ClassLoader/Security Manager Question

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ClassLoader/Security Manager Question

George Sexton-2
I'm trying to get my app to run under the security manager and I'm hitting
some problems.

I have class B, derived from class A, in Jar B in the WEB-INF/lib directory

Class A is in Jar A in the shared/lib directory.

I created an entry in the catalina.policy file:

grant codeBase "file:${catalina.base}/shared/-" {
        permission java.lang.RuntimePermission "accessClassInPackage.*";
        permission java.security.AllPermission;
};

When a method defined in Class A uses reflection to get the constructors for
Class B, the following error message happens:

01/20/2006 13:24:36 java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessDeclaredMembers)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
at java.lang.Class.checkMemberAccess(Class.java:2125)
at java.lang.Class.getDeclaredConstructor(Class.java:1952)

I've done some research and it seems like what I'm trying to do should work
if I specify accessClassInPackage. I've tried explicitly setting the class A
package in the accessClassInPackage statement but I'm not making any
headway.

I would rather not put Jar A in WEB-INF/lib because I have something like
100 contexts that all use that jar and I'm already hitting issues with
PermGenSpace. I also can't put Jar B in shared/lib because of design (or
lack thereof).

Does anyone have any ideas (other than the obvious one of putting Jar A in
WEB-INF/lib)?

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]