每当我访问生产服务器上的受保护页面(Debian上的Glassfish 3.1.2.2)时,我都会收到以下错误:
java.net.MalformedURLException: access denied ("org.osgi.framework.AdminPermission" "(id=222)" "resolve,resource")
根据服务器日志(见下文),错误是关于拒绝访问,但我的登录脚本(使用JAAS)工作正常。
[#|2013-06-15T09:25:49.362-0400|INFO|glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=86;_ThreadName=Thread-2;|START OF PHASE RESTORE_VIEW 1|#]
[#|2013-06-15T09:25:49.368-0400|INFO|glassfish3.1.2|javax.enterprise.system.core.security|_ThreadID=86;_ThreadName=Thread-2;|JACC Policy Provider:Failed Permission Check: context (" BFjsf/BFjsf ") , permission (" ("org.osgi.framework.AdminPermission" "(id=222)" "resolve,resource") ") |#]
[#|2013-06-15T09:25:49.371-0400|INFO|glassfish3.1.2|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=86;_ThreadName=Thread-2;|END OF PHASE RESTORE_VIEW 1|#]
[#|2013-06-15T09:25:49.374-0400|WARNING|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=86;_ThreadName=Thread-2;|StandardWrapperValve[Faces Servlet]: PWC1406: Servlet.service() for servlet Faces Servlet threw exception
java.net.MalformedURLException: access denied ("org.osgi.framework.AdminPermission" "(id=222)" "resolve,resource")
at java.net.URL.<init>(URL.java:619)
at java.net.URL.<init>(URL.java:482)
让我感到惊讶的是,我的开发设置(Windows + Netbeans 7.3)上没有出现错误,但仅在具有有效SSL证书的在线服务器上发生错误。
每当我尝试访问具有安全约束的受保护页面时,或者换句话说,当浏览器中显示的地址位于/ pages / ...目录下时(JSF显示的地址始终为页面背后)
例如https://labottedefoin.org/BFjsf/pages/membres/Lister.xhtml?cid=1
在web.xml文件的安全性约束中定义:
<security-constraint>
<display-name>Authentification</display-name>
<web-resource-collection>
<web-resource-name>pages securisees</web-resource-name>
<url-pattern>/pages/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>usagers_actifs</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>Accueil securise</display-name>
<web-resource-collection>
<web-resource-name>accueil securise</web-resource-name>
<url-pattern>/accueil_secure.xhtml</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>BF_realm_config</realm-name>
</login-config>
<security-role>
<description>Rôle correspondant aux usagers ayant «membres_actifs» dans la colonne «groupes» de la table «membres_jaas_authen»</description>
<role-name>usagers_actifs</role-name>
</security-role>
我已经检查过〜/ glassfish / domains / domain1 / config / server.policy包含(默认情况下)osgi模块的授权:
// Felix classes get all permissions by default
grant codeBase "file:${com.sun.aas.installRoot}/osgi/felix/bin/-" {
permission java.security.AllPermission;
};
我试图添加所需的权限(如下所示),但它没有:
// Felix classes get all permissions by default
grant codeBase "file:${com.sun.aas.installRoot}/osgi/felix/bin/-" {
permission java.security.AllPermission;
permission org.osgi.framework.AdminPermission "(id=222)", "resolve,resource";
};
可能未在右侧部分或正确的文件中授予权限。
有人知道如何解决这个问题吗?提前谢谢。
答案 0 :(得分:0)
我终于通过在一般java.policy文件中添加权限来解决我的问题。
即,我添加了以下内容:
permission org.osgi.framework.AdminPermission "(id=222)", "resolve,resource";
在文件的末尾
/usr/lib/jvm/jdk1.7.0_21/jre/lib/security/java.policy