在服务器上部署Spring应用程序时,使用Nashorn启动时出现安全性错误

时间:2016-04-20 18:50:23

标签: java spring security nashorn

我有一个Spring Webapp,当我将它部署到我的生产服务器时会在启动时抛出一些令人困惑的错误(当我在本地运行时它们不会发生) - 这些错误似乎没有影响任何东西,所以这个问题是更多是出于好奇而不是真正需要帮助。

这是stacktrace:

20-Apr-2016 17:31:31.711 INFO [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoaderBase.loadClass Security Violation, attempt to use Restricted Class: jdk.internal.dynalink.support.messages_en_US
 java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.dynalink.support")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
    at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1268)
    at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1167)
    at java.util.ResourceBundle$Control.newBundle(ResourceBundle.java:2640)
    at java.util.ResourceBundle.loadBundle(ResourceBundle.java:1501)
    at java.util.ResourceBundle.findBundle(ResourceBundle.java:1465)
    at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:1361)
    at java.util.ResourceBundle.getBundle(ResourceBundle.java:1082)
    at java.util.logging.Logger.findResourceBundle(Logger.java:1879)
    at java.util.logging.Logger.setupResourceInfo(Logger.java:1940)
    at java.util.logging.Logger.<init>(Logger.java:380)
    at java.util.logging.LogManager.demandLogger(LogManager.java:554)
    at java.util.logging.Logger.demandLogger(Logger.java:455)
    at java.util.logging.Logger.getLogger(Logger.java:553)
    at jdk.internal.dynalink.support.Guards.<clinit>(Guards.java:101)
    at jdk.nashorn.internal.runtime.Undefined.<clinit>(Undefined.java:51)
    at jdk.nashorn.internal.runtime.JSType.<clinit>(JSType.java:263)
    at jdk.nashorn.internal.runtime.AccessorProperty.<clinit>(AccessorProperty.java:60)
    at jdk.nashorn.internal.objects.Global.$clinit$(Global.java)
    at jdk.nashorn.internal.objects.Global.<clinit>(Global.java:919)
    at jdk.nashorn.internal.runtime.Context.newGlobal(Context.java:1102)
    at jdk.nashorn.api.scripting.NashornScriptEngine$2.run(NashornScriptEngine.java:347)
    at jdk.nashorn.api.scripting.NashornScriptEngine$2.run(NashornScriptEngine.java:343)
    at java.security.AccessController.doPrivileged(Native Method)
    at jdk.nashorn.api.scripting.NashornScriptEngine.createNashornGlobal(NashornScriptEngine.java:343)
    at jdk.nashorn.api.scripting.NashornScriptEngine.<init>(NashornScriptEngine.java:143)
    at jdk.nashorn.api.scripting.NashornScriptEngineFactory.getScriptEngine(NashornScriptEngineFactory.java:148)
    at javax.script.ScriptEngineManager.getEngineByName(ScriptEngineManager.java:238)
    at com.my.applicationlib.security.ScriptSandbox.<init>(ScriptSandbox.java:60)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
    at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:89)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$4.run(AbstractAutowireCapableBeanFactory.java:1089)
    at java.security.AccessController.doPrivileged(Native Method)
    ...

相关代码如下:

@Service
public class ScriptSandbox {
    ScriptEngine _scriptEngine;
    AccessControlContext _accessControlContext;

    public ScriptSandbox() throws InstantiationException{
        ScriptEngineManager sem = new ScriptEngineManager();
        _scriptEngine = sem.getEngineByName("nashorn");//This error happens on this line.
        if (_scriptEngine==null){
            throw new InstantiationException("Could not load script engine: "+
                    "nashorn");
        }
        setPermissions(null);
   }
}

我无法在谷歌上发现相关信息,我见过的最多是我在java安全配置中需要的信息。我看起来像这样,所以我认为我有我需要的东西:

grant {permission java.security.AllPermission; permission java.lang.RuntimePermission;};

有什么想法吗?

编辑:此问题被标记为this question.的副本我不认为是由于以下原因:

当我在应用程序中稍后初始化nashorn它似乎工作时,它工作得很好。我只能从我所知道的bean定义中得到这个错误。不要认为它是一个签名问题,因为它只出现在bean的定义上。

此外,这个问题没有被接受的答案和很少的选票。这些问题中的任何一个都解决了这个问题吗?

1 个答案:

答案 0 :(得分:0)

对于它的价值,我以一种我并非超级高兴的方式解决了这个问题。由于我只在一个服务中使用它,所以我完全删除了服务注释,并调用@PostConstruct方法初始化它。我仍然想知道为什么在Spring的bean创建阶段这不起作用。

@Service
public class MyServiceThatUsesScriptSandbox(){
    private ScriptSandbox sandbox;
    @PostConstruct
    public void initSandbox(){
        sandbox = new ScriptSandbox();
    }
}
相关问题
最新问题