Glassfish
在 glassfish 2.1 中從 toplink 移動到 eclipselink 時出現安全異常
我的應用程序在 toplink 上執行良好,但我需要一些 eclipselink 功能,所以我決定交換。
我將提供者更改
persistence.xml
為:<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
並添加了以下屬性(儘管我不確定是否需要):
<property name="eclipselink.target-server" value="SunAS9"/>
我已經嘗試
eclipselink.jar
用我的應用程序打包,我已經嘗試$GFHOME/lib
通過 glassfish 管理 ui 將其放入並添加到類路徑後綴中。無論我做什麼,我都會得到:Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException Exception Description: Predeployment of PersistenceUnit [MYAPP] failed. Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader) javax.persistence.PersistenceException: Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException Exception Description: Predeployment of PersistenceUnit [MYAPP] failed. Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader) at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.predeploy(EntityManagerSetupImpl.java:878) at org.eclipse.persistence.jpa.PersistenceProvider.createContainerEntityManagerFactory(PersistenceProvider.java:216) at com.sun.enterprise.server.PersistenceUnitLoaderImpl.load(PersistenceUnitLoaderImpl.java:149) at com.sun.enterprise.server.PersistenceUnitLoaderImpl.load(PersistenceUnitLoaderImpl.java:84) at com.sun.enterprise.server.AbstractLoader.loadPersistenceUnits(AbstractLoader.java:895) at com.sun.enterprise.server.ApplicationLoader.doLoad(ApplicationLoader.java:184) at com.sun.enterprise.server.TomcatApplicationLoader.doLoad(TomcatApplicationLoader.java:126) <snip> Caused by: Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException Exception Description: Predeployment of PersistenceUnit [MYAPP] failed. Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader) at org.eclipse.persistence.exceptions.EntityManagerSetupException.predeployFailed(EntityManagerSetupException.java:210) ... 82 more Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:594) at java.lang.ClassLoader.<init>(ClassLoader.java:202) at java.security.SecureClassLoader.<init>(SecureClassLoader.java:53) at com.sun.enterprise.loader.EJBClassLoader$DelegatingClassLoader.<init>(EJBClassLoader.java:1368) at com.sun.enterprise.loader.EJBClassLoader.copy(EJBClassLoader.java:384) at com.sun.enterprise.server.PersistenceUnitInfoImpl.getNewTempClassLoader(PersistenceUnitInfoImpl.java:216) at org.eclipse.persistence.platform.server.ServerPlatformBase.getNewTempClassLoader(ServerPlatformBase.java:477) at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.predeploy(EntityManagerSetupImpl.java:741) ... 81 more
並且該應用程序未部署。
編輯 - 我嘗試更改為安全設置,但遇到了另一個問題
我會認為以下(已經在 server.policy 中)允許
eclipselink.jar
完全訪問,但顯然不是。// Core server classes get all permissions by default grant codeBase "file:${com.sun.aas.installRoot}/lib/-" { permission java.security.AllPermission; };
我添加了以下內容:
grant { permission java.security.AllPermission; };
現在我得到:
WARNING: "IOP00810257: (MARSHAL) Could not load class org.eclipse.persistence.indirection.IndirectList"
在客戶端
我剛剛意識到的編輯是GlassFish v2.1——讓 Application Client 和 Eclipselink 一起工作?並確保 jar 與應用程序捆綁在一起,它現在可以工作了。
根本原因是 GlassFish 在啟用了 SecurityManager 的情況下執行,而 EclipseLink 沒有在 GlassFish V2 中執行所需的所有權限。TopLink Essentials 獲得了 GlassFish 的特殊權限,要解決您的問題,只需將這些權限擴展到 EclipseLink。此部落格詳細介紹瞭如何為 GlassFish 配置安全策略。
——戈登