Combination View Flat View Tree View
toggle
Henrik Paul
Does my problem match the ticket?
December 5, 2012 3:57 AM
Answer

Henrik Paul

Rank: New Member

Posts: 6

Join Date: March 24, 2011

Recent Posts

I'm developing a plugin with Vaadin 7, and started working with PACL enabled. I soon encountered the following stack trace:

 111:13:21,510 ERROR [http-bio-8080-exec-37][render_portlet_jsp:154] java.lang.SecurityException: Attempted to access declared members
 2    at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
 3    at com.liferay.portal.security.pacl.checker.RuntimeChecker.checkPermission(RuntimeChecker.java:71)
 4    at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
 5    at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
 6    at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
 7    at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
 8    at java.lang.Class.checkMemberAccess(Class.java:2157)
 9    at java.lang.Class.getDeclaredMethods(Class.java:1790)
10    at java.lang.Class.initAnnotationsIfNecessary(Class.java:3070)
11    at java.lang.Class.getAnnotation(Class.java:3029)
12    at com.vaadin.server.UIProvider.getAnnotationFor(UIProvider.java:58)
13    at com.vaadin.server.UIProvider.getWidgetset(UIProvider.java:115)
14    [...snip...]


The Vaadin code in question apparently tries to read an annotation off an UI class in the Vaadin application (i.e. nothing regarding Liferay should be going on at that point in time). After debugging the code, i ended up at BaseReflectChecker.hasReflect(), where callerClass9 gets evaluated as sun.reflect.annotation.AnnotationType$1 and callerClass7 is evaluated as java.lang.Class.

I found no way to configure this, and reading from the source code, all logic regarding member access in this situation is a hard-coded whitelist in Liferay 6.1.1

I'm trying to verify, is this issue fixed by http://issues.liferay.com/browse/LPS-30769, and to be released in 6.1.2 at some point in time, or am I facing an unrelated problem?
David H Nebinger
RE: Does my problem match the ticket?
December 5, 2012 5:42 AM
Answer

David H Nebinger

Rank: Liferay Legend

Posts: 7153

Join Date: September 1, 2006

Recent Posts

Vaadin 7 is still in beta, AFAIK. I don't believe they've ironed out the portal stuff yet (last time I checked)...
Henrik Paul
RE: Does my problem match the ticket?
December 5, 2012 5:50 AM
Answer

Henrik Paul

Rank: New Member

Posts: 6

Join Date: March 24, 2011

Recent Posts

Yeah, it's still in beta, but this issue isn't related to portlet support in Vaadin per se: Liferay's security manager throws an exception when Vaadin tries to do standard java reflection on getting annotations of a certain type off a class in a Vaadin application. I stepped through the code.

You can see the reflection code at http://dev.vaadin.com/browser/vaadin/server/src/com/vaadin/server/UIProvider.java#L53 - "currentType.getAnnotation(annotationType)" starts the downward spiral (as you can see in the provided stacktrace)
Henrik Paul
RE: Does my problem match the ticket?
December 5, 2012 6:04 AM
Answer

Henrik Paul

Rank: New Member

Posts: 6

Join Date: March 24, 2011

Recent Posts

Just to clarify: my plugin is working fine with PACL not enabled. I've just now tried to make it work with PACL on, and after a while, this is what I encountered.