search

asciidoctor / asciidoctorj-pdf

AsciidoctorJ PDF bundles the Asciidoctor PDF RubyGem (asciidoctor-pdf) so it can be loaded into the JVM using JRuby.
Apache License 2.0
36 stars 17 forks source link

Loading PsychLibrary fails when temporary jar files do not have permissions to read pom of snakeyaml #44

Closed dhx closed 2 years ago

dhx commented 4 years ago

Using asciidoctorj-pdf in a tomcat webapp (alfresco 6.2) we're running into issues when trying to generate a pdf.

The Environment is:

Server version:        Apache Tomcat/8.5.43
JVM Version:           11.0.1+13

And the dependencies we use:

        <dependency>
            <groupId>org.asciidoctor</groupId>
            <artifactId>asciidoctorj-api</artifactId>
            <version>2.3.0</version>
        </dependency>
        <dependency>
            <groupId>org.asciidoctor</groupId>
            <artifactId>asciidoctorj</artifactId>
            <version>2.3.0</version>
        </dependency>
        <dependency>
            <groupId>org.asciidoctor</groupId>
            <artifactId>asciidoctorj-pdf</artifactId>
            <version>1.5.3</version>
        </dependency>

Analyzing the stacktrace it seems the SecurityManager is denying access to a pom file:

