1. 技术文章
  2. java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)

java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)

不羁的心 提交于 2019-12-10 10:53:36

问题


I'm trying to port an application using Weld 1.1.8 to Google App Engine. I'm using a listener in web.xml to bootstrap Weld:

<listener>
  <listener-class>org.jboss.weld.environment.servlet.Listener</listener-class>
</listener>

The application starts fine on a regular Jetty 7. But upon bootstrapping on GAE, things go wrong:

com.google.common.collect.ComputationException: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
    at com.google.common.collect.ComputingConcurrentHashMap$ComputingMapAdapter.get(ComputingConcurrentHashMap.java:397)
    at org.jboss.weld.resources.ClassTransformer.loadClass(ClassTransformer.java:163)
    at org.jboss.weld.bootstrap.BeanDeployer.loadWeldClass(BeanDeployer.java:108)
    at org.jboss.weld.bootstrap.BeanDeployer.addClass(BeanDeployer.java:79)
    at org.jboss.weld.bootstrap.BeanDeployer.addClasses(BeanDeployer.java:123)
    at org.jboss.weld.bootstrap.BeanDeployment.createBeans(BeanDeployment.java:184)
    at org.jboss.weld.bootstrap.WeldBootstrap.deployBeans(WeldBootstrap.java:350)
    at org.jboss.weld.environment.servlet.Listener.contextInitialized(Listener.java:182)
    at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
    at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
    at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
    at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
    at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
    at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:202)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:171)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:123)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:446)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:449)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:455)
    at com.google.tracing.TraceContext.runInContext(TraceContext.java:695)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:333)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:325)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:453)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:251)
    at java.lang.Thread.run(Thread.java:679)
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:355)
    at java.security.AccessController.checkPermission(AccessController.java:567)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:56)
    at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1679)
    at java.lang.Class.checkMemberAccess(Class.java:2174)
    at java.lang.Class.getDeclaredMethods(Class.java:1807)
    at java.lang.Class.getEnclosingMethod(Class.java:919)
    at sun.reflect.generics.scope.ClassScope.computeEnclosingScope(ClassScope.java:50)
    at sun.reflect.generics.scope.AbstractScope.getEnclosingScope(AbstractScope.java:74)
    at sun.reflect.generics.scope.AbstractScope.lookup(AbstractScope.java:90)
    at sun.reflect.generics.scope.AbstractScope.lookup(AbstractScope.java:90)
    at sun.reflect.generics.factory.CoreReflectionFactory.findTypeVariable(CoreReflectionFactory.java:109)
    at sun.reflect.generics.visitor.Reifier.visitTypeVariableSignature(Reifier.java:165)
    at sun.reflect.generics.tree.TypeVariableSignature.accept(TypeVariableSignature.java:43)
    at sun.reflect.generics.repository.MethodRepository.getReturnType(MethodRepository.java:68)
    at java.lang.reflect.Method.getGenericReturnType(Method.java:254)
    at org.jboss.weld.introspector.jlr.WeldMethodImpl.of(WeldMethodImpl.java:70)
    at org.jboss.weld.introspector.jlr.WeldClassImpl.<init>(WeldClassImpl.java:235)
    at org.jboss.weld.introspector.jlr.WeldClassImpl.of(WeldClassImpl.java:119)
    at org.jboss.weld.resources.ClassTransformer$TransformTypeToWeldClass.apply(ClassTransformer.java:59)
    at org.jboss.weld.resources.ClassTransformer$TransformTypeToWeldClass.apply(ClassTransformer.java:50)
    at com.google.common.collect.ComputingConcurrentHashMap$ComputingValueReference.compute(ComputingConcurrentHashMap.java:355)
    at com.google.common.collect.ComputingConcurrentHashMap$ComputingSegment.compute(ComputingConcurrentHashMap.java:184)
    at com.google.common.collect.ComputingConcurrentHashMap$ComputingSegment.getOrCompute(ComputingConcurrentHashMap.java:153)
    at com.google.common.collect.ComputingConcurrentHashMap.getOrCompute(ComputingConcurrentHashMap.java:69)
    at com.google.common.collect.ComputingConcurrentHashMap$ComputingMapAdapter.get(ComputingConcurrentHashMap.java:393)
    ... 25 more

I tried using older versions of Weld down to 1.1.0 to no avail. Any clues on how to troubleshoot an issue like this?


回答1:


You've run into a Sandbox restriction.

In particular, the WeldClassImpl constructor traverses up the annotated class's hierarchy calling WeldMethodImpl.of() for every method: if the class in question extends a JRE or API class, then the sandbox will deny access to non-public methods; if the does class not belong to the application, the sandbox will deny all access altogether. I think you'll need the full stacktrace to identify which it is in this case.

As stated in the documentation:

Reflection

An application is allowed full, unrestricted, reflective access to its own classes. It may query any private members, use java.lang.reflect.AccessibleObject.setAccessible(), and read/set private members.

An application can also also reflect on JRE and API classes, such as java.lang.String and javax.servlet.http.HttpServletRequest. However, it can only access public members of these classes, not protected or private.

An application cannot reflect against any other classes not belonging to itself, and it can not use the setAccessible() method to circumvent these restrictions.




回答2:


Seems that an anonymous guava Function was the cause.



来源:https://stackoverflow.com/questions/10674142/java-security-accesscontrolexception-access-denied-java-lang-runtimepermission

标签
google-app-engine
resteasy
jboss-weld
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!