フォーラム

ホーム » 1. Marketplace App Development

構造的に表示 平面上に表示 ツリー上に表示
toggle
Brian Kim
PACL/Security Manager - help coming
2014/06/24 11:09
答え

Brian Kim

LIFERAY STAFF

ランク: Expert

投稿: 319

参加年月日: 2004/08/16

最近の投稿

Hi all,

We realize that working with PACL/Security Manager takes some time and experience to build into your apps, so we're going to put together a team to help in answering some of the questions and issues that all of you may be having. We hope to have this ready soon - I'll provide updates as I get them.

Thanks everyone for your comments and feedback.
Maarten J
RE: PACL/Security Manager - help coming
2012/11/06 4:29
答え

Maarten J

ランク: New Member

投稿: 15

参加年月日: 2012/01/25

最近の投稿

Hi Brian,

We are really looking forward to help from this team. We have several portlets ready which we would love to publish!

Thanks,
Maarten
James Falkner
RE: PACL/Security Manager - help coming
2012/11/06 8:35
答え

James Falkner

LIFERAY STAFF

ランク: Liferay Legend

投稿: 1222

参加年月日: 2010/09/17

最近の投稿

Maarten J:
Hi Brian,

We are really looking forward to help from this team. We have several portlets ready which we would love to publish!

Thanks,
Maarten


Hi all,

As Brian mentions, we have put a team together to help Marketplace Developers work through the PACL issues you are facing. Some issues are configuration issues, others are due to PACL bugs. The triage team can help you figure out whether you simply have missing config, or have found a bug in PACL. I'm going to be on this team, as your community liaison (also known as Chief Pestering Officer) emoticon We'll go about it like this:

  1. Develop your app following the official developer documentation (and Security Manager disabled)
  2. After you're satisfied that your app works with the Security Manager disabled, turn it on
  3. Go through the test->edit->repeat cycle to make a best effort at identifying and including all of the PACL resource declarations necessary for your app, using the official Security Manager docs.
  4. If you believe you've done everything right, and you're still having issues related to PACL that you cannot solve, post your issue in this forum category (the one where this message is). Our triage team will engage with you and see attempt to determine if there really is a bug, or just missing configuration. You could also post an issue at issues.liferay.com but the triage team will be watching here and it is my hope that most issues are configuration issues and not really bugs in Liferay.


As mentioned, we have seen that most PACL issues fall into two main categories:

1. Missing PACL configuration. PACL is very granular, and requires that you declare all of the protected resources that your app might ever require during its execution. The documentation suggests you first develop your app with PACL disabled, then when you're all done, enable it, and exercise your app to discover which protected resources it requires. This is pretty tedious as of now, requiring multiple test->edit config->repeat cycles (and developers are investigating how to improve the developer experience going forward).

2. PACL Bugs. There are few already. Working with the triage team via this forum is the best way to discover whether you are hitting a bug. If you indeed discover a bug, the triage team will help you to file the issue at issues.liferay.com and get it fixed as quickly as possible.

So please give it a go, and post issues here, and we'll hopefully be able to resolve them as quickly as possible.
Aniceto P Madrid
RE: PACL/Security Manager - help coming
2012/12/05 1:50
答え

Aniceto P Madrid

ランク: Regular Member

投稿: 135

参加年月日: 2008/05/24

最近の投稿

When those PACL be fixed, which requires a new Liferay relase, I'll be back to the Marketplace. It has no sense to fight with a poorly documented security environment that doesn't event work.
Laxman Rana
RE: PACL/Security Manager - help coming
2012/12/31 2:05
答え

Laxman Rana

ランク: Junior Member

投稿: 42

参加年月日: 2012/02/29

最近の投稿

Can you help me out to solve this problem ?

Thank You !!!
Hitoshi Ozawa
RE: PACL/Security Manager - help coming
2013/01/07 4:30
答え

Hitoshi Ozawa

ランク: Liferay Legend

投稿: 7954

参加年月日: 2010/03/23

最近の投稿

Speaking on behave of the community, I have to say it is very disappointing to see that there haven't been any update to this thread from liferay.com since last November.

http://www.liferay.com/community/forums/-/message_boards/message/18999112
Ray Augé
RE: PACL/Security Manager - help coming
2013/01/07 5:24
答え

Ray Augé

LIFERAY STAFF

ランク: Liferay Legend

投稿: 1171

参加年月日: 2005/02/07

最近の投稿

Yes, it's quite sad. emoticon

Honestly, It was a terrible mistake on my part how PACL unfolded. I regret a great many things about it, mostly how it has adversly affected our community of developers.

