Fruitsekta.ru

Мир ПК
0 просмотров
Рейтинг статьи
1 звезда2 звезды3 звезды4 звезды5 звезд
Загрузка...

Java security accesscontrolexception access denied

java.security.AccessControlException: access denied

Базовые технологии Java /

Другие технологии

21 янв 2010 17:43

Примеры не работают. Ниже привожу полный код примеров и описание размещения.

Интерфейс Compute и Task

реализация сервера engine

Запуск rmiregistry произвожу следующим образом:
c:Program FilesJavajdk1.6.0_11binrmiregistry.exe

Через TCPView проверяю наличие открытого порта
rmiregistry.exe:3392 TCP iw-d:1099 iw-d:0 LISTENING

Файлы проектов писла в нетбинс 6.8.

Перебросил compute.jar и engine.jar в папку
c:_testsv

Добавил в папку c:_testsv файл server.prolicy

Файл содержит следующий код:

Запуск файла сервера произвожу с помощью пакетного файла start_sv.bat находящегося тамже в c:_testsv

На экран вывод следующее:

Microsoft Windows XP [Версия 5.1.2600]
(С) Корпорация Майкрософт, 1985-2001.

c:_testsv>java -cp c:_testsvserver.policy;c:_testsvengine.jar;c:_test
svcompute.jar -Djava.rmi.server.codebase=file:/c:/_test/sv/compute.jar -Djava.r
mi.server.hostname=localhost -Djava.security.policy=server.policy engine.Compute
Engine
ComputeEngine exception:
java.security.AccessControlException: access denied (java.net.SocketPermission 1
27.0.0.1:1099 connect,resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket. (Unknown Source)
at java.net.Socket. (Unknown Source)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
ource)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.newCall(Unknown Source)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at engine.ComputeEngine.main(ComputeEngine.java:30)

При этом в TCPView проверяю и вижу строку:
java.exe:3928 TCP iw-d:2708 iw-d:0 LISTENING

Про клиента пока речь не идет — аналогичная ошибка. По искал на форуме — в какой то из тем предлагали добавить в файл политики:

21 янв 2010 17:48

21 янв 2010 18:20

пробовал в приложении оставлять

и запускать rmiregistry.exe 1099 и просто rmiregistry.exe в последнем случае он тоже слушает на порту 1099

запускал РМИРЕГИСТРИ на 1099 порту и в файле политики как раз прописывал — результат не менялся-ошибка прав доступа
permission java.net.SocketPermission «localhost:1099», «connect»;

Как то в начале я неправильно сформировал путь в файле политики — ругался — исправил. Сейчас только эта ошибка -аксесс денайд.

Изменен:21 янв 2010 15:58
21 янв 2010 18:52

Видимо сервер зарегистрировался
c:_testsv>start_sv.bat

c:_testsv>java -cp c:_testsvengine.jar;c:_testsvcompute.jar -Djava.rmi.
server.codebase=file:/c:/_test/sv/ -Djava.rmi.server.hostname=localhost -Djava.s
ecurity.policy=c:/_test/sv/server.policy engine.ComputeEngine
ComputeEngine bound

хотя среди сетевых соединений я не вижу, чтобы на порту 2707 что либо висело ЖО(

вот как у меня было и етсь на данный момент

причём, если запускаю
rmiregistry.exe 2707

а потом запускаю

java -cp c:_testsvengine.jar;c:_testsvcompute.jar -Djava.rmi.server.codebase=file:/c:/_test/sv/ -Djava.rmi.server.hostname=localhost -Djava.security.policy=c:/_test/sv/server.policy engine.ComputeEngine

