Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SecurityPermission getHttpRequestBase

 
suresh gonuguntla
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a web application running on Sun Web Server 6.1 that invokes a method on Stateless session bean running on Weblogic Application Server 9.2
Session bean is able to process the client request and returns the response, but the client is not able to forward to another web page after getting the response. And i'm using wlclient.jar on the client side. It throws the following exception :

[11/Mar/2007:02:43:24] failure ( 3132): for host 192.168.24.151 trying to POST /cm/login.do;jsessionid=BD012795EE48986F8852D0C5B5AF0801, service-j2ee reports: ApplicationDispatcher[/cm] WEB2649: Servlet.service() for servlet jsp threw exception
java.security.AccessControlException: access denied (java.security.SecurityPermission getHttpRequestBase)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at org.apache.catalina.connector.HttpRequestFacade.getHttpRequestBase(HttpRequestFacade.java:257)
at org.apache.catalina.core.ApplicationDispatcher.getRequestBase(ApplicationDispatcher.java:1115)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:759)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:123)
at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:374)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1054)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:292)
at org.apache.struts.tiles.TilesRequestProcessor.processTilesDefinition(TilesRequestProcessor.java:268)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:329)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:229)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1858)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:579)

[11/Mar/2007:02:43:24] failure ( 3132): for host 192.168.24.151 trying to POST /cm/login.do;jsessionid=BD012795EE48986F8852D0C5B5AF0801, service-j2ee reports: StandardWrapperValve[action]: WEB2792: Servlet.service() for servlet action threw exception
java.security.AccessControlException: access denied (java.security.SecurityPermission getHttpRequestBase)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at org.apache.catalina.connector.HttpRequestFacade.getHttpRequestBase(HttpRequestFacade.java:257)
at org.apache.catalina.core.ApplicationDispatcher.getRequestBase(ApplicationDispatcher.java:1115)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:759)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:123)
at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:374)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1054)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:292)
at org.apache.struts.tiles.TilesRequestProcessor.processTilesDefinition(TilesRequestProcessor.java:268)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:329)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:229)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1858)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:579)

[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at java.lang.Class.newInstance0(Class.java:308)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at java.lang.Class.newInstance(Class.java:261)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at com.sun.corba.se.internal.iiop.messages.ReplyMessage_1_2.getSystemException(ReplyMessage_1_2.java:90)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at com.sun.corba.se.internal.iiop.ClientResponseImpl.getSystemException(ClientResponseImpl.java:105)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at com.sun.corba.se.internal.corba.ClientDelegate.invoke(ClientDelegate.java:314)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:457)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: ... 18 more

I appreciate if anyone help me in resolving this issue.

Thanks
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your server is running with the security manager turned ON.Read the server documentation to turn that off and this exception should be gone.But this is off course not the solution.


This is what I would have tried.

I would have put the code that is trying to forward stuff within

AccessController.doPrivileged() method and would have granted this class file the required permission using the java policy file .For knowing the location of the policy file that your server is using , you have to again read the documentation of the server.Grant the SecurityPermission to this class file(or to the jar containing this class file).
It should now be gone.
[ March 19, 2007: Message edited by: Rahul Bhattacharjee ]
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can refer the javadoc for code example as how to do this.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic