Jump to content

Security exception while running report


jugalps

Recommended Posts

We have our application running on Websphere which is started with enforceJava2Security option and with JasperServer-Pro 3.7 deployed. I am running into the following security issue when trying to access a report from my application:

 

[5/31/10 8:48:55:115 GMT] 0000009c SecurityManag W   SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission.

Please refer to InfoCenter for further information.

Permission:


      suppressAccessChecks : access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)

Code:

     Asset32History32Report32New_1275279220661_897596  in  {repo:/}

Stack Trace:


java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)

        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)

        at java.security.AccessController.checkPermission(AccessController.java:427)

        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

        at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:214)

        at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)

        at org.codehaus.groovy.reflection.CachedConstructor.<init>(CachedConstructor.java:32)

        at org.codehaus.groovy.reflection.CachedClass.getConstructors(CachedClass.java:237)

        at groovy.lang.MetaClassImpl.<init>(MetaClassImpl.java:115)

        at groovy.lang.MetaClassRegistry$MetaClassCreationHandle.createNormalMetaClass(MetaClassRegistry.java:102)

        at groovy.lang.MetaClassRegistry$MetaClassCreationHandle.create(MetaClassRegistry.java:92)

        at org.codehaus.groovy.runtime.metaclass.MetaClassRegistryImpl.<init>(MetaClassRegistryImpl.java:184)

        at org.codehaus.groovy.runtime.metaclass.MetaClassRegistryImpl.<init>(MetaClassRegistryImpl.java:145)

        at groovy.lang.GroovySystem.<clinit>(GroovySystem.java:27)

        at org.codehaus.groovy.runtime.InvokerHelper.<clinit>(InvokerHelper.java:46)

        at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeStaticMethodN(ScriptBytecodeAdapter.java:212)

        at Asset32History32Report32New_1275279220661_897596.<init>(calculator_Asset32History32Report32New_1275279220661_897596)

        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)

        at java.lang.reflect.Constructor.newInstance(Constructor.java:501)

        at java.lang.Class.newInstance0(Class.java:350)

        at java.lang.Class.newInstance(Class.java:303)

        at net.sf.jasperreports.engine.design.JRAbstractJavaCompiler.loadEvaluator(JRAbstractJavaCompiler.java:98)

        at net.sf.jasperreports.engine.design.JRAbstractCompiler.loadEvaluator(JRAbstractCompiler.java:320)

        at net.sf.jasperreports.engine.JasperCompileManager.loadEvaluator(JasperCompileManager.java:240)

        at net.sf.jasperreports.engine.fill.JRFillDataset.createCalculator(JRFillDataset.java:416)

        at net.sf.jasperreports.engine.fill.JRFillDataset.createCalculator(JRFillDataset.java:406)

        at net.sf.jasperreports.engine.fill.JRParameterDefaultValuesEvaluator.evaluateParameterDefaultValues(JRParameterDefaultValuesEvaluator.java:63)

        at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl.getReportInputControlDefaultValues(EngineServiceImpl.java:1218)

        at com.jaspersoft.jasperserver.war.action.ReportParametersAction.createWrappers(ReportParametersAction.java:132)

        at com.jaspersoft.jasperserver.war.action.ViewReportAction.checkForParams(ViewReportAction.java:171)

        at com.jaspersoft.ji.report.options.actions.ReportOptionsViewAction.checkForParams(ReportOptionsViewAction.java:61)

        at com.savi.sc.jasperserver.adapter.ReportOptionsViewAction.checkForParams(ReportOptionsViewAction.java:43)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

        at java.lang.reflect.Method.invoke(Method.java:592)

        at org.springframework.webflow.action.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:98)

        at org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:123)

        at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)

        at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)

        at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:79)

        at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188)

        at org.springframework.webflow.execution.AnnotatedAction.execute(AnnotatedAction.java:145)

        at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51)

        at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101)

        at org.springframework.webflow.engine.State.enter(State.java:194)

        at org.springframework.webflow.engine.Flow.start(Flow.java:535)

        at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:364)

        at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222)

        at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

        at java.lang.reflect.Method.invoke(Method.java:592)

        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)

        at org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:66)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)

        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)

        at $Proxy126.launchExecution(Unknown Source)

        at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)

        at org.springframework.webflow.mvc.servlet.FlowController.handleRequest(FlowController.java:174)

        at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)

        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)

        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)

        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)

        at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)

        at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1146)

        at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1087)

        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)

        at com.jaspersoft.jasperserver.war.common.UploadMultipartFilter.doFilter(UploadMultipartFilter.java:83)

        at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)

        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)

        at com.jaspersoft.jasperserver.war.security.JSSwitchUserProcessingFilter.doFilterHttp(JSSwitchUserProcessingFilter.java:146)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)

        at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at com.jaspersoft.ji.license.JILicenseFilter.doFilter(JILicenseFilter.java:92)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at com.savi.sc.jasperserver.adapter.UserSessionProcessingFilter.doFilter(UserSessionProcessingFilter.java:200)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter.doFilter(MetadataAuthenticationProcessingFilter.java:139)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter.doFilter(RequestParameterAuthenticationFilter.java:97)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at com.savi.sc.jasperserver.adapter.AuthenticationAdaptingFilter.doFilter(AuthenticationAdaptingFilter.java:116)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)

        at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)

        at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390)

        at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)

        at org.springframework.security.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:99)

        at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)

        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)

        at com.jaspersoft.jasperserver.war.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:67)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

        at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)

        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)

        at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)

        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:848)

        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:691)

        at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:588)

        at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:525)

        at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3548)

        at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:269)

        at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:831)

        at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478)

        at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:133)

        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)

        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)

        at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)

        at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:556)

        at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:606)

        at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:979)

        at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1064)

        at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)


I could that the above error occurs when the application is trying to access the /jasperserver-pro/flow.html?_flowId=viewReportFlow&reportOptionsURI=repo:/reports/amari/DR/x3&inputDlg=false&SAVI_TOKEN=dummy URI. Also the above issue only occurs for the first time I run the report.

I have tried adding the following combination of policy in was.policy and server.policy file of websphere with no success:

 

grant codeBase "repo:/" {

  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

};


grant codeBase "repo:/-" {

  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

};

 

I would really appreciate if someone could throw light on this issue.

Thanks,

Jugal

 

 

Link to comment
Share on other sites

  • 2 weeks later...
  • Replies 1
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Report permissions are not read from the policy file (although we should do that, please log it as a feature request if you think it would be useful).

Instead, the permissions are defined in JasperServer's Spring configuration files, via the reportsProtectionDomainProvider bean in applicationContext.xml to be more exact.  That bean has a permissions property where you can add the required permissions.

Regards,

Lucian

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...