Tribune

Home » 1. Marketplace App Development

IFrame (Apri una nuova finestra)

Vista Combinata Vista Piatta Vista ad Albero
Discussioni [ Precedente | Successivo ]
Crea Nuova Discussione
toggle
François Prot
PACL : missing configuration options ?
25 gennaio 2013 8.53
Risposta

François Prot

Punteggio: Youngling

Messaggi: 0

Data di Iscrizione: 27 agosto 2008

Messaggi recenti

Hello !

We have developed a Web Proxy portlet that is working fine on Liferay (already available on Github) and we are looking forward to publish it on Liferay Marketplace.

As indicated in the developer documentation, I enabled the security manager and tried to find the right configuration to deploy and run my portlet. I get the following exception when my portlet is deployed :

 1Caused by: java.lang.SecurityException: Attempted to getProperty.ssl.KeyManagerFactory.algorithm on
 2    at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
 3    at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
 4    at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
 5    at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
 6    at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
 7    at java.security.Security.getProperty(Security.java:725)
 8    at javax.net.ssl.KeyManagerFactory$1.run(KeyManagerFactory.java:55)
 9    at java.security.AccessController.doPrivileged(Native Method)
10    at javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm(KeyManagerFactory.java:53)
11    at org.apache.http.conn.ssl.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:223)
12    at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:417)
13    at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:450)
14    at fr.ippon.wip.http.hc.HttpClientResourceManager.<init>(HttpClientResourceManager.java:101)
15    ... 35 more


From the source code of SecurityChecker it seems there is currently no way to configure the security manager in order to accept this permission (java.security.SecurityPermission/getProperty). I hope that the next release of the portal will provide a configuration option that allows our portlet to run properly...

However, I fear that the current strategy (reject all permission unless there is a configuration option that allows it) will cause many more difficulties after this one is resolved, and I cannot test my portlet further to have a global view of all needed permissions until this problem is fixed. Do you have any plan to allow publication of "untrusted" applications on the market-place ?

Regards
Bandierina
James Falkner
RE: PACL : missing configuration options ?
28 gennaio 2013 11.38
Risposta

James Falkner

Punteggio: Youngling

Messaggi: 0

Data di Iscrizione: 17 settembre 2010

Messaggi recenti

François Prot:
Hello !

We have developed a Web Proxy portlet that is working fine on Liferay (already available on Github) and we are looking forward to publish it on Liferay Marketplace.

As indicated in the developer documentation, I enabled the security manager and tried to find the right configuration to deploy and run my portlet. I get the following exception when my portlet is deployed :

1Caused by: java.lang.SecurityException: Attempted to getProperty.ssl.KeyManagerFactory.algorithm on
2    at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
3    ... 35 more


From the source code of SecurityChecker it seems there is currently no way to configure the security manager in order to accept this permission (java.security.SecurityPermission/getProperty). I hope that the next release of the portal will provide a configuration option that allows our portlet to run properly...

However, I fear that the current strategy (reject all permission unless there is a configuration option that allows it) will cause many more difficulties after this one is resolved, and I cannot test my portlet further to have a global view of all needed permissions until this problem is fixed. Do you have any plan to allow publication of "untrusted" applications on the market-place ?

Regards


This is probably related to, if not a duplicate of, LPS-30766, which should be fixed in the upcoming GA3 Release. See this thread regarding "untrusted" apps.
Bandierina

Forums

To access the Developer Forum, please login to your Liferay.com account if you are already a registered developer or register to become a developer.