英文:
Java Security Exception still being thrown with java.security.AllPermission being set
问题
如果有人能帮我解决这个问题,你将会是我的救命恩人。
一些先决条件信息:
JDK = AdoptOpenJDK jdk-8.0.265.01-hotspot
JBOSS = 6.4.12.GA
那么,这是问题所在…… 最近,我的团队收到了一个要求,在我们的项目中启用Java安全管理器。因此,暂时我们启用了拥有所有权限的Java安全管理器。
这是我们的server.policy文件:
grant {
permission java.security.AllPermission "", "";
};
正如您所见,它非常简单,据我所理解,应该涵盖所有Java安全异常。我们知道该文件在起作用,因为没有设置这些权限,JBOSS甚至无法启动。然而,即使设置了这些权限,当尝试运行我们应用程序的某个特定部分时,我们仍然遇到了安全异常。
以下是代码(这不是确切的代码,但我试图传达相同的要点。如果有任何编译问题,请原谅):
List<ValidationResponse> responses = var.getSpecialObjects().parallelStream().map(specialObject -> {
ValidationResponse response = specialObjectService.validateSpecialObject(specialObject);
return response;
}).collect(Collectors.toList());
抛出的安全异常是 "Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")"。我以为授予了AllPermissions应该已经抑制了这个问题,但事实似乎并非如此。以下是完整的堆栈跟踪:
Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
...
正如您所见,异常在调用collect函数时抛出。有没有人以前遇到过这种情况?我们找到了一个类似于我们遇到问题的这个问题,但在实施解决方案时没有成功。
英文:
If anyone can help me out with this, you will be a life saver.
Some prerequisite information:
JDK = AdoptOpenJDK jdk-8.0.265.01-hotspot
JBOSS = 6.4.12.GA
So, here's the issue.... Recently my team received a requirement to enable Java Security Manager for our project. So for the time being we enable Java Security Manager with all permissions granted.
This is our server.policy file:
grant {
permission java.security.AllPermission "", "";
};
As you can see, it's pretty plain and as far as I understood should cover all java security exceptions. We know the file is working because JBOSS won't even start without these permissions being set. However, even with this being set we are running into a security exception when attempting to run a certain part of our application.
Here is the code (This isn't the exact code but I tried to get the same point across. Forgive me if there are any compilation issues):
List<ValidationResponse> responses = var.getSpecialObjects().parallelStream().map(specialObject -> {
ValidationResponse response = specialObjectService
.validateSpecialObject(specialObject);
return response;
}).collect(Collectors.toList());
The Security exception being thrown is "Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")". I was under the impression that granting AllPermissions should have suppressed this but that doesn't seem to be the case. Here is the full stacktrace:
Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_66]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_66]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_66]
at java.lang.reflect.Constructor.newInstance(Constructor.java:422) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinTask.getThrowableException(ForkJoinTask.java:593) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinTask.reportException(ForkJoinTask.java:677) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:735) [rt.jar:1.8.0_66]
at java.util.stream.ReduceOps$ReduceOp.evaluateParallel(ReduceOps.java:714) [rt.jar:1.8.0_66]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:233) [rt.jar:1.8.0_66]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) [rt.jar:1.8.0_66]
at com.X.X.X.X.X.X..SpecialObjectValidationService.validateSpecialObjectSave(SpecialObjectValidationService.java:223) [classes:]
at com.X.X.X.X.X.X.SpecialObjectValidationService.checkValidationForSaveAndActivate(SpecialObjectValidationService.java:357) [classes:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_66]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_66]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_66]
at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_66]
at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:375) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:86) [jboss-as-weld-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:97) [jboss-as-weld-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) [jboss-as-ejb3-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:93) [jboss-as-weld-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) [jboss-as-ejb3-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:279) [jboss-as-ejb3-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
... 53 more
Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:154) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:263) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.bean.proxy.EnterpriseBeanProxyMethodHandler.invoke(EnterpriseBeanProxyMethodHandler.java:115) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.bean.proxy.EnterpriseTargetBeanInstance.invoke(EnterpriseTargetBeanInstance.java:56) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at com.X.X.X.X.X.X.IRepository$224117240$Proxy$_$$_Weld$Proxy$.findSpecialObejctByName(ISpecialObjectRepo$224117240$Proxy$_$$_Weld$Proxy$.java) [classes:]
at com.X.X.X.X.X.X.SpecialObjectValidationService.lambda$1(SpecialObjectService.java:205) [classes:]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) [rt.jar:1.8.0_66]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374) [rt.jar:1.8.0_66]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) [rt.jar:1.8.0_66]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) [rt.jar:1.8.0_66]
at java.util.stream.ReduceOps$ReduceTask.doLeaf(ReduceOps.java:747) [rt.jar:1.8.0_66]
at java.util.stream.ReduceOps$ReduceTask.doLeaf(ReduceOps.java:721) [rt.jar:1.8.0_66]
at java.util.stream.AbstractTask.compute(AbstractTask.java:316) [rt.jar:1.8.0_66]
at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157) [rt.jar:1.8.0_66]
Caused by: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:65) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.util.reflection.SecureReflections.ensureAccessible(SecureReflections.java:283) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:267) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:52) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:137) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
... 18 more
As you can see the exception is being thrown when calling the collect function. Has anyone experienced this before? We found this question that looks similar to the problem we are seeing but we didn't have any luck when implementing the solutions.
专注分享java语言的经验与见解,让所有开发者获益!
评论