This discussion is archived
1 Reply Latest reply: Oct 5, 2011 11:27 AM by 856328 RSS

GF 3.1.1 - java.security.AccessControlException: access denied - server.log

856328 Newbie
Currently Being Moderated
I am upgrading an old NB4.1 produced JSP system that runs on Netscape iplanet to NB7.0.1 built JSP system running on Glassfish 3.1.1. I have four main files: login.html, login.jsp, ApplicationRmiConnection, and MenuManager.jsp . Three of four are working. The login.html is only a startup means to be sent to the login.jsp. The ApplicationRmiConnection is a servlet called by the login.jsp. It reads a properties file, establishes connection with the RMI and database (currently on the OLD system (Netscape iplanet)) which it does quite well. After the ApplicationRmiConnection is established and working the MenuManager.jsp . The first output from the MenuManager.jsp is a series of application.log calls for verification of data passed in from the successful ApplicationRmiConnection database read.

How does GF 3.1.1 loose AccessControl permissions to the server.log to which it is writing? All I am using is application.log statements and it coughs, chokes, and quits.

My output stacktrace is:

INFO: PWC1412: WebModule[null] ServletContext.log():ApplicationRmiConnect: getRealPath("/") = [C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\applications\MyApplication\]
INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: sParms - RMI Connect = com.company.rmi.ServerAppClientAdapter@19ca6bc
INFO: PWC1412: WebModule[null] ServletContext.log():MenuMgr: caught an Exception
WARNING: StandardWrapperValve[jsp]: PWC1406: Servlet.service() for servlet jsp threw exception
java.security.AccessControlException: access denied (java.io.FilePermission C:\Program Files\glassfish\glassfish-3.1\glassfish\domains\domain1\logs\server.log read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at com.sun.enterprise.server.logging.GFFileHandler.publish(GFFileHandler.java:676)
at java.util.logging.Logger.log(Logger.java:481)
at com.sun.logging.LogDomains$1.log(LogDomains.java:354)
at java.util.logging.Logger.doLog(Logger.java:503)
at java.util.logging.Logger.logp(Logger.java:619)
at com.sun.enterprise.web.logger.IASLogger.write(IASLogger.java:127)
at com.sun.enterprise.web.logger.LoggerBase.log(LoggerBase.java:190)
at com.sun.enterprise.web.logger.IASLogger.log(IASLogger.java:57)
at org.apache.catalina.core.StandardContext.log(StandardContext.java:6828)
at org.apache.catalina.core.ApplicationContext.log(ApplicationContext.java:449)
at org.apache.catalina.core.ApplicationContextFacade.log(ApplicationContextFacade.java:359)
at org.apache.jsp.MenuMgr_jsp._jspService(MenuMgr_jsp.java from :533)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:492)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:378)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1539)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
  • 1. Re: GF 3.1.1 - java.security.AccessControlException: access denied - server.log
    856328 Newbie
    Currently Being Moderated
    The problem area has been found. We need to know the best method to replace the two lines of code we commented out. Here is what we found.

    Glassfish 3.1.1 Security does not play well with old RMI security (JDK1.2 vintage). Furthermore, once the old RMI security has messed with the mind of GF3.1.1 security the GF security truly believes it has in some cases no permission to read its own server.log file.

    Here is the offending code commented out in the Server Client Adapter (client wrapper):

    Note: this is legacy rmi code. i.e. manually executed rmic on the appropriate classfiles as this was originally created for java 1.2.

    // if(System.getSecurityManager() == null)
    // System.setSecurityManager(new RMISecurityManager());

    remote = (com.davisco.rmi.ServerAppServantAdapter_Stub)Naming.lookup(stringbuffer.toString());

    A thank you goes out to www.velocityreviews.com/forums/t276590-access-denied-java-lang-runtimepermission-createsecuritymanager.html even if it is five years old.

    Again, this is using the original version of RMI. How do we re-implement the RMI Security Manager without offending GF 3.1.1 security?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points