AccessControlException in running tutorial war access, class, listener, running, problem

amy

Hi,

Did anyone face a problem in running the acegi-security-samples-tutorial-2.0.1.war sample application? I am running it on Sun Application Server 8.2, but kept bumping into this exception:

[#|2008-05-09T10:13:42.196+0800|SEVERE|sun-appserver-pe8.2|javax.enterprise.system.container.web|_Threa  dID=10;|WebModule[/acegi]Exception sending context destroyed event to listener instance of class org..web.util.Log4jConfigListener
java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
at java.security.AccessControlContext.checkPermission  (AccessControlContext.java:264)
at java.security.AccessController.checkPermission(Acc  essController.java:427)
at java.lang.SecurityManager.checkPermission(Security  Manager.java:532)
at java.lang.SecurityManager.checkPropertiesAccess(Se  curityManager.java:1252)
at java.lang.System.getProperties(System.java:561)
at org..web.util.WebUtils.removeWebApp  RootSystemProperty(WebUtils.java:151)
at org..web.util.Log4jWebConfigurer.sh  utdownLogging(Log4jWebConfigurer.java:175)
at org..web.util.Log4jConfigListener.c  ontextDestroyed(Log4jConfigListener.java:55)
at org.apache.catalina.core.StandardContext.listenerS  top(StandardContext.java:4051)
at org.apache.catalina.core.StandardContext.stop(Stan  dardContext.java:4680)
at org.apache.catalina.core.StandardContext.start(Sta  ndardContext.java:4550)
at com.sun.enterprise.web.WebModule.start(WebModule.j  ava:241)
at org.apache.catalina.core.ContainerBase.start(Conta  inerBase.java:1086)
at org.apache.catalina.core.StandardHost.start(Standa  rdHost.java:847)
at org.apache.catalina.core.ContainerBase.start(Conta  inerBase.java:1086)
at org.apache.catalina.core.StandardEngine.start(Stan  dardEngine.java:483)
at org.apache.catalina.startup.Embedded.start(Embedde  d.java:894)
at com.sun.enterprise.web.WebContainer.start(WebConta  iner.java:741)
at com.sun.enterprise.web.PEWebContainer.startInstanc  e(PEWebContainer.java:515)
at com.sun.enterprise.web.PEWebContainerLifecycle.onS  tartup(PEWebContainerLifecycle.java:54)
at com.sun.enterprise.server.ApplicationServer.onStar  tup(ApplicationServer.java:300)
at com.sun.enterprise.server.PEMain.run(PEMain.java:2  94)
at com.sun.enterprise.server.PEMain.main(PEMain.java:  220)
|#]

I've tried googling for the solution but the closest I found was a closed JIRA ticket that says something about configuring the security policy / manager.

I suspect it might be resolved by configuring the 'server.policy' file, but have no firm idea on how to go about doing it. Has anyone done this kind of thing before? Or could point me in the right direction to solve this?

Any help would be very much appreciated!

I don't know about your web server, but in Tomcat we have to add the lineCode:
grant codeBase quot;file{catalina.base}/myappname/-quot; {
permission java.security.AllPermission;
};
To the catalina.policy file. Perhaps you need to add something similar. Bare in mind that this isn't a great idea for production as your app will be able to do anything on the server.

Nick


Originally Posted by nickcodefreshI don't know about your web server, but in Tomcat we have to add the lineCode:
grant codeBase quot;file{catalina.base}/myappname/-quot; {
permission java.security.AllPermission;
};
To the catalina.policy file. Perhaps you need to add something similar. Bare in mind that this isn't a great idea for production as your app will be able to do anything on the server.

Nick

Thanks Nick!

Yours worked; the solution which I'm using right now is a modified version of it (coz I want it to be as close to production as possible):Code:
grant codeBase quot;file{com.sun.aas.instanceRoot}/applications/j2ee-modules/myapp/-quot; {
permission java.lang.reflect.ReflectPermission quot;suppressAccessChecksquot;;
permission java.util.PropertyPermission quot;*quot;, quot;read,writequot;;
permission javax.security.auth.AuthPermission quot;doAsPrivilegedquot;;
};
Though from the way we have to modify all these permissions make me wonder how 'non-intrusive' acegi really is -_-...