フォーラム

ホーム » 1. Marketplace App Development

構造的に表示 平面上に表示 ツリー上に表示
François Prot
PACL : missing configuration options ?
2013/01/25 8:53
答え

François Prot

ランク: New Member

投稿: 1

参加年月日: 2008/08/27

最近の投稿

Hello !

We have developed a Web Proxy portlet that is working fine on Liferay (already available on Github) and we are looking forward to publish it on Liferay Marketplace.

As indicated in the developer documentation, I enabled the security manager and tried to find the right configuration to deploy and run my portlet. I get the following exception when my portlet is deployed :

 1Caused by: java.lang.SecurityException: Attempted to getProperty.ssl.KeyManagerFactory.algorithm on
 2    at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
 3    at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
 4    at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
 5    at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
 6    at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
 7    at java.security.Security.getProperty(Security.java:725)
 8    at javax.net.ssl.KeyManagerFactory$1.run(KeyManagerFactory.java:55)
 9    at java.security.AccessController.doPrivileged(Native Method)
10    at javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm(KeyManagerFactory.java:53)
11    at org.apache.http.conn.ssl.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:223)
12    at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:417)
13    at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:450)
14    at fr.ippon.wip.http.hc.HttpClientResourceManager.<init>(HttpClientResourceManager.java:101)
15    ... 35 more


From the source code of SecurityChecker it seems there is currently no way to configure the security manager in order to accept this permission (java.security.SecurityPermission/getProperty). I hope that the next release of the portal will provide a configuration option that allows our portlet to run properly...

However, I fear that the current strategy (reject all permission unless there is a configuration option that allows it) will cause many more difficulties after this one is resolved, and I cannot test my portlet further to have a global view of all needed permissions until this problem is fixed. Do you have any plan to allow publication of "untrusted" applications on the market-place ?

Regards
James Falkner
RE: PACL : missing configuration options ?
2013/01/28 11:38
答え

James Falkner

Community Moderator

ランク: Liferay Legend

投稿: 1406

参加年月日: 2010/09/17

最近の投稿

François Prot:
Hello !

We have developed a Web Proxy portlet that is working fine on Liferay (already available on Github) and we are looking forward to publish it on Liferay Marketplace.

As indicated in the developer documentation, I enabled the security manager and tried to find the right configuration to deploy and run my portlet. I get the following exception when my portlet is deployed :

1Caused by: java.lang.SecurityException: Attempted to getProperty.ssl.KeyManagerFactory.algorithm on
2    at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
3    ... 35 more


From the source code of SecurityChecker it seems there is currently no way to configure the security manager in order to accept this permission (java.security.SecurityPermission/getProperty). I hope that the next release of the portal will provide a configuration option that allows our portlet to run properly...

However, I fear that the current strategy (reject all permission unless there is a configuration option that allows it) will cause many more difficulties after this one is resolved, and I cannot test my portlet further to have a global view of all needed permissions until this problem is fixed. Do you have any plan to allow publication of "untrusted" applications on the market-place ?

Regards


This is probably related to, if not a duplicate of, LPS-30766, which should be fixed in the upcoming GA3 Release. See this thread regarding "untrusted" apps.

Participate in the State of Liferay Community 2017. Help the community and even win some prizes!