如何解决设置了java.security.AllPermission仍引发Java安全异常
如果有人可以帮助我解决这个问题,您将成为救生员。
一些先决条件信息:
JDK = AdoptOpenJDK jdk-8.0.265.01-hotspot
JBOSS = 6.4.12.GA
所以,这就是问题所在。...最近,我的团队收到了为我们的项目启用Java Security Manager的要求。因此,目前我们启用了Java Security Manager并授予了所有权限。
这是我们的server.policy文件:
grant {
permission java.security.AllPermission "","";
};
如您所见,它非常简单,据我所知应该涵盖所有Java安全异常。我们知道文件正在工作,因为如果没有设置这些权限,JBOSS甚至无法启动。但是,即使设置了此设置,我们在尝试运行应用程序的特定部分时仍会遇到安全异常。
这是代码(这不是确切的代码,但是我试图理解同一点。如果有任何编译问题,请原谅我):
List<ValidationResponse> responses = var.getSpecialObjects().parallelStream().map(specialObject -> {
ValidationResponse response = specialObjectService
.validateSpecialObject(specialObject);
return response;
}).collect(Collectors.toList());
抛出的安全异常是“引起原因:java.lang.RuntimeException:java.lang.RuntimeException:java.security.AccessControlException:拒绝访问(“ java.lang.reflect.ReflectPermission”“ suppressAccessChecks”)”。我的印象是,授予AllPermissions应该抑制了这种情况,但事实并非如此。这是完整的堆栈跟踪:
Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_66]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_66]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_66]
at java.lang.reflect.Constructor.newInstance(Constructor.java:422) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinTask.getThrowableException(ForkJoinTask.java:593) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinTask.reportException(ForkJoinTask.java:677) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:735) [rt.jar:1.8.0_66]
at java.util.stream.ReduceOps$ReduceOp.evaluateParallel(ReduceOps.java:714) [rt.jar:1.8.0_66]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:233) [rt.jar:1.8.0_66]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) [rt.jar:1.8.0_66]
at com.X.X.X.X.X.X..SpecialObjectValidationService.validateSpecialObjectSave(SpecialObjectValidationService.java:223) [classes:]
at com.X.X.X.X.X.X.SpecialObjectValidationService.checkValidationForSaveAndActivate(SpecialObjectValidationService.java:357) [classes:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_66]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_66]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_66]
at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_66]
at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:375) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:86) [jboss-as-weld-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:97) [jboss-as-weld-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) [jboss-as-ejb3-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:93) [jboss-as-weld-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) [jboss-as-ejb3-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.3.Final-redhat-1.jar:1.1.3.Final-redhat-1]
at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:279) [jboss-as-ejb3-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
... 53 more
Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:154) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:263) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.bean.proxy.EnterpriseBeanProxyMethodHandler.invoke(EnterpriseBeanProxyMethodHandler.java:115) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.bean.proxy.EnterpriseTargetBeanInstance.invoke(EnterpriseTargetBeanInstance.java:56) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:105) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at com.X.X.X.X.X.X.IRepository$224117240$Proxy$_$$_Weld$Proxy$.findSpecialObejctByName(ISpecialObjectRepo$224117240$Proxy$_$$_Weld$Proxy$.java) [classes:]
at com.X.X.X.X.X.X.SpecialObjectValidationService.lambda$1(SpecialObjectService.java:205) [classes:]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) [rt.jar:1.8.0_66]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374) [rt.jar:1.8.0_66]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) [rt.jar:1.8.0_66]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) [rt.jar:1.8.0_66]
at java.util.stream.ReduceOps$ReduceTask.doLeaf(ReduceOps.java:747) [rt.jar:1.8.0_66]
at java.util.stream.ReduceOps$ReduceTask.doLeaf(ReduceOps.java:721) [rt.jar:1.8.0_66]
at java.util.stream.AbstractTask.compute(AbstractTask.java:316) [rt.jar:1.8.0_66]
at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692) [rt.jar:1.8.0_66]
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157) [rt.jar:1.8.0_66]
Caused by: java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:65) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.util.reflection.SecureReflections.ensureAccessible(SecureReflections.java:283) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:267) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:52) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:137) [weld-core-1.1.33.Final-redhat-1.jar:1.1.33.Final-redhat-1]
... 18 more
如您所见,调用collect函数时会引发异常。有谁之前经历过这个吗?我们发现了this个问题,该问题看上去与我们看到的问题相似,但是在实施解决方案时没有任何运气。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。