aspose file tools*
The moose likes Security and the fly likes SecurityPermission getHttpRequestBase Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "SecurityPermission getHttpRequestBase" Watch "SecurityPermission getHttpRequestBase" New topic
Author

SecurityPermission getHttpRequestBase

suresh gonuguntla
Greenhorn

Joined: Feb 22, 2006
Posts: 11
I have a web application running on Sun Web Server 6.1 that invokes a method on Stateless session bean running on Weblogic Application Server 9.2
Session bean is able to process the client request and returns the response, but the client is not able to forward to another web page after getting the response. And i'm using wlclient.jar on the client side. It throws the following exception :

[11/Mar/2007:02:43:24] failure ( 3132): for host 192.168.24.151 trying to POST /cm/login.do;jsessionid=BD012795EE48986F8852D0C5B5AF0801, service-j2ee reports: ApplicationDispatcher[/cm] WEB2649: Servlet.service() for servlet jsp threw exception
java.security.AccessControlException: access denied (java.security.SecurityPermission getHttpRequestBase)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at org.apache.catalina.connector.HttpRequestFacade.getHttpRequestBase(HttpRequestFacade.java:257)
at org.apache.catalina.core.ApplicationDispatcher.getRequestBase(ApplicationDispatcher.java:1115)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:759)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:123)
at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:374)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1054)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:292)
at org.apache.struts.tiles.TilesRequestProcessor.processTilesDefinition(TilesRequestProcessor.java:268)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:329)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:229)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1858)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:579)

[11/Mar/2007:02:43:24] failure ( 3132): for host 192.168.24.151 trying to POST /cm/login.do;jsessionid=BD012795EE48986F8852D0C5B5AF0801, service-j2ee reports: StandardWrapperValve[action]: WEB2792: Servlet.service() for servlet action threw exception
java.security.AccessControlException: access denied (java.security.SecurityPermission getHttpRequestBase)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at org.apache.catalina.connector.HttpRequestFacade.getHttpRequestBase(HttpRequestFacade.java:257)
at org.apache.catalina.core.ApplicationDispatcher.getRequestBase(ApplicationDispatcher.java:1115)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:759)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:123)
at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:374)
at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1054)
at org.apache.struts.tiles.TilesRequestProcessor.doForward(TilesRequestProcessor.java:292)
at org.apache.struts.tiles.TilesRequestProcessor.processTilesDefinition(TilesRequestProcessor.java:268)
at org.apache.struts.tiles.TilesRequestProcessor.processForwardConfig(TilesRequestProcessor.java:329)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:229)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1858)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:157)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:579)

[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at java.lang.Class.newInstance0(Class.java:308)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at java.lang.Class.newInstance(Class.java:261)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at com.sun.corba.se.internal.iiop.messages.ReplyMessage_1_2.getSystemException(ReplyMessage_1_2.java:90)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at com.sun.corba.se.internal.iiop.ClientResponseImpl.getSystemException(ClientResponseImpl.java:105)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at com.sun.corba.se.internal.corba.ClientDelegate.invoke(ClientDelegate.java:314)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: at org.omg.CORBA.portable.ObjectImpl._invoke(ObjectImpl.java:457)
[11/Mar/2007:02:43:24] warning ( 3132): CORE3283: stderr: ... 18 more

I appreciate if anyone help me in resolving this issue.

Thanks
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Your server is running with the security manager turned ON.Read the server documentation to turn that off and this exception should be gone.But this is off course not the solution.


This is what I would have tried.

I would have put the code that is trying to forward stuff within

AccessController.doPrivileged() method and would have granted this class file the required permission using the java policy file .For knowing the location of the policy file that your server is using , you have to again read the documentation of the server.Grant the SecurityPermission to this class file(or to the jar containing this class file).
It should now be gone.
[ March 19, 2007: Message edited by: Rahul Bhattacharjee ]

Rahul Bhattacharjee
LinkedIn - Blog
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
You can refer the javadoc for code example as how to do this.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SecurityPermission getHttpRequestBase