File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes SecurityPermission getHttpRequestBase Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Engineering » Security
Reply Bookmark "SecurityPermission getHttpRequestBase" Watch "SecurityPermission getHttpRequestBase" New topic
Author

SecurityPermission getHttpRequestBase

suresh gonuguntla
Greenhorn

Joined: Feb 22, 2006
Posts: 11
posted private message
0
Quote
I have a web application running on Sun Web Server 6.1 that invokes a method on Stateless session bean running on Weblogic Application Server 9.2
Session bean is able to process the client request and returns the response, but the client is not able to forward to another web page after getting the response. And i'm using wlclient.jar on the client side. It throws the following exception :

[11/Mar/2007:02:43:24] failure ( 3132): for host 192.168.24.151 trying to POST /cm/login.do;jsessionid=BD012795EE48986F8852D0C5B5AF0801, service-j2ee reports: ApplicationDispatcher[/cm] WEB2649: Servlet.service() for servlet jsp threw exception
java.security.AccessControlException: access denied (java.security.SecurityPermission getHttpRequestBase)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at org.apache.catalina.connector.HttpRequestFacade.getHttpRequestBase(HttpRequestFacade.java:257)
at org.apache.catalina.core.ApplicationDispatcher.getRequestBase(ApplicationDispatcher.java:1115)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:759)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:123)
at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:374)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1054)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:292)
at org.apache.struts.tiles.TilesRequestProcessor.processTilesDefinition(TilesRequestProcessor.java:268)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:329)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:229)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1858)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:579)

[11/Mar/2007:02:43:24] failure ( 3132): for host 192.168.24.151 trying to POST /cm/login.do;jsessionid=BD012795EE48986F8852D0C5B5AF0801, service-j2ee reports: StandardWrapperValve[action]: WEB2792: Servlet.service() for servlet action threw exception
java.security.AccessControlException: access denied (java.security.SecurityPermission getHttpRequestBase)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at org.apache.catalina.connector.HttpRequestFacade.getHttpRequestBase(HttpRequestFacade.java:257)
at org.apache.catalina.core.ApplicationDispatcher.getRequestBase(ApplicationDispatcher.java:1115)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:759)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:123)
at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:374)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1054)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:292)
at org.apache.struts.tiles.TilesRequestProcessor.processTilesDefinition(TilesRequestProcessor.java:268)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:329)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:229)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1858)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:579)

[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at java.lang.Class.newInstance0(Class.java:308)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at java.lang.Class.newInstance(Class.java:261)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at com.sun.corba.se.internal.iiop.messages.ReplyMessage_1_2.getSystemException(ReplyMessage_1_2.java:90)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at com.sun.corba.se.internal.iiop.ClientResponseImpl.getSystemException(ClientResponseImpl.java:105)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at com.sun.corba.se.internal.corba.ClientDelegate.invoke(ClientDelegate.java:314)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:457)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: ... 18 more

I appreciate if anyone help me in resolving this issue.

Thanks
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2300
posted private message
0
Quote
Your server is running with the security manager turned ON.Read the server documentation to turn that off and this exception should be gone.But this is off course not the solution.


This is what I would have tried.

I would have put the code that is trying to forward stuff within

AccessController.doPrivileged() method and would have granted this class file the required permission using the java policy file .For knowing the location of the policy file that your server is using , you have to again read the documentation of the server.Grant the SecurityPermission to this class file(or to the jar containing this class file).
It should now be gone.
[ March 19, 2007: Message edited by: Rahul Bhattacharjee ]
Rahul Bhattacharjee
LinkedIn - Blog
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2300
posted private message
0
Quote
You can refer the javadoc for code example as how to do this.
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: SecurityPermission getHttpRequestBase
 
Similar Threads
java SecurityPermission getHttpRequestBase
Marshaling Exception
Marshaling Exception
SecurityPermission getHttpRequestBase
URGENT: jsp:include of servlet not working