Uploaded image for project: 'JBRULES'
  1. JBRULES
  2. JBRULES-562

Security Permission problem in Websphere 6.1

    Details

      Description

      FROM STEVE'S EMAIL:

      ----------------------
      Hi all,
      We are using WebSphere 6.1 with java security switched on and get the following error when we attempt to run drools:

      Permission:

      \D:\WS_STAGE2\ec_ejb\bin\au\gov\vic\dse\lx\ec\Message.class : Access denied ( java.io.FilePermission \D:\WS_STAGE2\ec_ejb\bin\au\gov\vic\dse\lx\ec\Message.class read)

      Code:

      org.drools.base.au.gov.vic.dse.lx.ec.Message$getStatus in

      {null code URL}

      Stack Trace:

      java.security.AccessControlException : Access denied (java.io.FilePermission \D:\WS_STAGE2\ec_ejb\bin\au\gov\vic\dse\lx\ec\Message.class read)
      at java.security.AccessController.checkPermission(AccessController.java:104)
      at java.lang.SecurityManager.checkPermission (SecurityManager.java:547)
      at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
      at com.ibm.ws.classloader.SinglePathClassProvider.check(SinglePathClassProvider.java:444)
      at com.ibm.ws.classloader.SinglePathClassProvider.checkURL(SinglePathClassProvider.java:431)
      at com.ibm.ws.classloader.SinglePathClassProvider.getResource(SinglePathClassProvider.java:423)
      at com.ibm.ws.classloader.SinglePathClassProvider.getResourceAsStream(SinglePathClassProvider.java:458)
      at com.ibm.ws.classloader.CompoundClassLoader.localGetResourceAsStream(CompoundClassLoader.java:926)
      at com.ibm.ws.classloader.CompoundClassLoader.getResourceAsStream(CompoundClassLoader.java:887)
      at java.lang.Class.getResourceAsStream(Class.java:1124)
      at org.drools.util.asm.ClassFieldInspector.processClass (Unknown Source)
      at org.drools.util.asm.ClassFieldInspector.<init>(Unknown Source)
      at org.drools.base.BaseClassFieldExtractor.<init>(Unknown Source)
      at org.drools.base.au.gov.vic.dse.lx.ec.Message$getStatus .<init>(Unknown Source)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:67)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      at java.lang.reflect.Constructor.newInstance(Constructor.java:521)
      at org.drools.base.ClassFieldExtractorFactory.getClassFieldExtractor (Unknown Source)
      at org.drools.base.ClassFieldExtractor.init(Unknown Source)
      at org.drools.base.ClassFieldExtractor.<init>(Unknown Source)
      at org.drools.base.ClassFieldExtractorCache.getExtractor (Unknown Source)
      at org.drools.semantics.java.RuleBuilder.getFieldExtractor(Unknown Source)
      at org.drools.semantics.java.RuleBuilder.build(Unknown Source)
      at org.drools.semantics.java.RuleBuilder.build (Unknown Source)
      at org.drools.semantics.java.RuleBuilder.build(Unknown Source)
      at org.drools.semantics.java.RuleBuilder.build(Unknown Source)
      at org.drools.compiler.PackageBuilder.addRule (Unknown Source)
      at org.drools.compiler.PackageBuilder.addPackage(Unknown Source)
      at org.drools.compiler.PackageBuilder.addPackageFromDrl(Unknown Source)
      at au.gov.vic.dse.lx.ec.DroolsTest.readRule (DroolsTest.java:62)

      It looks to me like the drools generated Message class (org.drools.base.au.gov.vic.dse.lx.ec.Message) is failing when it attempts to access the application Message.class via its getStatus method. We have added java.security.AllPermission everywhere we can think of (was.policy, app.policy, library.policy, server.policy) and it still does not work.

      Has anybody got drools working in a WebSphere environment (any version) with java security turned on?

      I noticed that there used to be a problem with cglib where the generated classes did not get the same protection domain as the cglib.jar (http://jira.atlassian.com/browse/CONF-5955 , http://forum.hibernate.org/viewtopic.php?p=2190363). I know we are using ASM but maybe it also has a similar problem?

      thanks
      Steve

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                tirelli Edson Tirelli
                Reporter:
                tirelli Edson Tirelli
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: