Hello !
We have developed a Web Proxy portlet that is working fine on Liferay (already available on
Github) and we are looking forward to publish it on Liferay Marketplace.
As indicated in the developer documentation, I enabled the security manager and tried to find the right configuration to deploy and run my portlet. I get the following exception when my portlet is deployed :
1Caused by: java.lang.SecurityException: Attempted to getProperty.ssl.KeyManagerFactory.algorithm on
2 at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
3 at com.liferay.portal.security.pacl.checker.SecurityChecker.checkPermission(SecurityChecker.java:52)
4 at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
5 at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
6 at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
7 at java.security.Security.getProperty(Security.java:725)
8 at javax.net.ssl.KeyManagerFactory$1.run(KeyManagerFactory.java:55)
9 at java.security.AccessController.doPrivileged(Native Method)
10 at javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm(KeyManagerFactory.java:53)
11 at org.apache.http.conn.ssl.SSLSocketFactory.createSSLContext(SSLSocketFactory.java:223)
12 at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:417)
13 at org.apache.http.conn.ssl.SSLSocketFactory.<init>(SSLSocketFactory.java:450)
14 at fr.ippon.wip.http.hc.HttpClientResourceManager.<init>(HttpClientResourceManager.java:101)
15 ... 35 more
From the source code of SecurityChecker it seems there is currently no way to configure the security manager in order to accept this permission (java.security.SecurityPermission/getProperty). I hope that the next release of the portal will provide a configuration option that allows our portlet to run properly...
However, I fear that the current strategy (reject all permission unless there is a configuration option that allows it) will cause many more difficulties after this one is resolved, and I cannot test my portlet further to have a global view of all needed permissions until this problem is fixed. Do you have any plan to allow publication of "untrusted" applications on the market-place ?
Regards
