Glassfish

在 glassfish 2.1 中從 toplink 移動到 eclipselink 時出現安全異常

  • July 26, 2012

我的應用程序在 toplink 上執行良好,但我需要一些 eclipselink 功能,所以我決定交換。

我將提供者更改persistence.xml為:

<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>

並添加了以下屬性(儘管我不確定是否需要):

<property name="eclipselink.target-server" value="SunAS9"/>

我已經嘗試eclipselink.jar用我的應用程序打包,我已經嘗試$GFHOME/lib通過 glassfish 管理 ui 將其放入並添加到類路徑後綴中。無論我做什麼,我都會得到:

Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException
Exception Description: Predeployment of PersistenceUnit [MYAPP] failed.
Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
javax.persistence.PersistenceException: Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException
Exception Description: Predeployment of PersistenceUnit [MYAPP] failed.
Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
       at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.predeploy(EntityManagerSetupImpl.java:878)
       at org.eclipse.persistence.jpa.PersistenceProvider.createContainerEntityManagerFactory(PersistenceProvider.java:216)
       at com.sun.enterprise.server.PersistenceUnitLoaderImpl.load(PersistenceUnitLoaderImpl.java:149)
       at com.sun.enterprise.server.PersistenceUnitLoaderImpl.load(PersistenceUnitLoaderImpl.java:84)
       at com.sun.enterprise.server.AbstractLoader.loadPersistenceUnits(AbstractLoader.java:895)
       at com.sun.enterprise.server.ApplicationLoader.doLoad(ApplicationLoader.java:184)
       at com.sun.enterprise.server.TomcatApplicationLoader.doLoad(TomcatApplicationLoader.java:126)
       <snip>
Caused by: Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException
Exception Description: Predeployment of PersistenceUnit [MYAPP] failed.
Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
       at org.eclipse.persistence.exceptions.EntityManagerSetupException.predeployFailed(EntityManagerSetupException.java:210)
       ... 82 more
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
       at java.security.AccessController.checkPermission(AccessController.java:546)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:594)
       at java.lang.ClassLoader.<init>(ClassLoader.java:202)
       at java.security.SecureClassLoader.<init>(SecureClassLoader.java:53)
       at com.sun.enterprise.loader.EJBClassLoader$DelegatingClassLoader.<init>(EJBClassLoader.java:1368)
       at com.sun.enterprise.loader.EJBClassLoader.copy(EJBClassLoader.java:384)
       at com.sun.enterprise.server.PersistenceUnitInfoImpl.getNewTempClassLoader(PersistenceUnitInfoImpl.java:216)
       at org.eclipse.persistence.platform.server.ServerPlatformBase.getNewTempClassLoader(ServerPlatformBase.java:477)
       at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.predeploy(EntityManagerSetupImpl.java:741)
       ... 81 more

並且該應用程序未部署。

編輯 - 我嘗試更改為安全設置,但遇到了另一個問題

我會認為以下(已經在 server.policy 中)允許 eclipselink.jar完全訪問,但顯然不是。

// Core server classes get all permissions by default
grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {
   permission java.security.AllPermission;
};

我添加了以下內容:

grant {
   permission java.security.AllPermission;
};

現在我得到:

WARNING: "IOP00810257: (MARSHAL) Could not load class org.eclipse.persistence.indirection.IndirectList"

在客戶端

我剛剛意識到的編輯是GlassFish v2.1——讓 Application Client 和 Eclipselink 一起工作?並確保 jar 與應用程序捆綁在一起,它現在可以工作了。

根本原因是 GlassFish 在啟用了 SecurityManager 的情況下執行,而 EclipseLink 沒有在 GlassFish V2 中執行所需的所有權限。TopLink Essentials 獲得了 GlassFish 的特殊權限,要解決您的問題,只需將這些權限擴展到 EclipseLink。此部落格詳細介紹瞭如何為 GlassFish 配置安全策略。

——戈登

引用自:https://serverfault.com/questions/74452