spring - 具有 Java 安全策略的嵌入式 Jetty

Question

我正在使用嵌入式码头。我的应用程序加载了外部战争。我想限制加载的 Web 应用程序可以执行的操作，因此我应用了 Java 安全策略。现在我的应用程序启动了，但是当我尝试启动已部署的 Web 应用程序时它崩溃了。战争被提取到 $JETTY_HOME/temp/${webapp}/webapp/

政策

grant codeBase "file:${jetty.appserver.homeDirectory}/app/-" {
    permission java.security.AllPermission; 

};

grant codeBase "file:${jetty.appserver.homeDirectory}/temp/-" {
    permission java.io.FilePermission "file:${jetty.appserver.homeDirectory}/temp/-", "read";
};

grant { 
    permission java.net.SocketPermission "*", "accept,resolve";
    permission java.io.FilePermission "${java.home}${/}-", "read";
    permission java.io.FilePermission "${jetty.appserver.homeDirectory}${/}-", "read";
    permission java.io.FilePermission "file:${jetty.appserver.homeDirectory}/temp/-", "read";
    permission java.io.FilePermission "/usr/lib/jvm/jdk1.6.0_25/lib/tools.jar", "read";
    permission java.util.PropertyPermission "*", "read";
    permission java.lang.RuntimePermission "getClassLoader";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.tools.*";

    permission java.lang.RuntimePermission "org.springframework.*";
};

例外

    2012-12-18 17:12:13.191: org.springframework.web.servlet.DispatcherServlet ERROR - Context initialization failed
java.lang.UnsupportedOperationException
    at org.springframework.core.env.ReadOnlySystemAttributesMap.keySet(ReadOnlySystemAttributesMap.java:88)
    at org.springframework.core.env.MapPropertySource.getPropertyNames(MapPropertySource.java:41)
    at org.springframework.core.env.EnumerablePropertySource.containsProperty(EnumerablePropertySource.java:70)
    at org.springframework.core.env.SystemEnvironmentPropertySource.resolvePropertyName(SystemEnvironmentPropertySource.java:109)
    at org.springframework.core.env.SystemEnvironmentPropertySource.getProperty(SystemEnvironmentPropertySource.java:90)
    at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:73)
    at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:59)
    at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:414)
    at org.springframework.core.env.AbstractEnvironment.doGetActiveProfiles(AbstractEnvironment.java:235)
    at org.springframework.core.env.AbstractEnvironment.getActiveProfiles(AbstractEnvironment.java:222)
    at org.springframework.core.env.AbstractEnvironment.merge(AbstractEnvironment.java:396)
    at org.springframework.context.support.AbstractApplicationContext.setParent(AbstractApplicationContext.java:392)
    at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:585)
    at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
    at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
    at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
    at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
    at javax.servlet.GenericServlet.init(GenericServlet.java:241)
    at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:463)
    at org.eclipse.jetty.servlet.ServletHolder.doStart(ServletHolder.java:283)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
    at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:770)
    at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
    at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1214)
    at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:676)
    at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:455)
    at mycompany.application.transport.jetty.appserver.WebAppContextWrapper.doStart(WebAppContextWrapper.java:64)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.startHandler(JettyAppServer.java:272)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:202)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:137)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
    at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
    at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
    at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360)
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
    at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
    at sun.rmi.transport.Transport$1.run(Transport.java:159)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)
2012-12-18 17:12:13.192: /b WARN - unavailable
java.lang.UnsupportedOperationException
    at org.springframework.core.env.ReadOnlySystemAttributesMap.keySet(ReadOnlySystemAttributesMap.java:88)
    at org.springframework.core.env.MapPropertySource.getPropertyNames(MapPropertySource.java:41)
    at org.springframework.core.env.EnumerablePropertySource.containsProperty(EnumerablePropertySource.java:70)
    at org.springframework.core.env.SystemEnvironmentPropertySource.resolvePropertyName(SystemEnvironmentPropertySource.java:109)
    at org.springframework.core.env.SystemEnvironmentPropertySource.getProperty(SystemEnvironmentPropertySource.java:90)
    at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:73)
    at org.springframework.core.env.PropertySourcesPropertyResolver.getProperty(PropertySourcesPropertyResolver.java:59)
    at org.springframework.core.env.AbstractEnvironment.getProperty(AbstractEnvironment.java:414)
    at org.springframework.core.env.AbstractEnvironment.doGetActiveProfiles(AbstractEnvironment.java:235)
    at org.springframework.core.env.AbstractEnvironment.getActiveProfiles(AbstractEnvironment.java:222)
    at org.springframework.core.env.AbstractEnvironment.merge(AbstractEnvironment.java:396)
    at org.springframework.context.support.AbstractApplicationContext.setParent(AbstractApplicationContext.java:392)
    at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:585)
    at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
    at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
    at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
    at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
    at javax.servlet.GenericServlet.init(GenericServlet.java:241)
    at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:463)
    at org.eclipse.jetty.servlet.ServletHolder.doStart(ServletHolder.java:283)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
    at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:770)
    at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
    at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1214)
    at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:676)
    at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:455)
    at mycompany.application.transport.jetty.appserver.WebAppContextWrapper.doStart(WebAppContextWrapper.java:64)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.startHandler(JettyAppServer.java:272)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:202)
    at mycompany.application.transport.jetty.appserver.JettyAppServer.deployWebApp(JettyAppServer.java:137)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:37)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:244)
    at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1074)
    at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:955)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427)
    at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265)
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360)
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
    at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
    at sun.rmi.transport.Transport$1.run(Transport.java:159)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)

Answer 1

在 Spring 3.1 版本中，您必须将这些上下文参数添加到您的环境中web.xml，才能在启用安全管理器的情况下启动。

<context-param>
   <param-name>spring.profiles.default</param-name>
   <param-value>default</param-value>
</context-param>
<context-param>
   <param-name>spring.profiles.active</param-name>
   <param-value>default</param-value>
</context-param>

Answer 2

感谢您的回复，但是我环顾四周后解决了这个错误。

生成异常是因为 spring 无法读取在此异常中不直接可见的 jvm 环境属性。但是一旦你添加了以下权限：

permission java.lang.RuntimePermission "getenv.*";

它将修复上述错误。