组合视图 统一视图 树状图
Philippe Tran
"Socket accept failed" with PACL and Spring filter
2013年3月22日 上午7:48
答复

Philippe Tran

等级: Junior Member

帖子: 34

加入日期: 2009年1月22日

最近的帖子

Hi all,

I am using a Spring filter, as defined in web.xml :

<filter>
<filter-name>requestContextFilter</filter-name>
<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>requestContextFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>


When security manager is on, I can see this :

Mar 22, 2013 3:38:23 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
java.lang.ClassCircularityError: com/liferay/portal/security/pacl/PACLPolicyManager$PACLPolicyPrivilegedAction
at com.liferay.portal.security.pacl.PACLPolicyManager.getPACLPolicy(PACLPolicyManager.java:70)
at com.liferay.portal.security.pacl.PortalPolicy.getPermissions(PortalPolicy.java:133)
at com.liferay.portal.security.pacl.PortalPolicy.implies(PortalPolicy.java:197)
at java.security.ProtectionDomain.implies(ProtectionDomain.java:224)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:352)
at java.security.AccessController.checkPermission(AccessController.java:549)
at com.liferay.portal.security.pacl.PortalSecurityManagerImpl.checkPermission(PortalSecurityManagerImpl.java:205)
at java.lang.SecurityManager.checkAccept(SecurityManager.java:1157)
at java.net.ServerSocket.implAccept(ServerSocket.java:466)
at java.net.ServerSocket.accept(ServerSocket.java:430)
at org.apache.tomcat.util.net.DefaultServerSocketFactory.acceptSocket(DefaultServerSocketFactory.java:60)
at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:216)
at java.lang.Thread.run(Thread.java:680)

Does anyone know how to make spring filter work with PACL ?

TIA
Philippe
Ray Augé
RE: "Socket accept failed" with PACL and Spring filter
2013年3月22日 上午8:11
答复

Ray Augé

LIFERAY STAFF

等级: Liferay Legend

帖子: 1238

加入日期: 2005年2月7日

最近的帖子

Wow, Philippe (sorry for name typo) are you working with master branch of liferay-portal? The code you are referring to is not in any release yet.

Can you indicate which exact version you are working with?

It may just be that you need to update from master because the class that is in your error is not initialized until one of the very latest commits last night on master.
Hitoshi Ozawa
RE: "Socket accept failed" with PACL and Spring filter
2013年3月23日 下午8:36
答复

Hitoshi Ozawa

等级: Liferay Legend

帖子: 7990

加入日期: 2010年3月23日

最近的帖子

As Ray mentioned, things in github master may not work correctly - it sometimes does may not even build. Should be using the GA or at least a milestone release.

I'm not even sure if Marketplace is accepting portlets based on a master.
Matt Fulford
Automatic reply: [Liferay Forums][2. Marketplace Developers] RE: "Socket ac
2013年3月23日 下午8:37
答复

Matt Fulford

等级: New Member

帖子: 17

加入日期: 2009年4月6日

最近的帖子

Thanks for your email. I'm currently out of the office until Tuesday 2nd April. Please contact David Schuiteman (david.schuiteman@pfiks.com) with any urgent queries.

Regards,
Matt
Hitoshi Ozawa
RE: Automatic reply: [Liferay Forums][2. Marketplace Developers] RE: "Socke
2013年3月23日 下午8:54
答复

Hitoshi Ozawa

等级: Liferay Legend

帖子: 7990

加入日期: 2010年3月23日

最近的帖子

Wow! This is the first time I've seem an automatic message post in this forum. :-)
Ray Augé
Re: [Liferay Forums][2. Marketplace Developers] RE: Automatic reply: [Lifer
2013年3月24日 上午1:45
答复

Ray Augé

LIFERAY STAFF

等级: Liferay Legend

帖子: 1238

加入日期: 2005年2月7日

最近的帖子

If this gets through, someone enabled email replies!
On Mar 23, 2013 11:54 PM, "Hitoshi Ozawa from liferay.com" <
forums@liferay.com> wrote:

> Wow! This is the first time I've seem an automatic message post in this
> forum. :-)
>
>
> To view the thread, follow the link below:
>
> http://www.liferay.com/community/forums/-/message_boards/view_message/22944127
> --
> Thanks, Liferay.com Forums <http://http://www.liferay.com>
Ray Augé
Re: [Liferay Forums][2. Marketplace Developers] Re: [Liferay Forums][2. Mar
2013年3月24日 上午2:13
答复

Ray Augé

LIFERAY STAFF

等级: Liferay Legend

帖子: 1238

加入日期: 2005年2月7日

最近的帖子

Nice!

BTW, less a few pull requests pending review PACLv2 is complete in master.

For anyone wanting try it out, follow these steps to auto generate the pack
policy for your plugin:

- add security-manager-enabled=generate to your
liferay-plugin-package.properties
- deploy plugin
- do usability testing of app (test all operations)
- as you test, policy is auto generated into
${lifers.home}/pacl-policy/${plugin-context-name}-pacl.policy
- when completed testing, paste generated policy into app's own lpp.props

Note you may want to optimize the resulting policy for thing like fs paths,
etc (all generated rules use literal vales)
Philippe Tran
RE: Re: [Liferay Forums][2. Marketplace Developers] Re: [Liferay Forums][2.
2013年3月29日 上午6:31
答复

Philippe Tran

等级: Junior Member

帖子: 34

加入日期: 2009年1月22日

最近的帖子

Hi Ray and Hitoshi,

First, I would like to thank you for your quick answers. Yes, I am using a master version (about 2 week old) because the M4 has a small annoying problem : it calls spring portlet controllers in 'edit' mode twice, in render as well as action phase. In master, everything is ok again.

Being away, I was not able to test further.

Ray Augé:
For anyone wanting try it out, follow these steps to auto generate the pack
policy for your plugin:

- add security-manager-enabled=generate to your
liferay-plugin-package.properties
- deploy plugin
- do usability testing of app (test all operations)
- as you test, policy is auto generated into
${lifers.home}/pacl-policy/${plugin-context-name}-pacl.policy
- when completed testing, paste generated policy into app's own lpp.props


Now that I am back to work, I just activated the "generate" security mode with the last master, using a sample portlet with just the Spring requestContextFilter.

As a result, I just got : security-manager-environment-variables=\\*

Having tested this setting with true, everything seems ok. Anyway, the value "\*" seems strange to me, as a security setting.

What do you think about ?

Thanks again,
Philippe (no typo here, Ray ;-)
James Falkner
Reply-by-email on forums
2013年3月24日 下午12:46
答复

James Falkner

LIFERAY STAFF

等级: Liferay Legend

帖子: 1191

加入日期: 2010年9月17日

最近的帖子