我尝试加入Java Security Manager以使用SpringSecurity(SS)进行投影。我的目标是:我的项目与SS一起工作,并将dataSource(db2数据库)作为身份验证管理器。我将ScriptManager(ScriptEngine)添加到项目中。现在我尝试设置项目的安全性,拒绝不受信任的代码。我使用NetBeans并在Tomcat(6.0.20)的属性中设置“使用安全管理器”。接下来,我编辑了{catalina.base} /conf/catalina.police。我添加了下一个“补助金”:
grant codeBase "file:${catalina.base}/webapps/myapp/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/lib/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/webapps/myapp/WEB-INF/classes/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${catalina.base}/work/Catalina/localhost/myapp/" {
permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtim e";
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
grant codeBase "file:${catalina.base}/webapps/myapp/-" {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.reflect.ReflectPermission "accessDeclaredMembers";
permission java.io.FilePermission "${catalina.home}${file.separator}myapp${file.sepa rator}*", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "*";
permission java.util.PropertyPermission "*", "read";
};
现在问题。当我在debuger下运行我的代码时,我得到下一个错误:
07.12.2010 2:06:02 org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
07.12.2010 2:06:04 org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListe ner
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.http.UserDeta ilsServiceInjectionBeanPostProcessor#0': Initialization of bean failed; nested exception is java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
.................................................
和tomcat out:
Using CATALINA_BASE: /home/user/.netbeans/6.8/apache-tomcat-6.0.20_base
Using CATALINA_HOME: /usr/local/apache-tomcat-6.0.20
Using CATALINA_TMPDIR: /home/user/.netbeans/6.8/apache-tomcat-6.0.20_base/temp
Using JRE_HOME: /usr/lib/jvm/java
Using Security Manager
Listening for transport dt_socket at address: 11555
07.12.2010 2:04:43 org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/../lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386/client:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/lib/i386:/usr/lib/jvm/java-1.6.0-sun-1.6.0.u11/jre/../lib/i386:/usr/lib/mpi/gcc/openmpi/lib:/usr/java/packages/lib/i386:/lib:/usr/lib
07.12.2010 2:04:43 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8084
07.12.2010 2:04:43 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-9443
07.12.2010 2:04:43 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1536 ms
07.12.2010 2:04:43 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
07.12.2010 2:04:43 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.20
07.12.2010 2:04:45 org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(/home/deniz/NetBeansProjects/opensee/build/web/WEB-INF/lib/servlet.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
07.12.2010 2:04:45 org.apache.juli.ClassLoaderLogManager readConfiguration
WARNING: Reading /home/deniz/NetBeansProjects/opensee/build/web/WEB-INF/classes/logging.properties is not permitted. See "per context logging" in the default catalina.policy file.
07.12.2010 2:04:45 org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "com.sun.faces.config.ConfigureListener" is already configured for this context. The duplicate definition has been ignored.
log4j:WARN No appenders could be found for logger (org.springframework.web.context.ContextLoader).
log4j:WARN Please initialize the log4j system properly.
07.12.2010 2:04:47 com.sun.faces.config.ConfigureListener contextInitialized
INFO: Initializing Mojarra 2.0.2 (FCS b10) for context '/opensee'
07.12.2010 2:04:47 org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
07.12.2010 2:04:47 org.apache.catalina.core.StandardContext start
SEVERE: Context [/opensee] startup failed due to previous errors
07.12.2010 2:04:47 com.sun.faces.config.ConfigureListener contextDestroyed
SEVERE: Unexpected exception when attempting to tear down the Mojarra runtime
java.lang.IllegalStateException: Application was not properly initialized at startup, could not find Factory: javax.faces.application.ApplicationFactory
at javax.faces.FactoryFinder$FactoryManager.getFactor y(FactoryFinder.java:804)
at javax.faces.FactoryFinder.getFactory(FactoryFinder .java:306)
at com.sun.faces.config.InitFacesContext.getApplicati on(InitFacesContext.java:104)
at com.sun.faces.config.ConfigureListener.contextDest royed(ConfigureListener.java:309)
at org.apache.catalina.core.StandardContext.listenerS top(StandardContext.java:3973)
at org.apache.catalina.core.StandardContext.stop(Stan dardContext.java:4577)
.................
此外,当我插入此授权时:
grant {
permission java.security.AllPermission;
};
一切都好。
操作系统:openSUSE 11.1 OpenJDK 1.6.0.0-b11
对于本教程使用的设置:http://www.mikeski.net/site/node/18
谢谢大家......