получаю следующее
c:_testsv>start_sv.bat

c:_testsv>java -cp c:_testsvengine.jar;c:_testsvcompute.jar -Djava.rmi.
server.codebase=file:/c:/_test/sv/ -Djava.rmi.server.hostname=localhost -Djava.s
ecurity.policy=c:/_test/sv/server.policy engine.ComputeEngine
ComputeEngine exception:
java.rmi.server.ExportException: Port already in use: 2707; nested exception is:

java.net.BindException: Address already in use: JVM_Bind
at sun.rmi.transport.tcp.TCPTransport.listen(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.exportObject(Unknown Source)
at sun.rmi.transport.tcp.TCPEndpoint.exportObject(Unknown Source)
at sun.rmi.transport.LiveRef.exportObject(Unknown Source)
at sun.rmi.server.UnicastServerRef.exportObject(Unknown Source)
at sun.rmi.registry.RegistryImpl.setup(Unknown Source)
at sun.rmi.registry.RegistryImpl. (Unknown Source)
at java.rmi.registry.LocateRegistry.createRegistry(Unknown Source)
at engine.ComputeEngine.main(ComputeEngine.java:31)
Caused by: java.net.BindException: Address already in use: JVM_Bind
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(Unknown Source)
at java.net.ServerSocket.bind(Unknown Source)
at java.net.ServerSocket. (Unknown Source)
at java.net.ServerSocket. (Unknown Source)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createServerSocket(Unk
nown Source)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createServerSocket(Unk
nown Source)
at sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(Unknown Source)
. 9 more

вобщем то понятно, что программа ищет 2707 порт,который уже занят.
Но, почему же тогда оан не остается висеть сама, когда запускаю ее одну -тобиш серверную часть.

Кто в данном случае будет обрабатывать запросы клиентов.

java.security.AccessControlException: access denied («java.util.PropertyPermission» «user.home» «read») running under security manager, because JUnit forgot to use doPrivileged #1213

Comments

Copy link Quote reply

trejkaz commented Oct 22, 2015

If you perform actions which cause permission checks with the security manager (and you’re doing some action which is not exploitable by the caller), then you’re supposed to use doPrivileged.

BaseTestRunner in JUnit has this:

When running our test suite with the security manager enabled, we get a failure:

This occurs irrespective of the fact that our security policy allows reading any system property, because something further down the stack, i.e. something inside IDEA’s JUnit launcher (perhaps some dynamically-generated bytecode?) is «completely» untrustworthy and thus even the «grant to all code sources» section of the policy does not apply to it.

At the moment, our workaround for this is to give AllPermission to the IDEA installation, but this is not really satisfactory because every developer tends to install it in a different location depending on their own conventions, what platform they’re on, whether they have admin access on the box, etc.

If JUnit would add a doPrivileged block here (and to any other place where it seems appropriate) then we wouldn’t have to do this and our rule which says JUnit is completely trusted would be sufficient.

This comment has been minimized.

Copy link Quote reply

kcooney commented Oct 22, 2015

The tests being run by JUnit could very well make calls to get system properties (or other operations that involve security checks), so I suspect that changing this one place won’t solve your problems.

Why are you wanting all of your tests (and apparently IDEA) to run in a security manager?

This comment has been minimized.

Copy link Quote reply

trejkaz commented Oct 22, 2015

In the case of our own code and our own tests, we already use doPrivileged in any locations which I’m aware of. But even if we weren’t, we give our own code permission to read any system property.

Actually, we give JUnit the permission to read any system property as well, but because it isn’t using doPrivileged , callers further down the stack get checked as well, and apparently no matter what we put into the security policy, those ones can’t be marked as trusted.

We use the security manager to stop code (both libraries and our own code (since this is a testing framework, it seems reasonable to get extra checking for free where possible!) doing various things we don’t want them to do, but mostly to stop them writing data outside of where we tell them to or exiting the JVM (yeah, it has actually happened before. ) The former could theoretically be done by writing a custom NIO2 filesystem which wraps the real filesystem, but it would be a lot of work to make it support absolutely everything the real one supports. The latter is impossible to do any other way, at least as far as I am aware.

Читать еще:  База данных рекламное агентство access
Ссылка на основную публикацию
Adblock
detector