Combination View Flat View Tree View
toggle
Philippe Tran
"Socket accept failed" with PACL and Spring filter
March 22, 2013 7:48 AM
Answer

Philippe Tran

Rank: Junior Member

Posts: 34

Join Date: January 22, 2009

Recent Posts

Hi all,

I am using a Spring filter, as defined in web.xml :

<filter>
<filter-name>requestContextFilter</filter-name>
<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>requestContextFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>


When security manager is on, I can see this :

Mar 22, 2013 3:38:23 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.lang.ClassCircularityError: com/liferay/portal/security/pacl/PACLPolicyManager$PACLPolicyPrivilegedAction
at com.liferay.portal.security.pacl.PACLPolicyManager.getPACLPolicy(PACLPolicyManager.java:70)
at com.liferay.portal.security.pacl.PortalPolicy.getPermissions(PortalPolicy.java:133)
at com.liferay.portal.security.pacl.PortalPolicy.implies(PortalPolicy.java:197)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:224)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:352)
at java.security.AccessController.checkPermission(AccessController.java:549)
at com.liferay.portal.security.pacl.PortalSecurityManagerImpl.checkPermission(PortalSecurityManagerImpl.java:205)
at java.lang.SecurityManager.checkAccept(SecurityManager.java:1157)
at java.net.ServerSocket.implAccept(ServerSocket.java:466)
at java.net.ServerSocket.accept(ServerSocket.java:430)
at org.apache.tomcat.util.net.DefaultServerSocketFactory.acceptSocket(DefaultServerSocketFactory.java:60)
at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:216)
at java.lang.Thread.run(Thread.java:680)

Does anyone know how to make spring filter work with PACL ?

TIA
Philippe
Ray Augé
RE: "Socket accept failed" with PACL and Spring filter
March 22, 2013 8:11 AM
Answer

Ray Augé

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1171

Join Date: February 7, 2005

Recent Posts

Wow, Philippe (sorry for name typo) are you working with master branch of liferay-portal? The code you are referring to is not in any release yet.

Can you indicate which exact version you are working with?

It may just be that you need to update from master because the class that is in your error is not initialized until one of the very latest commits last night on master.
Hitoshi Ozawa
RE: "Socket accept failed" with PACL and Spring filter
March 23, 2013 8:36 PM
Answer

Hitoshi Ozawa

Rank: Liferay Legend

Posts: 7990

Join Date: March 23, 2010

Recent Posts

As Ray mentioned, things in github master may not work correctly - it sometimes does may not even build. Should be using the GA or at least a milestone release.

I'm not even sure if Marketplace is accepting portlets based on a master.
Matt Fulford
Automatic reply: [Liferay Forums][2. Marketplace Developers] RE: "Socket ac
March 23, 2013 8:37 PM
Answer

Matt Fulford

Rank: New Member

Posts: 17

Join Date: April 6, 2009

Recent Posts

Thanks for your email. I'm currently out of the office until Tuesday 2nd April. Please contact David Schuiteman (david.schuiteman@pfiks.com) with any urgent queries.

Regards,
Matt
Hitoshi Ozawa
RE: Automatic reply: [Liferay Forums][2. Marketplace Developers] RE: "Socke
March 23, 2013 8:54 PM
Answer

Hitoshi Ozawa

Rank: Liferay Legend

Posts: 7990

Join Date: March 23, 2010

Recent Posts

Wow! This is the first time I've seem an automatic message post in this forum. :-)
Ray Augé
Re: [Liferay Forums][2. Marketplace Developers] RE: Automatic reply: [Lifer
March 24, 2013 1:45 AM
Answer

Ray Augé

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1171

Join Date: February 7, 2005

Recent Posts

If this gets through, someone enabled email replies!
On Mar 23, 2013 11:54 PM, "Hitoshi Ozawa from liferay.com" <
forums@liferay.com> wrote:

> Wow! This is the first time I've seem an automatic message post in this
> forum. :-)
>
>
> To view the thread, follow the link below:
>
> http://www.liferay.com/community/forums/-/message_boards/view_message/22944127
> --
> Thanks, Liferay.com Forums <http://http://www.liferay.com>
Ray Augé
Re: [Liferay Forums][2. Marketplace Developers] Re: [Liferay Forums][2. Mar
March 24, 2013 2:13 AM
Answer

Ray Augé

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1171

Join Date: February 7, 2005

Recent Posts

Nice!

BTW, less a few pull requests pending review PACLv2 is complete in master.

For anyone wanting try it out, follow these steps to auto generate the pack
policy for your plugin:

- add security-manager-enabled=generate to your
liferay-plugin-package.properties
- deploy plugin
- do usability testing of app (test all operations)
- as you test, policy is auto generated into
${lifers.home}/pacl-policy/${plugin-context-name}-pacl.policy
- when completed testing, paste generated policy into app's own lpp.props

Note you may want to optimize the resulting policy for thing like fs paths,
etc (all generated rules use literal vales)
James Falkner
Reply-by-email on forums
March 24, 2013 12:46 PM
Answer

James Falkner

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1198

Join Date: September 17, 2010

Recent Posts

Split this off. The new thread can be found at http://www.liferay.com/community/forums/-/message_boards/view_message/22949380.
Philippe Tran
RE: Re: [Liferay Forums][2. Marketplace Developers] Re: [Liferay Forums][2.
March 29, 2013 6:31 AM
Answer

Philippe Tran

Rank: Junior Member

Posts: 34

Join Date: January 22, 2009

Recent Posts

Hi Ray and Hitoshi,

First, I would like to thank you for your quick answers. Yes, I am using a master version (about 2 week old) because the M4 has a small annoying problem : it calls spring portlet controllers in 'edit' mode twice, in render as well as action phase. In master, everything is ok again.

Being away, I was not able to test further.

Ray Augé:
For anyone wanting try it out, follow these steps to auto generate the pack
policy for your plugin:

- add security-manager-enabled=generate to your
liferay-plugin-package.properties
- deploy plugin
- do usability testing of app (test all operations)
- as you test, policy is auto generated into
${lifers.home}/pacl-policy/${plugin-context-name}-pacl.policy
- when completed testing, paste generated policy into app's own lpp.props


Now that I am back to work, I just activated the "generate" security mode with the last master, using a sample portlet with just the Spring requestContextFilter.

As a result, I just got : security-manager-environment-variables=\\*

Having tested this setting with true, everything seems ok. Anyway, the value "\*" seems strange to me, as a security setting.

What do you think about ?

Thanks again,
Philippe (no typo here, Ray ;-)