glassfish
  1. glassfish
  2. GLASSFISH-17748

Weld / JSF Is Not Working Without java.lang.reflect.ReflectPermission suppressAccessChecks

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Invalid
    • Affects Version/s: 3.1.1
    • Fix Version/s: None
    • Component/s: cdi
    • Labels:
      None
    • Environment:

      All

      Description

      Withdrawal of the permissions for JRuby:
      //JRuby security permissions
      grant codeBase "file:$

      {com.sun.aas.installRoot}

      /jruby/lib/-"{
      permission java.io.FilePermission "<<ALL FILES>>", "read";
      permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
      permission java.util.PropertyPermission "jruby.*", "read";
      permission java.lang.RuntimePermission "accessClassInPackage.*";
      permission java.lang.RuntimePermission "createClassLoader";
      permission java.lang.RuntimePermission "defineClassInPackage.*";
      permission java.lang.RuntimePermission "getClassLoader";
      permission java.lang.RuntimePermission "accessDeclaredMembers";
      permission java.lang.RuntimePermission "getenv.*";
      };

      breaks JSF and Weld:
      javax.el.ELException: /index.xhtml @11,62 value="#

      {index.location}

      ": java.lang.RuntimeException: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
      at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:114)
      at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:194)
      at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:182)
      at javax.faces.component.UIOutput.getValue(UIOutput.java:169)
      at com.sun.faces.renderkit.html_basic.HtmlBasicInputRenderer.getValue(HtmlBasicInputRenderer.java:205)
      at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.getCurrentValue(HtmlBasicRenderer.java:355)
      at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeEnd(HtmlBasicRenderer.java:164)
      at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:875)
      at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeRecursive(HtmlBasicRenderer.java:312)
      at com.sun.faces.renderkit.html_basic.GridRenderer.renderRow(GridRenderer.java:185)
      at com.sun.faces.renderkit.html_basic.GridRenderer.encodeChildren(GridRenderer.java:129)
      at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:845)
      at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1756)
      at javax.faces.render.Renderer.encodeChildren(Renderer.java:168)
      at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:845)
      at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1756)
      at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1759)
      at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1759)
      at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:401)
      at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:131)
      at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:288)
      at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:121)
      at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
      at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
      at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:323)
      at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:321)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
      at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:356)
      at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:212)
      at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1532)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
      at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
      at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
      at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
      at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
      at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
      at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
      at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
      at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
      at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
      at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
      at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
      at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
      at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
      at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
      at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
      at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
      at java.lang.Thread.run(Thread.java:680)
      Caused by: java.lang.RuntimeException: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)

      Expected behavior:

      In case reflection is needed for JSF EL and Weld (and it is), it should be added to the server.policy just granting the permission to the internal set of libraries. Right now it is not possible to remove this permission without breaking JSF + Weld.

        Issue Links

          Activity

          Hide
          Nithya Ramakrishnan added a comment -

          Could you please attach a test case with which you hit this error? We shall analyze the policy with that.

          Thanks
          Nithya

          Show
          Nithya Ramakrishnan added a comment - Could you please attach a test case with which you hit this error? We shall analyze the policy with that. Thanks Nithya
          Hide
          abien added a comment -

          Reproducer project (invoke with: localhost:8080/17748-reproducer/) and the server.policy WITHOUT the jruby settings attached

          Show
          abien added a comment - Reproducer project (invoke with: localhost:8080/17748-reproducer/) and the server.policy WITHOUT the jruby settings attached
          Hide
          Nithya Ramakrishnan added a comment -

          The error occurs even if the permission is present. Since the grant is only for jruby/lib/ which is non-existent in 3.1.2 (and it shall be removed), this error is independent of the grant that is specified in the issue (viz)

          grant codeBase "file:$

          {com.sun.aas.installRoot}

          /jruby/lib/-"

          { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }

          ;

          The actual stack trace is as follows: The solution is to have the Weld code provide a PriviledAction for setAccessible() :

          at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:125)
          at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:287)

          Transferring to the JSF team.

          java.lang.RuntimeException: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
          at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:65)
          at org.jboss.weld.util.reflection.SecureReflections.ensureAccessible(SecureReflections.java:282)
          at org.jboss.weld.introspector.jlr.WeldConstructorImpl.newInstance(WeldConstructorImpl.java:204)
          at org.jboss.weld.injection.ConstructorInjectionPoint.newInstance(ConstructorInjectionPoint.java:117)
          at org.jboss.weld.bean.ManagedBean.createInstance(ManagedBean.java:323)
          at org.jboss.weld.bean.ManagedBean$ManagedBeanInjectionTarget.produce(ManagedBean.java:195)
          at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:284)
          at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:107)
          at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:89)
          at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:79)
          at com.abien.gf.reproducer.Index$Proxy$$$_WeldClientProxy.getMessage(Index$Proxy$$$_WeldClientProxy.java)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          at java.lang.reflect.Method.invoke(Method.java:616)
          at javax.el.BeanELResolver.getValue(BeanELResolver.java:363)
          at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:176)
          at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:203)
          at com.sun.el.parser.AstValue.getValue(AstValue.java:116)
          at com.sun.el.parser.AstValue.getValue(AstValue.java:163)
          at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:219)
          at org.jboss.weld.el.WeldValueExpression.getValue(WeldValueExpression.java:50)
          at com.sun.faces.facelets.el.ELText$ELTextVariable.writeText(ELText.java:227)
          at com.sun.faces.facelets.el.ELText$ELTextComposite.writeText(ELText.java:150)
          at com.sun.faces.facelets.compiler.TextInstruction.write(TextInstruction.java:85)
          at com.sun.faces.facelets.compiler.UIInstructions.encodeBegin(UIInstructions.java:82)
          at com.sun.faces.facelets.compiler.UILeaf.encodeAll(UILeaf.java:183)
          at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760)
          at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760)
          at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:402)
          at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:131)
          at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:288)
          at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:121)
          at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
          at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
          at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          at java.lang.reflect.Method.invoke(Method.java:616)
          at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:323)
          at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:321)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
          at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:356)
          at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:212)
          at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1535)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
          at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
          at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
          at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
          at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
          at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
          at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:833)
          at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:730)
          at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1031)
          at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228)
          at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
          at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
          at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
          at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
          at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
          at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
          at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
          at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
          at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
          at java.lang.Thread.run(Thread.java:636)
          Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
          at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
          at java.security.AccessController.checkPermission(AccessController.java:553)
          at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
          at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:125)
          at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:287)
          at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:282)
          at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:52)
          at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:63)

