Problem with SecurityManager
Posted: Mon Dec 14, 2020 1:21 pm
Hi,
I need to call another webservice from my custom framework which is currently not working. After changing the log level I found this error:
So far i failed to avoid this error.
According to https://www.oxygenxml.com/doc/versions/ ... nager.html I should be able to remove "-Djava.security.manager" (for Windows) but it is not there.
I also tried to modify the policy-files:
What do I have to do to I grant permission to the java standard class to load its configuration?
Thanks and regards,
Patrik
I need to call another webservice from my custom framework which is currently not working. After changing the log level I found this error:
Code: Select all
60477 DEBUG [ http-nio-8080-exec-1 ] ro.sync.security.manager.SandboxSecurityManager - Security permission exception: access denied ("java.security.AllPermission" "<all permissions>" "<all actions>")
java.security.AccessControlException: access denied ("java.security.AllPermission" "<all permissions>" "<all actions>")
at java.security.AccessControlContext.checkPermission(Unknown Source) ~[?:1.8.0_202]
at java.security.AccessController.checkPermission(Unknown Source) ~[?:1.8.0_202]
at java.lang.SecurityManager.checkPermission(Unknown Source) ~[?:1.8.0_202]
at ro.sync.security.manager.SandboxSecurityManager.checkPermissionInternal(SandboxSecurityManager.java:304) ~[oxygen-sandbox.jar:?]
at ro.sync.security.manager.SandboxSecurityManager.checkPermission(SandboxSecurityManager.java:255) ~[oxygen-sandbox.jar:?]
at sun.misc.URLClassPath.check(Unknown Source) ~[?:1.8.0_202]
at sun.misc.URLClassPath$JarLoader.checkResource(Unknown Source) ~[?:1.8.0_202]
at sun.misc.URLClassPath$JarLoader.getResource(Unknown Source) ~[?:1.8.0_202]
at sun.misc.URLClassPath.getResource(Unknown Source) ~[?:1.8.0_202]
at sun.misc.URLClassPath.getResource(Unknown Source) ~[?:1.8.0_202]
at java.lang.ClassLoader.getBootstrapResource(Unknown Source) ~[?:1.8.0_202]
at java.lang.ClassLoader.getResource(Unknown Source) ~[?:1.8.0_202]
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1271) ~[catalina.jar:9.0.31]
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1188) ~[catalina.jar:9.0.31]
at java.lang.ClassLoader.defineClass1(Native Method) ~[?:1.8.0_202]
at java.lang.ClassLoader.defineClass(Unknown Source) ~[?:1.8.0_202]
at java.security.SecureClassLoader.defineClass(Unknown Source) ~[?:1.8.0_202]
at org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:2419) ~[catalina.jar:9.0.31]
at org.apache.catalina.loader.WebappClassLoaderBase.findClass(WebappClassLoaderBase.java:865) ~[catalina.jar:9.0.31]
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1334) ~[catalina.jar:9.0.31]
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1188) ~[catalina.jar:9.0.31]
at java.lang.Class.getDeclaredMethods0(Native Method) ~[?:1.8.0_202]
at java.lang.Class.privateGetDeclaredMethods(Unknown Source) ~[?:1.8.0_202]
at java.lang.Class.privateGetMethodRecursive(Unknown Source) ~[?:1.8.0_202]
at java.lang.Class.getMethod0(Unknown Source) ~[?:1.8.0_202]
at java.lang.Class.getMethod(Unknown Source) ~[?:1.8.0_202]
at javax.xml.bind.ContextFinder.newInstance(Unknown Source) ~[?:1.8.0_202]
at javax.xml.bind.ContextFinder.newInstance(Unknown Source) ~[?:1.8.0_202]
at javax.xml.bind.ContextFinder.find(Unknown Source) ~[?:1.8.0_202]
at javax.xml.bind.JAXBContext.newInstance(Unknown Source) ~[?:1.8.0_202]
at javax.xml.bind.JAXBContext.newInstance(Unknown Source) ~[?:1.8.0_202]
at javax.xml.bind.JAXBContext.newInstance(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.assembler.MetroConfigLoader$3.run(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.assembler.MetroConfigLoader$3.run(Unknown Source) ~[?:1.8.0_202]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.assembler.MetroConfigLoader.createJAXBContext(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.assembler.MetroConfigLoader.loadMetroConfig(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.assembler.MetroConfigLoader.init(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.assembler.MetroConfigLoader.<init>(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.assembler.TubelineAssemblyController.getTubeCreators(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.assembler.MetroTubelineAssembler.createClient(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.client.Stub.createPipeline(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.client.Stub.<init>(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.client.Stub.<init>(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.client.Stub.<init>(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.client.sei.SEIStub.<init>(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.client.WSServiceDelegate.getStubHandler(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.client.WSServiceDelegate.createEndpointIFBaseProxy(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.client.WSServiceDelegate.getPort(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.client.WSServiceDelegate.getPort(Unknown Source) ~[?:1.8.0_202]
at com.sun.xml.internal.ws.client.WSServiceDelegate.getPort(Unknown Source) ~[?:1.8.0_202]
at javax.xml.ws.Service.getPort(Unknown Source) ~[?:1.8.0_202]
at de.tgic.gdv.itc.nutzerverwaltung._2_0.wsdl.NutzerVerwaltung_Service.getNutzerVerwaltungSOAP(NutzerVerwaltung_Service.java:68) ~[Ists-UserAgent-2.0-small.jar:?]
at de.gdv.ists.UserAgentSample.istsNutzerverwaltung.IstsNutzerverwaltungProvider.instantiateIstsServicePorts(IstsNutzerverwaltungProvider.java:131) ~[Ists-UserAgent-2.0-small.jar:?]
[...]
According to https://www.oxygenxml.com/doc/versions/ ... nager.html I should be able to remove "-Djava.security.manager" (for Windows) but it is not there.
I also tried to modify the policy-files:
- oXygen XML Web Author\jre\lib\security\java.policy
- oXygen XML Web Author\jre\lib\security\javaws.policy
- oXygen XML Web Author\tomcat\conf\catalina.policy
Code: Select all
grant {
permission java.security.AllPermission;
};
Thanks and regards,
Patrik