With that I offer my sincere appologies and I will try to work from this point to attempt to resolve the issues.

1) I think what I will do is first to document and otherwise simply help people to fix or be aware of how certain things work. I hope that will be a first good step.
2) I have it in mind to create a plugin (I'm just now starting for forumate ideas on how to do this) which will run along with the developer environment which will do it's best to generate a valid security settings profile for the deployed plugins, based on execution of the plugin. a) it will replace the security checkers/manager (not sure yet) with one which tracks rather than checks. b) as the developer uses their plugin, the security profile will be automatically created.
Ray Augé
RE: PACL/Security Manager - help coming
2013/01/09 13:40
答え

Ray Augé

LIFERAY STAFF

ランク: Liferay Legend

投稿: 1171

参加年月日: 2005/02/07

最近の投稿

Hey All,

I wanted to let everyone know that help is really coming in the form of a tool baked into the portal.

I'm dubing it temporarily Liferay's PACL Policy Generator (a.k.a. PPG)

You can watch it's progress via this JIRA issue: http://issues.liferay.com/browse/LPS-32200

Also, you can take a quick look at the workflow outlined in that ticket but also here: https://gist.github.com/4494206

You'll see the result of testing this against the sample-service-builder-portlet and generated in less than a 2 minutes running a QA cycle through that app. A complete and functional policy was the result which was litteraly copy and pasted (as it's already nicely formatted with key and value sorting).

We're hoping that this will quickly be available to everyone in the next GA(3) release(s) (which you will note that James officially announced quietly hints at here: http://www.liferay.com/community/forums/-/message_boards/view_message/17329080#_19_message_19073288).

I'm hoping that this significantly simplifies the process of getting your plugins into the marketplace (at least making the PACL step much simpler).

Of course, feedback is always welcome!
Sampsa Sohlman
RE: PACL/Security Manager - help coming
2013/01/10 1:53
答え

Sampsa Sohlman

LIFERAY STAFF

ランク: Regular Member

投稿: 218

参加年月日: 2007/09/27

最近の投稿

Great job Ray, it will be excelent tool for all Marketplace developers.
Juan Gonzalez
RE: PACL/Security Manager - help coming
2013/01/11 3:26
答え

Juan Gonzalez

LIFERAY STAFF

ランク: Liferay Legend

投稿: 1984

参加年月日: 2008/10/28

最近の投稿

Thanks very much Ray.

This was the only missing piece!
Hitoshi Ozawa
RE: PACL/Security Manager - help coming
2013/01/11 3:52
答え

Hitoshi Ozawa

ランク: Liferay Legend

投稿: 7954

参加年月日: 2010/03/23

最近の投稿

Thank you very much Ray! Really appreciate you taking the extra step to get it out so quickly. emoticon
Luis Álvarez
RE: PACL/Security Manager - help coming
2013/01/16 9:19
答え

Luis Álvarez

ランク: New Member

投稿: 8

参加年月日: 2011/09/19

最近の投稿

¿Is this the famous PACL problem?

