在 glassfish 2.1 中从 toplink 移动到 eclipselink 时出现安全异常

在 glassfish 2.1 中从 toplink 移动到 eclipselink 时出现安全异常

我的应用程序与 toplink 配合使用效果很好,但我需要一些 eclipselink 功能,所以我决定交换。

我将提供商更改persistence.xml为:

<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>

并添加了以下属性(虽然我不确定是否需要):

<property name="eclipselink.target-server" value="SunAS9"/>

我尝试过eclipselink.jar使用我的应用程序进行打包,也尝试过$GFHOME/lib通过 glassfish 管理界面将其放入并添加到类路径后缀中。无论我做什么,我都会得到:

Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException
Exception Description: Predeployment of PersistenceUnit [MYAPP] failed.
Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
javax.persistence.PersistenceException: Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException
Exception Description: Predeployment of PersistenceUnit [MYAPP] failed.
Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
        at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.predeploy(EntityManagerSetupImpl.java:878)
        at org.eclipse.persistence.jpa.PersistenceProvider.createContainerEntityManagerFactory(PersistenceProvider.java:216)
        at com.sun.enterprise.server.PersistenceUnitLoaderImpl.load(PersistenceUnitLoaderImpl.java:149)
        at com.sun.enterprise.server.PersistenceUnitLoaderImpl.load(PersistenceUnitLoaderImpl.java:84)
        at com.sun.enterprise.server.AbstractLoader.loadPersistenceUnits(AbstractLoader.java:895)
        at com.sun.enterprise.server.ApplicationLoader.doLoad(ApplicationLoader.java:184)
        at com.sun.enterprise.server.TomcatApplicationLoader.doLoad(TomcatApplicationLoader.java:126)
        <snip>
Caused by: Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException
Exception Description: Predeployment of PersistenceUnit [MYAPP] failed.
Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
        at org.eclipse.persistence.exceptions.EntityManagerSetupException.predeployFailed(EntityManagerSetupException.java:210)
        ... 82 more
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:594)
        at java.lang.ClassLoader.<init>(ClassLoader.java:202)
        at java.security.SecureClassLoader.<init>(SecureClassLoader.java:53)
        at com.sun.enterprise.loader.EJBClassLoader$DelegatingClassLoader.<init>(EJBClassLoader.java:1368)
        at com.sun.enterprise.loader.EJBClassLoader.copy(EJBClassLoader.java:384)
        at com.sun.enterprise.server.PersistenceUnitInfoImpl.getNewTempClassLoader(PersistenceUnitInfoImpl.java:216)
        at org.eclipse.persistence.platform.server.ServerPlatformBase.getNewTempClassLoader(ServerPlatformBase.java:477)
        at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.predeploy(EntityManagerSetupImpl.java:741)
        ... 81 more

并且应用程序未部署。

编辑 - 我尝试更改安全设置但遇到了另一个问题

我本来认为以下内容(已经在 server.policy 中)将允许 eclipselink.jar完全访问,但显然不是。

// Core server classes get all permissions by default
grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {
    permission java.security.AllPermission;
};

我添加了以下内容:

grant {
    permission java.security.AllPermission;
};

现在我得到:

WARNING: "IOP00810257: (MARSHAL) Could not load class org.eclipse.persistence.indirection.IndirectList"

在客户端

编辑我刚刚意识到的是GlassFish v2.1——让应用程序客户端和 Eclipselink 协同工作?并确保 jar 与应用程序捆绑在一起,它现在可以工作了。

答案1

根本原因是 GlassFish 在启用 SecurityManager 的情况下运行,而 EclipseLink 没有在 GlassFish V2 中运行所需的所有权限。TopLink Essentials 被赋予了 GlassFish 的特殊权限,要解决您的问题,只需将这些权限扩展到 EclipseLink。这博客详细介绍了如何配置 GlassFish 的安全策略。

--戈登

相关内容