Forums

Home » 1. Marketplace App Development

RSS (Opens New Window)

Combination View Flat View Tree View
Threads [ Previous | Next ]
Post New Thread
toggle
François Prot
PACL : missing configuration options ?
January 25, 2013 8:53 AM
Answer

François Prot

Rank: Youngling

Posts: 0

Join Date: August 27, 2008

Recent Posts

Hello !

We have developed a Web Proxy portlet that is working fine on Liferay (already available on Github) and we are looking forward to publish it on Liferay Marketplace.

As indicated in the developer documentation, I enabled the security manager and tried to find the right configuration to deploy and run my portlet. I get the following exception when my portlet is deployed :

 1Caused by: java.lang.SecurityException: Attempted to getProperty.ssl.KeyManagerFactory.algorithm on
 2    at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
 3    at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
 4    at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
 5    at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
 6    at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
 7    at java.security.Security.getProperty(Security.java:725)
 8    at javax.net.ssl.KeyManagerFactory$1.run(KeyManagerFactory.java:55)
 9    at java.security.AccessController.doPrivileged(Native Method)
10    at javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm(KeyManagerFactory.java:53)
11    at org.apache.http.conn.ssl.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:223)
12    at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:417)
13    at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:450)
14    at fr.ippon.wip.http.hc.HttpClientResourceManager.<init>(HttpClientResourceManager.java:101)
15    ... 35 more


From the source code of SecurityChecker it seems there is currently no way to configure the security manager in order to accept this permission (java.security.SecurityPermission/getProperty). I hope that the next release of the portal will provide a configuration option that allows our portlet to run properly...

However, I fear that the current strategy (reject all permission unless there is a configuration option that allows it) will cause many more difficulties after this one is resolved, and I cannot test my portlet further to have a global view of all needed permissions until this problem is fixed. Do you have any plan to allow publication of "untrusted" applications on the market-place ?

Regards
Flag
James Falkner
RE: PACL : missing configuration options ?
January 28, 2013 11:38 AM
Answer

James Falkner

Rank: Youngling

Posts: 0

Join Date: September 17, 2010

Recent Posts

François Prot:
Hello !

We have developed a Web Proxy portlet that is working fine on Liferay (already available on Github) and we are looking forward to publish it on Liferay Marketplace.

As indicated in the developer documentation, I enabled the security manager and tried to find the right configuration to deploy and run my portlet. I get the following exception when my portlet is deployed :

1Caused by: java.lang.SecurityException: Attempted to getProperty.ssl.KeyManagerFactory.algorithm on
2    at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
3    ... 35 more


From the source code of SecurityChecker it seems there is currently no way to configure the security manager in order to accept this permission (java.security.SecurityPermission/getProperty). I hope that the next release of the portal will provide a configuration option that allows our portlet to run properly...

However, I fear that the current strategy (reject all permission unless there is a configuration option that allows it) will cause many more difficulties after this one is resolved, and I cannot test my portlet further to have a global view of all needed permissions until this problem is fixed. Do you have any plan to allow publication of "untrusted" applications on the market-place ?

Regards


This is probably related to, if not a duplicate of, LPS-30766, which should be fixed in the upcoming GA3 Release. See this thread regarding "untrusted" apps.
Flag

Forums

To access the Developer Forum, please login to your Liferay.com account if you are already a registered developer or register to become a developer.