Caused by: org.springframework.beans.factory.BeanDefinitionStoreException: Failed to read candidate component class: file [C:\B2B\Arquitectura\ComponentesMarket
Place\ImageViewer\LiferayWorkspace\bundle\tomcat-7.0.27\temp\3-2012-01-14-CommunityRelease-6.1.20.1\WEB-INF\classes\com\b2b2000\imageviewer\web\controller\EditC
ontroller.class]; nested exception is java.lang.SecurityException: Attempted to access declared members
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.findCandidateComponents(ClassPathScanningCandidateComponentProvide
r.java:237)
at org.springframework.context.annotation.ClassPathBeanDefinitionScanner.doScan(ClassPathBeanDefinitionScanner.java:204)
at org.springframework.context.annotation.ComponentScanBeanDefinitionParser.parse(ComponentScanBeanDefinitionParser.java:84)
at org.springframework.beans.factory.xml.NamespaceHandlerSupport.parse(NamespaceHandlerSupport.java:73)
at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1338)
at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1328)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:135)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:93)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:493)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:390)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:178)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149)
at org.springframework.web.portlet.context.XmlPortletApplicationContext.loadBeanDefinitions(XmlPortletApplicationContext.java:124)
at org.springframework.web.portlet.context.XmlPortletApplicationContext.loadBeanDefinitions(XmlPortletApplicationContext.java:92)
at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130)
at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:467)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:397)
at org.springframework.web.portlet.FrameworkPortlet.createPortletApplicationContext(FrameworkPortlet.java:356)
at org.springframework.web.portlet.FrameworkPortlet.initPortletApplicationContext(FrameworkPortlet.java:294)
at org.springframework.web.portlet.FrameworkPortlet.initPortletBean(FrameworkPortlet.java:268)
at org.springframework.web.portlet.GenericPortletBean.init(GenericPortletBean.java:116)
at javax.portlet.GenericPortlet.init(GenericPortlet.java:107)
at com.liferay.portlet.InvokerPortletImpl.init(InvokerPortletImpl.java:256)
at com.liferay.portlet.PortletInstanceFactoryImpl.init(PortletInstanceFactoryImpl.java:221)
at com.liferay.portlet.PortletInstanceFactoryImpl.create(PortletInstanceFactoryImpl.java:140)
at com.liferay.portlet.PortletInstanceFactoryUtil.create(PortletInstanceFactoryUtil.java:41)
at com.liferay.portal.deploy.hot.PortletHotDeployListener.initPortletApp(PortletHotDeployListener.java:598)
at com.liferay.portal.deploy.hot.PortletHotDeployListener.doInvokeDeploy(PortletHotDeployListener.java:328)
at com.liferay.portal.deploy.hot.PortletHotDeployListener.invokeDeploy(PortletHotDeployListener.java:120)
... 25 more
Caused by: java.lang.SecurityException: Attempted to access declared members
at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
at com.liferay.portal.security.pacl.checker.RuntimeChecker.checkPermission(RuntimeChecker.java:71)
at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
at java.lang.Class.checkMemberAccess(Class.java:2157)
at java.lang.Class.getDeclaredMethods(Class.java:1790)
at sun.reflect.annotation.AnnotationType$1.run(AnnotationType.java:86)
at sun.reflect.annotation.AnnotationType$1.run(AnnotationType.java:83)
at java.security.AccessController.doPrivileged(Native Method)
at sun.reflect.annotation.AnnotationType.<init>(AnnotationType.java:82)
at sun.reflect.annotation.AnnotationType.getInstance(AnnotationType.java:66)
at sun.reflect.annotation.AnnotationParser.parseAnnotation(AnnotationParser.java:202)
at sun.reflect.annotation.AnnotationParser.parseAnnotations2(AnnotationParser.java:69)
at sun.reflect.annotation.AnnotationParser.parseAnnotations(AnnotationParser.java:52)
at java.lang.Class.initAnnotationsIfNecessary(Class.java:3070)
at java.lang.Class.getAnnotations(Class.java:3050)
at org.springframework.core.type.classreading.AnnotationAttributesReadingVisitor.visitEnd(AnnotationAttributesReadingVisitor.java:131)
at org.springframework.asm.ClassReader.a(Unknown Source)
at org.springframework.asm.ClassReader.accept(Unknown Source)
at org.springframework.asm.ClassReader.accept(Unknown Source)
at org.springframework.core.type.classreading.SimpleMetadataReader.<init>(SimpleMetadataReader.java:54)
at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:80)
at org.springframework.core.type.classreading.CachingMetadataReaderFactory.getMetadataReader(CachingMetadataReaderFactory.java:101)
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.findCandidateComponents(ClassPathScanningCandidateComponentProvide
r.java:213)
... 56 more
Ray Augé
RE: PACL/Security Manager - help coming
2013/01/16 9:36
答え

Ray Augé

LIFERAY STAFF

ランク: Liferay Legend

投稿: 1171

参加年月日: 2005/02/07

最近の投稿

Yup, that's the one we're working on.

Reflection is pretty broken. emoticon

We have 3 engineers working on various aspects of the issue as we speak and we're not going to let GA3 come out without fixing this.
Luis Álvarez
RE: PACL/Security Manager - help coming
2013/01/16 23:40
答え

Luis Álvarez

ランク: New Member

投稿: 8

参加年月日: 2011/09/19

最近の投稿

Probably we'll wait to be solved.
Not sure we can find a workaround.

Thanks Ray
immo biton
RE: PACL/Security Manager - help coming
2014/02/20 8:57
答え

immo biton

ランク: New Member

投稿: 1

参加年月日: 2014/02/20

最近の投稿

Thank you very much Ray! Really appreciate you taking the extra step to get it out so quickly. emoticon