319)
      145.
      at java.security.AccessController.doPrivileged(Native Method)
      146.
      at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
      147.
      at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:352)
      148.
      at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:209)
      149.
      at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1498)
      150.
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:293)
      151.
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
      152.
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
      153.
      at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
      154.
      at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
      155.
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
      156.
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
      157.
      at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:338)
      158.
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:237)
      159.
      at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:202)
      160.
      at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:752)
      161.
      at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:660)
      162.
      at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:911)
      163.
      at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:164)
      164.
      at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
      165.
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
      166.
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
      167.
      at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
      168.
      at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
      169.
      at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
      170.
      at com.sun.grizzly.NIOContext.execute(NIOContext.java:510)
      171.
      at com.sun.grizzly.SelectorHandlerRunner.handleSelectedKey(SelectorHandlerRunner.java:357)
      172.
      at com.sun.grizzly.SelectorHandlerRunner.handleSelectedKeys(SelectorHandlerRunner.java:257)
      173.
      at com.sun.grizzly.SelectorHandlerRunner.doSelect(SelectorHandlerRunner.java:194)
      174.
      at com.sun.grizzly.SelectorHandlerRunner.run(SelectorHandlerRunner.java:129)
      175.
      at com.sun.grizzly.util.FixedThreadPool$BasicWorker.dowork(FixedThreadPool.java:379)
      176.
      at com.sun.grizzly.util.FixedThreadPool$BasicWorker.run(FixedThreadPool.java:360)
      177.
      at java.lang.Thread.run(Thread.java:637)

        Gliffy Diagrams

          Attachments

          1. Reflections.txt
            3 kB
          2. Reflections.txt
            3 kB
          3. securereflection.patch
            70 kB

            Issue Links

              Activity

                People

                • Assignee:
                  nickarls Nicklas Karlsson
                  Reporter:
                  rogerk Roger Kitain
                • Votes:
                  2 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: