Hi everyone,
As Ray mentionned, the last LR master let you try the security manager option:
security-manager-enabled=generateI am working on a Spring-based portlet app, embedding also logback. Using this option, I was able to debug some of PACL settings. But I still get a lot of those messages:
WARN [localhost-startStop-1][RuntimeChecker:101] Attempted to create a class loader
WARN [localhost-startStop-1][RuntimeChecker:101] Attempted to access declared members
WARN [localhost-startStop-1][RuntimeChecker:101] Attempted to get protection domain
WARN [localhost-startStop-1][ReflectChecker:101] Attempted to reflectThe warnings appear at the init phase of logback :
INFO in ch.qos.logback.classic.LoggerContext - Found resource [logback.xml] at [file:.../webapps//WEB-INF/classes/logback.xml]
WARN [localhost-startStop-1][RuntimeChecker:101] Attempted to create a class loader
(warnings here...)
INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.ConsoleAppender]Then, when hot deploying the portlets, I get :
INFO: Initializing Spring root WebApplicationContext
INFO Root WebApplicationContext: initialization started
INFO [XmlWebApplicationContext] Refreshing Root WebApplicationContext: startup date [...]; root of context hierarchy
WARN [localhost-startStop-1][RuntimeChecker:101] Attempted to access declared members
WARN [localhost-startStop-1][ReflectChecker:101] Attempted to reflect
WARN [localhost-startStop-1][RuntimeChecker:101] Attempted to get protection domain
WARN [localhost-startStop-1][RuntimeChecker:101] Attempted to get class loader
...
ERROR Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'xxxDAOFactory': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private YyyDAO XxxDAOFactory.yyyDAO; nested exception is java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:287)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1073)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:516)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:192)
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:282)
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:204)
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
com.liferay.portal.kernel.servlet.SecurePluginContextListener.instantiatingListener(SecurePluginContextListener.java:333)
com.liferay.portal.kernel.servlet.SecurePluginContextListener.instantiatingListeners(SecurePluginContextListener.java:157)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
com.liferay.portal.deploy.hot.ServletContextListenerHotDeployListener.doInvokeDeploy(ServletContextListenerHotDeployListener.java:71)
com.liferay.portal.deploy.hot.ServletContextListenerHotDeployListener.invokeDeploy(ServletContextListenerHotDeployListener.java:36)
com.liferay.portal.deploy.hot.HotDeployImpl.doFireDeployEvent(HotDeployImpl.java:186)
com.liferay.portal.deploy.hot.HotDeployImpl.fireDeployEvent(HotDeployImpl.java:95)
...Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: private YyyDAO XxxDAOFactory.yyyDAO; nested exception is java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:506)
org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:84)
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:284)
...Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
java.security.AccessController.checkPermission(AccessController.java:549)
com.liferay.portal.security.pacl.PortalSecurityManagerImpl.checkPermission(PortalSecurityManagerImpl.java:287)
java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
org.springframework.util.ReflectionUtils.makeAccessible(ReflectionUtils.java:386)
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:501)
...ERROR [localhost-startStop-1][HotDeployImpl:189] com.liferay.portal.kernel.deploy.hot.HotDeployException: Error registering servlet context listeners for
com.liferay.portal.kernel.deploy.hot.HotDeployException: Error registering servlet context listeners for at
com.liferay.portal.kernel.deploy.hot.BaseHotDeployListener.throwHotDeployException(BaseHotDeployListener.java:46)
com.liferay.portal.deploy.hot.ServletContextListenerHotDeployListener.invokeDeploy(ServletContextListenerHotDeployListener.java:39)
com.liferay.portal.deploy.hot.HotDeployImpl.doFireDeployEvent(HotDeployImpl.java:186)
com.liferay.portal.deploy.hot.HotDeployImpl.fireDeployEvent(HotDeployImpl.java:95)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
...Caused by: java.lang.reflect.InvocationTargetException at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
com.liferay.portal.deploy.hot.ServletContextListenerHotDeployListener.doInvokeDeploy(ServletContextListenerHotDeployListener.java:71)
...
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'xxxDAOFactory': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private YyyDAO XxxDAOFactory.yyyDAO; nested exception is java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:287)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1073)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:516)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
...
Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: private YyyDAO XxxDAOFactory.yyyDAO; nested exception is java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:506)
org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:84)
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:284)
...
Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
java.security.AccessController.checkPermission(AccessController.java:549)
com.liferay.portal.security.pacl.PortalSecurityManagerImpl.checkPermission(PortalSecurityManagerImpl.java:287)
...Do anyone know about a method to intercept all security exceptions, and how to deal with ? I guess that most of my problems come from objects that are not listed in
security-manager-get-bean-property and
security-manager-set-bean-property.
Thanks in advance,
Philippe
Please sign in to flag this as inappropriate.