NetBeans Forums

MountainBeast · Joined: 24 Mar 2009 Posts: 10

Dear developers,

I have already mentioned this earlier, but my question did not receive any attention. I am observing bizzare netbeans behaviour, which may be a bug.

Full Netbeans distribution v 6.9.1
Apache Tomcat (comes with netbeans) 6.0.26

How to recreate:

1. create new empty Web Application project, select Apache Tomcat for deployment.
2. right click Apache Tomcat server in Services tab, select Properties.
3. Open Platfotm tab in the Tomcat properties, check Use Security Manager checkbox. Close.
4. Now run the freshly created project.

The project is compiled and deployment starts. Then the following exception is thrown:

29-Sep-2010 14:39:44 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet jsp threw exception
java.security.AccessControlException: access denied (java.util.PropertyPermission schema2beans.debug read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:650)
at org.netbeans.modules.schema2beans.DDLogFlags.<clinit>(DDLogFlags.java:86)
at org.netbeans.modules.schema2beans.DOMBinding.register(DOMBinding.java:166)
at org.netbeans.modules.schema2beans.BeanProp.registerDomNode(BeanProp.java:1809)
at org.netbeans.modules.schema2beans.GraphManager.createRootBinding(GraphManager.java:232)
at org.netbeans.modules.schema2beans.BaseBean.createRoot(BaseBean.java:288)
at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:9 Cool

at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:75)
at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:71)
at org.netbeans.modules.web.monitor.server.MonitorFilter.setupDataRecord(MonitorFilter.java:484)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:331)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:243)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)
29-Sep-2010 14:39:44 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet default threw exception
java.lang.NoClassDefFoundError: Could not initialize class org.netbeans.modules.schema2beans.DDLogFlags
at org.netbeans.modules.schema2beans.DOMBinding.register(DOMBinding.java:166)
at org.netbeans.modules.schema2beans.BeanProp.registerDomNode(BeanProp.java:1809)
at org.netbeans.modules.schema2beans.GraphManager.createRootBinding(GraphManager.java:232)
at org.netbeans.modules.schema2beans.BaseBean.createRoot(BaseBean.java:288)
at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:9 Cool

at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:75)
at org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:71)
at org.netbeans.modules.web.monitor.server.MonitorFilter.setupDataRecord(MonitorFilter.java:484)
at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:331)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:243)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)

Trivial solution is to add

grant {
permission java.util.PropertyPermission "schema2beans.debug", "read";
};

into catalina.policy file, but this does not change anything.

Is it a bug??
How to solve this?

TD · Posted via mailing list.

If you enable the security manager, but don't supply any security
information for the manager to process, why do you expect to be given
access?

Tomcat is expecting role definitions, and a security domain, together with
passwords and user names from the application.

Take a look at the Netbeans tutorial covering securing an EE application.

Tony

-----Original Message-----
From: MountainBeast [mailto:address-removed]
Sent: 29 September 2010 14:48
To: address-removed
Subject: [nbj2ee] Either bug or mistake? Netbeans and security manager

Dear developers,

I have already mentioned this earlier, but my question did not receive any
attention. I am observing bizzare netbeans behaviour, which may be a bug.

Full Netbeans distribution v 6.9.1
Apache Tomcat (comes with netbeans) 6.0.26

How to recreate:

1. create new empty Web Application project, select Apache Tomcat for
deployment.
2. right click Apache Tomcat server in Services tab, select Properties.
3. Open Platfotm tab in the Tomcat properties, check Use Security Manager
checkbox. Close.
4. Now run the freshly created project.

The project is compiled and deployment starts. Then the following exception
is thrown:

29-Sep-2010 14:39:44 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet jsp threw exception
java.security.AccessControlException: access denied
(java.util.PropertyPermission schema2beans.debug read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:323)
at
java.security.AccessController.checkPermission(AccessController.java:546)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:650)
at
org.netbeans.modules.schema2beans.DDLogFlags.<clinit>(DDLogFlags.java:86)
at
org.netbeans.modules.schema2beans.DOMBinding.register(DOMBinding.java:166)
at
org.netbeans.modules.schema2beans.BeanProp.registerDomNode(BeanProp.java:180
9)
at
org.netbeans.modules.schema2beans.GraphManager.createRootBinding(GraphManage
r.java:232)
at
org.netbeans.modules.schema2beans.BaseBean.createRoot(BaseBean.java:288)
at
org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:98
)
at
org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:75
)
at
org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:71
)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.setupDataRecord(Monito
rFilter.java:484)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter
.java:331)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:24
3)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilter
Chain.java:56)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain
.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:185)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102
)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:
859)
at
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(H
ttp11AprProtocol.java:579)
at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)
29-Sep-2010 14:39:44 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet default threw exception
java.lang.NoClassDefFoundError: Could not initialize class
org.netbeans.modules.schema2beans.DDLogFlags
at
org.netbeans.modules.schema2beans.DOMBinding.register(DOMBinding.java:166)
at
org.netbeans.modules.schema2beans.BeanProp.registerDomNode(BeanProp.java:180
9)
at
org.netbeans.modules.schema2beans.GraphManager.createRootBinding(GraphManage
r.java:232)
at
org.netbeans.modules.schema2beans.BaseBean.createRoot(BaseBean.java:288)
at
org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:98
)
at
org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:75
)
at
org.netbeans.modules.web.monitor.data.MonitorData.<init>(MonitorData.java:71
)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.setupDataRecord(Monito
rFilter.java:484)
at
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter
.java:331)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:24
3)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilter
Chain.java:56)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain
.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:185)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102
)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:
859)
at
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(H
ttp11AprProtocol.java:579)
at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)

Trivial solution is to add

grant {
permission java.util.PropertyPermission "schema2beans.debug", "read";
};

into catalina.policy file, but this does not change anything.

Is it a bug??
How to solve this?

------------------------
Michail Klimenkov

MountainBeast · Joined: 24 Mar 2009 Posts: 10

Good Evening, Tony,

Thank you for your reply, I shall definatelly take a look at the specified tutorial. I already followed few tutorials, but they did not cover security aspects, I was too naive to assume that given information was sufficient. =)

Michail

jhodgski · Joined: 22 Jan 2010 Posts: 4

MountainBeast / TD,

Sorry for re-activating an old thread but I'm experiencing the same problem (Netbeans 7.1 with Tomcat 7.0.22.0 on Windows Vista) and can't find any help anywhere.

Could either of you post me the link to the tutorial or let me know directly the steps to solve. (The only tutorial I've managed to find was http://netbeans.org/kb/docs/web/security-webapps.html but that didn't help.)

Many thanks in advance,
James

MountainBeast · Joined: 24 Mar 2009 Posts: 10

Hi, James, it has been a while since I did it, can't really remember what went wrong. Have feeling it was a silly mistake though.

Just start from scratch.
Remove all setting modification made on your tomcat, or better download a fresh one, and add it to netbeans from "Services" tab.

Create new empty web project; clean build it with maven or whatever you are using, then click on the project and run it.

All should work. As I said - it has been a while since I had the problem, but it probably was something silly, and a good chance the exception was completely misleading.

Can you create a very basic project and test it?? all libraries present on class path?? What additional stuff are you using (JPA, Hibernare, Spring, Quartz)??

Why do you need Security Manager enabled in dev environment anyway??