1 Reply Latest reply: Oct 5, 2011 1:27 PM by 856328 RSS

    GF 3.1.1 - java.security.AccessControlException: access denied - server.log

    856328
      I am upgrading an old NB4.1 produced JSP system that runs on Netscape iplanet to NB7.0.1 built JSP system running on Glassfish 3.1.1. I have four main files: login.html, login.jsp, ApplicationRmiConnection, and MenuManager.jsp . Three of four are working. The login.html is only a startup means to be sent to the login.jsp. The ApplicationRmiConnection is a servlet called by the login.jsp. It reads a properties file, establishes connection with the RMI and database (currently on the OLD system (Netscape iplanet)) which it does quite well. After the ApplicationRmiConnection is established and working the MenuManager.jsp . The first output from the MenuManager.jsp is a series of application.log calls for verification of data passed in from the successful ApplicationRmiConnection database read.

      How does GF 3.1.1 loose AccessControl permissions to the server.log to which it is writing? All I am using is application.log statements and it coughs, chokes, and quits.

      My output stacktrace is:

      INFO: PWC1412: WebModule[null] ServletContext.log():ApplicationRmiConnect: getRealPath("/") = [C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\applications\MyApplication\]
      INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: sParms - RMI Connect = com.company.rmi.ServerAppClientAdapter@19ca6bc
      INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: caught an Exception
      WARNING: StandardWrapperValve[jsp]: PWC1406: Servlet.service() for servlet jsp threw exception
      java.security.AccessControlException: access denied (java.io.FilePermission C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\logs\server.log read)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
      at java.security.AccessController.checkPermission(AccessController.java:546)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
      at java.io.File.exists(File.java:731)
      at com.sun.enterprise.server.logging.GFFileHandler.publish(GFFileHandler.java:676)
      at java.util.logging.Logger.log(Logger.java:481)
      at com.sun.logging.LogDomains$1.log(LogDomains.java:354)
      at java.util.logging.Logger.doLog(Logger.java:503)
      at java.util.logging.Logger.logp(Logger.java:619)
      at com.sun.enterprise.web.logger.IASLogger.write(IASLogger.java:127)
      at com.sun.enterprise.web.logger.LoggerBase.log(LoggerBase.java:190)
      at com.sun.enterprise.web.logger.IASLogger.log(IASLogger.java:57)
      at org.apache.catalina.core.StandardContext.log(StandardContext.java:6828)
      at org.apache.catalina.core.ApplicationContext.log(ApplicationContext.java:449)
      at org.apache.catalina.core.ApplicationContextFacade.log(ApplicationContextFacade.java:359)
      at org.apache.jsp.MenuMgr_jsp._jspService(MenuMgr_jsp.java from :533)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:492)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:378)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
      at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1539)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
      at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
      at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
      at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
      at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
      at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
      at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
      at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
      at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
      at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
      at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
      at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
      at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
      at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
      at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
      at java.lang.Thread.run(Thread.java:662)
        • 1. Re: GF 3.1.1 - java.security.AccessControlException: access denied - server.log
          856328
          The problem area has been found. We need to know the best method to replace the two lines of code we commented out. Here is what we found.

          Glassfish 3.1.1 Security does not play well with old RMI security (JDK1.2 vintage). Furthermore, once the old RMI security has messed with the mind of GF3.1.1 security the GF security truly believes it has in some cases no permission to read its own server.log file.

          Here is the offending code commented out in the Server Client Adapter (client wrapper):

          Note: this is legacy rmi code. i.e. manually executed rmic on the appropriate classfiles as this was originally created for java 1.2.

          // if(System.getSecurityManager() == null)
          // System.setSecurityManager(new RMISecurityManager());

          remote = (com.davisco.rmi.ServerAppServantAdapter_Stub)Naming.lookup(stringbuffer.toString());

          A thank you goes out to www.velocityreviews.com/forums/t276590-access-denied-java-lang-runtimepermission-createsecuritymanager.html even if it is five years old.

          Again, this is using the original version of RMI. How do we re-implement the RMI Security Manager without offending GF 3.1.1 security?