          Show
          Nithya Ramakrishnan added a comment - The error occurs even if the permission is present. Since the grant is only for jruby/lib/ which is non-existent in 3.1.2 (and it shall be removed), this error is independent of the grant that is specified in the issue (viz) grant codeBase "file:$ {com.sun.aas.installRoot} /jruby/lib/-" { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; } ; The actual stack trace is as follows: The solution is to have the Weld code provide a PriviledAction for setAccessible() : at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:125) at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:287) Transferring to the JSF team. java.lang.RuntimeException: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:65) at org.jboss.weld.util.reflection.SecureReflections.ensureAccessible(SecureReflections.java:282) at org.jboss.weld.introspector.jlr.WeldConstructorImpl.newInstance(WeldConstructorImpl.java:204) at org.jboss.weld.injection.ConstructorInjectionPoint.newInstance(ConstructorInjectionPoint.java:117) at org.jboss.weld.bean.ManagedBean.createInstance(ManagedBean.java:323) at org.jboss.weld.bean.ManagedBean$ManagedBeanInjectionTarget.produce(ManagedBean.java:195) at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:284) at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:107) at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:89) at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:79) at com.abien.gf.reproducer.Index$Proxy$ $$_WeldClientProxy.getMessage(Index$Proxy$ $$_WeldClientProxy.java) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at javax.el.BeanELResolver.getValue(BeanELResolver.java:363) at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:176) at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:203) at com.sun.el.parser.AstValue.getValue(AstValue.java:116) at com.sun.el.parser.AstValue.getValue(AstValue.java:163) at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:219) at org.jboss.weld.el.WeldValueExpression.getValue(WeldValueExpression.java:50) at com.sun.faces.facelets.el.ELText$ELTextVariable.writeText(ELText.java:227) at com.sun.faces.facelets.el.ELText$ELTextComposite.writeText(ELText.java:150) at com.sun.faces.facelets.compiler.TextInstruction.write(TextInstruction.java:85) at com.sun.faces.facelets.compiler.UIInstructions.encodeBegin(UIInstructions.java:82) at com.sun.faces.facelets.compiler.UILeaf.encodeAll(UILeaf.java:183) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760) at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:402) at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:131) at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:288) at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:121) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:323) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:321) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:356) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:212) at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1535) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98) at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162) at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174) at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:833) at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:730) at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1031) at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228) at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90) at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79) at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54) at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59) at com.sun.grizzly.ContextTask.run(ContextTask.java:71) at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532) at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513) at java.lang.Thread.run(Thread.java:636) Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:125) at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:287) at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:282) at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:52) at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:63)
          Hide
          rogerk added a comment -

          Assign to Weld team for investigation.

          Show
          rogerk added a comment - Assign to Weld team for investigation.
          Hide
          Sivakumar Thyagarajan added a comment -

          This is related to the issue described at http://java.net/jira/browse/GLASSFISH-15078 and also release noted for 3.1 at http://docs.oracle.com/cd/E18930_01/html/821-2434/ggrvi.html#gkxca

          The issue can be fixed with the following workaround: Add a grant for the application alone as shown below, in server.policy:

          grant codebase "file:$

          {com.sun.aas.instanceRoot}

          /applications/17748-reproducer-1.0-SNAPSHOT/-"

          { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }

          ;

          Having this grant, and accessing the application at http://localhost:8080/17748-reproducer-1.0-SNAPSHOT/ gave me the following output:
          "It seems to work!"

          Marking this issue as invalid, as it is a known issue with workaround. Until a fix for WELD-32 comes, unfortunately the above workaround has to be release-noted.

          Show
          Sivakumar Thyagarajan added a comment - This is related to the issue described at http://java.net/jira/browse/GLASSFISH-15078 and also release noted for 3.1 at http://docs.oracle.com/cd/E18930_01/html/821-2434/ggrvi.html#gkxca The issue can be fixed with the following workaround: Add a grant for the application alone as shown below, in server.policy: grant codebase "file:$ {com.sun.aas.instanceRoot} /applications/17748-reproducer-1.0-SNAPSHOT/-" { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; } ; Having this grant, and accessing the application at http://localhost:8080/17748-reproducer-1.0-SNAPSHOT/ gave me the following output: "It seems to work!" Marking this issue as invalid, as it is a known issue with workaround. Until a fix for WELD-32 comes, unfortunately the above workaround has to be release-noted.

            People

            • Assignee:
              Sivakumar Thyagarajan
              Reporter:
              abien
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: