Hi all,

I am using a Spring filter, as defined in web.xml :

<filter>
<filter-name>requestContextFilter</filter-name>
<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>requestContextFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>

When security manager is on, I can see this :

Mar 22, 2013 3:38:23 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.lang.ClassCircularityError: com/liferay/portal/security/pacl/PACLPolicyManager$PACLPolicyPrivilegedAction
at com.liferay.portal.security.pacl.PACLPolicyManager.getPACLPolicy(PACLPolicyManager.java:70)
at com.liferay.portal.security.pacl.PortalPolicy.getPermissions(PortalPolicy.java:133)
at com.liferay.portal.security.pacl.PortalPolicy.implies(PortalPolicy.java:197)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:224)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:352)
at java.security.AccessController.checkPermission(AccessController.java:549)
at com.liferay.portal.security.pacl.PortalSecurityManagerImpl.checkPermission(PortalSecurityManagerImpl.java:205)
at java.lang.SecurityManager.checkAccept(SecurityManager.java:1157)
at java.net.ServerSocket.implAccept(ServerSocket.java:466)
at java.net.ServerSocket.accept(ServerSocket.java:430)
at org.apache.tomcat.util.net.DefaultServerSocketFactory.acceptSocket(DefaultServerSocketFactory.java:60)
at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:216)
at java.lang.Thread.run(Thread.java:680)

Does anyone know how to make spring filter work with PACL ?

TIA
Philippe

Wow, Philippe (sorry for name typo) are you working with master branch of liferay-portal? The code you are referring to is not in any release yet.

Can you indicate which exact version you are working with?

It may just be that you need to update from master because the class that is in your error is not initialized until one of the very latest commits last night on master.

As Ray mentioned, things in github master may not work correctly - it sometimes does may not even build. Should be using the GA or at least a milestone release.

I'm not even sure if Marketplace is accepting portlets based on a master.

Thanks for your email. I'm currently out of the office until Tuesday 2nd April. Please contact David Schuiteman (david.schuiteman@pfiks.com) with any urgent queries.

Regards,
Matt

Wow! This is the first time I've seem an automatic message post in this forum. :-)

If this gets through, someone enabled email replies!
On Mar 23, 2013 11:54 PM, "Hitoshi Ozawa from liferay.com" <
forums@liferay.com> wrote:

> Wow! This is the first time I've seem an automatic message post in this
> forum. :-)
>
>
> To view the thread, follow the link below:
>
> http://www.liferay.com/community/forums/-/message_boards/view_message/22944127
> --
> Thanks, Liferay.com Forums <http://http://www.liferay.com>

Nice!

BTW, less a few pull requests pending review PACLv2 is complete in master.

For anyone wanting try it out, follow these steps to auto generate the pack
policy for your plugin:

- add security-manager-enabled=generate to your
liferay-plugin-package.properties
- deploy plugin
- do usability testing of app (test all operations)
- as you test, policy is auto generated into
${lifers.home}/pacl-policy/${plugin-context-name}-pacl.policy
- when completed testing, paste generated policy into app's own lpp.props

Note you may want to optimize the resulting policy for thing like fs paths,
etc (all generated rules use literal vales)

Split this off. The new thread can be found at http://www.liferay.com/community/forums/-/message_boards/view_message/22949380.

Hi Ray and Hitoshi,

First, I would like to thank you for your quick answers. Yes, I am using a master version (about 2 week old) because the M4 has a small annoying problem : it calls spring portlet controllers in 'edit' mode twice, in render as well as action phase. In master, everything is ok again.

Being away, I was not able to test further.



Now that I am back to work, I just activated the "generate" security mode with the last master, using a sample portlet with just the Spring requestContextFilter.

As a result, I just got : security-manager-environment-variables=\\*

Having tested this setting with true, everything seems ok. Anyway, the value "\*" seems strange to me, as a security setting.

What do you think about ?

Thanks again,
Philippe (no typo here, Ray ;-)