jugalps Posted May 31, 2010 Share Posted May 31, 2010 We have our application running on Websphere which is started with enforceJava2Security option and with JasperServer-Pro 3.7 deployed. I am running into the following security issue when trying to access a report from my application: [5/31/10 8:48:55:115 GMT] 0000009c SecurityManag W SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission.Please refer to InfoCenter for further information.Permission: suppressAccessChecks : access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)Code: Asset32History32Report32New_1275279220661_897596 in {repo:/}Stack Trace:java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) at java.security.AccessController.checkPermission(AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:214) at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107) at org.codehaus.groovy.reflection.CachedConstructor.<init>(CachedConstructor.java:32) at org.codehaus.groovy.reflection.CachedClass.getConstructors(CachedClass.java:237) at groovy.lang.MetaClassImpl.<init>(MetaClassImpl.java:115) at groovy.lang.MetaClassRegistry$MetaClassCreationHandle.createNormalMetaClass(MetaClassRegistry.java:102) at groovy.lang.MetaClassRegistry$MetaClassCreationHandle.create(MetaClassRegistry.java:92) at org.codehaus.groovy.runtime.metaclass.MetaClassRegistryImpl.<init>(MetaClassRegistryImpl.java:184) at org.codehaus.groovy.runtime.metaclass.MetaClassRegistryImpl.<init>(MetaClassRegistryImpl.java:145) at groovy.lang.GroovySystem.<clinit>(GroovySystem.java:27) at org.codehaus.groovy.runtime.InvokerHelper.<clinit>(InvokerHelper.java:46) at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeStaticMethodN(ScriptBytecodeAdapter.java:212) at Asset32History32Report32New_1275279220661_897596.<init>(calculator_Asset32History32Report32New_1275279220661_897596) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:501) at java.lang.Class.newInstance0(Class.java:350) at java.lang.Class.newInstance(Class.java:303) at net.sf.jasperreports.engine.design.JRAbstractJavaCompiler.loadEvaluator(JRAbstractJavaCompiler.java:98) at net.sf.jasperreports.engine.design.JRAbstractCompiler.loadEvaluator(JRAbstractCompiler.java:320) at net.sf.jasperreports.engine.JasperCompileManager.loadEvaluator(JasperCompileManager.java:240) at net.sf.jasperreports.engine.fill.JRFillDataset.createCalculator(JRFillDataset.java:416) at net.sf.jasperreports.engine.fill.JRFillDataset.createCalculator(JRFillDataset.java:406) at net.sf.jasperreports.engine.fill.JRParameterDefaultValuesEvaluator.evaluateParameterDefaultValues(JRParameterDefaultValuesEvaluator.java:63) at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl.getReportInputControlDefaultValues(EngineServiceImpl.java:1218) at com.jaspersoft.jasperserver.war.action.ReportParametersAction.createWrappers(ReportParametersAction.java:132) at com.jaspersoft.jasperserver.war.action.ViewReportAction.checkForParams(ViewReportAction.java:171) at com.jaspersoft.ji.report.options.actions.ReportOptionsViewAction.checkForParams(ReportOptionsViewAction.java:61) at com.savi.sc.jasperserver.adapter.ReportOptionsViewAction.checkForParams(ReportOptionsViewAction.java:43) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at org.springframework.webflow.action.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:98) at org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:123) at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:79) at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) at org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145) at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) at org.springframework.webflow.engine.State.enter(State.java:194) at org.springframework.webflow.engine.Flow.start(Flow.java:535) at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:364) at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222) at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) at org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:66) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at $Proxy126.launchExecution(Unknown Source) at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193) at org.springframework.webflow.mvc.servlet.FlowController.handleRequest(FlowController.java:174) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501) at javax.servlet.http.HttpServlet.service(HttpServlet.java:743) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1146) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1087) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145) at com.jaspersoft.jasperserver.war.common.UploadMultipartFilter.doFilter(UploadMultipartFilter.java:83) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378) at com.jaspersoft.jasperserver.war.security.JSSwitchUserProcessingFilter.doFilterHttp(JSSwitchUserProcessingFilter.java:146) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109) at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at com.jaspersoft.ji.license.JILicenseFilter.doFilter(JILicenseFilter.java:92) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at com.savi.sc.jasperserver.adapter.UserSessionProcessingFilter.doFilter(UserSessionProcessingFilter.java:200) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter.doFilter(MetadataAuthenticationProcessingFilter.java:139) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter.doFilter(RequestParameterAuthenticationFilter.java:97) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at com.savi.sc.jasperserver.adapter.AuthenticationAdaptingFilter.doFilter(AuthenticationAdaptingFilter.java:116) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175) at org.springframework.security.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:99) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130) at com.jaspersoft.jasperserver.war.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:67) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130) at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:848) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:691) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:588) at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:525) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3548) at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:269) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:831) at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478) at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:133) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387) at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102) at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:556) at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:606) at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:979) at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1064) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)I could that the above error occurs when the application is trying to access the /jasperserver-pro/flow.html?_flowId=viewReportFlow&reportOptionsURI=repo:/reports/amari/DR/x3&inputDlg=false&SAVI_TOKEN=dummy URI. Also the above issue only occurs for the first time I run the report.I have tried adding the following combination of policy in was.policy and server.policy file of websphere with no success: grant codeBase "repo:/" { permission java.lang.reflect.ReflectPermission "suppressAccessChecks";};grant codeBase "repo:/-" { permission java.lang.reflect.ReflectPermission "suppressAccessChecks";}; I would really appreciate if someone could throw light on this issue.Thanks,Jugal Link to comment Share on other sites More sharing options...
lucianc Posted June 11, 2010 Share Posted June 11, 2010 Report permissions are not read from the policy file (although we should do that, please log it as a feature request if you think it would be useful).Instead, the permissions are defined in JasperServer's Spring configuration files, via the reportsProtectionDomainProvider bean in applicationContext.xml to be more exact. That bean has a permissions property where you can add the required permissions.Regards,Lucian Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now