 org.jruby.exceptions.NameError: (NameError) cannot load (ext) (org.jruby.ext.psych.PsychLibrary)
    at org.jruby.ext.jruby.JRubyUtilLibrary.load_ext(org/jruby/ext/jruby/JRubyUtilLibrary.java:201)
    at RUBY.<main>(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/psych.rb:7)
    at org.jruby.RubyKernel.require(org/jruby/RubyKernel.java:974)
    at RUBY.require(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rubygems/core_ext/kernel_require.rb:54)
    at RUBY.<main>(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/yaml.rb:6)
    at org.jruby.RubyKernel.require(org/jruby/RubyKernel.java:974)
    at RUBY.require(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rubygems/core_ext/kernel_require.rb:54)
    at RUBY.<main>(uri:classloader:/gems/prawn-icon-2.5.0/lib/prawn/icon/font_data.rb:9)
    at org.jruby.RubyKernel.require(org/jruby/RubyKernel.java:974)
    at org.jruby.RubyKernel.require_relative(org/jruby/RubyKernel.java:1002)
    at RUBY.<main>(uri:classloader:/gems/prawn-icon-2.5.0/lib/prawn/icon.rb:11)
    at org.jruby.RubyKernel.require(org/jruby/RubyKernel.java:974)
    at RUBY.require(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rubygems/core_ext/kernel_require.rb:54)
    at RUBY.<main>(uri:classloader:/gems/asciidoctor-pdf-1.5.3/lib/asciidoctor/pdf/ext/prawn/extensions.rb:5)
    at org.jruby.RubyKernel.require(org/jruby/RubyKernel.java:974)
    at org.jruby.RubyKernel.require_relative(org/jruby/RubyKernel.java:1002)
    at RUBY.<main>(uri:classloader:/gems/asciidoctor-pdf-1.5.3/lib/asciidoctor/pdf/ext/prawn.rb:9)
    at org.jruby.RubyKernel.require(org/jruby/RubyKernel.java:974)
    at org.jruby.RubyKernel.require_relative(org/jruby/RubyKernel.java:1002)
    at RUBY.<main>(uri:classloader:/gems/asciidoctor-pdf-1.5.3/lib/asciidoctor/pdf/ext.rb:6)
    at org.jruby.RubyKernel.require(org/jruby/RubyKernel.java:974)
    at org.jruby.RubyKernel.require_relative(org/jruby/RubyKernel.java:1002)
    at RUBY.<main>(uri:classloader:/gems/asciidoctor-pdf-1.5.3/lib/asciidoctor/pdf.rb:13)
    at org.jruby.RubyKernel.require(org/jruby/RubyKernel.java:974)
    at org.jruby.RubyKernel.require_relative(org/jruby/RubyKernel.java:1002)
    at RUBY.<main>(uri:classloader:/gems/asciidoctor-pdf-1.5.3/lib/asciidoctor-pdf.rb:3)
    at org.jruby.RubyKernel.require(org/jruby/RubyKernel.java:974)
    at RUBY.require(uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rubygems/core_ext/kernel_require.rb:130)
    at RUBY.<main>(<script>:1)
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/usr/local/tomcat/webapps/alfresco/WEB-INF/classes/META-INF/maven/org.yaml/snakeyaml/pom.properties" "read")
    at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.base/java.security.AccessController.checkPermission(AccessController.java:895)
    at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
    at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:661)
    at java.base/java.io.File.exists(File.java:815)
    at org.apache.catalina.webresources.DirResourceSet.getResource(DirResourceSet.java:105)
    at org.apache.catalina.webresources.StandardRoot.getResourceInternal(StandardRoot.java:281)
    at org.apache.catalina.webresources.CachedResource.validateResource(CachedResource.java:87)
    at org.apache.catalina.webresources.Cache.getResource(Cache.java:87)
    at org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:216)
    at org.apache.catalina.webresources.StandardRoot.getClassLoaderResource(StandardRoot.java:225)
    at org.apache.catalina.loader.WebappClassLoaderBase.findResource(WebappClassLoaderBase.java:930)
    at org.apache.catalina.loader.WebappClassLoaderBase.getResource(WebappClassLoaderBase.java:1051)
    at java.base/java.lang.ClassLoader.getResource(ClassLoader.java:1395)
    at java.base/java.net.URLClassLoader.getResourceAsStream(URLClassLoader.java:322)
    at org.jruby.ext.psych.PsychLibrary.load(PsychLibrary.java:54)
    at org.jruby.ext.jruby.JRubyUtilLibrary.loadExtension(JRubyUtilLibrary.java:224)
    at org.jruby.ext.jruby.JRubyUtilLibrary.load_ext(JRubyUtilLibrary.java:201)
    at org.jruby.ext.jruby.JRubyUtilLibrary$INVOKER$s$1$0$load_ext.call(JRubyUtilLibrary$INVOKER$s$1$0$load_ext.gen)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:375)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:174)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:96)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:81)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:30)
    at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
    at org.jruby.Ruby.runInterpreter(Ruby.java:1218)
    at org.jruby.Ruby.loadFile(Ruby.java:2785)
    at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:234)
    at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:34)
    at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:887)
    at org.jruby.runtime.load.LoadService.smartLoadInternal(LoadService.java:535)
    at org.jruby.runtime.load.LoadService.require(LoadService.java:402)
    at org.jruby.RubyKernel.requireCommon(RubyKernel.java:981)
    at org.jruby.RubyKernel.require(RubyKernel.java:974)
    at org.jruby.RubyKernel$INVOKER$s$1$0$require.call(RubyKernel$INVOKER$s$1$0$require.gen)
    at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:417)
    at org.jruby.internal.runtime.methods.AliasMethod.call(AliasMethod.java:95)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:172)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.InterpreterEngine.interpret(InterpreterEngine.java:86)
    at org.jruby.internal.runtime.methods.InterpretedIRMethod.INTERPRET_METHOD(InterpretedIRMethod.java:159)
    at org.jruby.internal.runtime.methods.InterpretedIRMethod.call(InterpretedIRMethod.java:146)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:375)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:174)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:96)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:81)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:30)
    at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
    at org.jruby.Ruby.runInterpreter(Ruby.java:1218)
    at org.jruby.Ruby.loadFile(Ruby.java:2785)
    at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:234)
    at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:34)
    at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:887)
    at org.jruby.runtime.load.LoadService.smartLoadInternal(LoadService.java:535)
    at org.jruby.runtime.load.LoadService.require(LoadService.java:402)
    at org.jruby.RubyKernel.requireCommon(RubyKernel.java:981)
    at org.jruby.RubyKernel.require(RubyKernel.java:974)
    at org.jruby.RubyKernel$INVOKER$s$1$0$require.call(RubyKernel$INVOKER$s$1$0$require.gen)
    at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:417)
    at org.jruby.internal.runtime.methods.AliasMethod.call(AliasMethod.java:95)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:172)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.InterpreterEngine.interpret(InterpreterEngine.java:86)
    at org.jruby.internal.runtime.methods.InterpretedIRMethod.INTERPRET_METHOD(InterpretedIRMethod.java:159)
    at org.jruby.internal.runtime.methods.InterpretedIRMethod.call(InterpretedIRMethod.java:146)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:375)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:174)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:96)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:81)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:30)
    at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
    at org.jruby.Ruby.runInterpreter(Ruby.java:1218)
    at org.jruby.Ruby.loadFile(Ruby.java:2785)
    at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:234)
    at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:34)
    at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:887)
    at org.jruby.runtime.load.LoadService.smartLoadInternal(LoadService.java:535)
    at org.jruby.runtime.load.LoadService.require(LoadService.java:402)
    at org.jruby.RubyKernel.requireCommon(RubyKernel.java:981)
    at org.jruby.RubyKernel.require(RubyKernel.java:974)
    at org.jruby.RubyKernel.require_relative(RubyKernel.java:1002)
    at org.jruby.RubyKernel$INVOKER$s$1$0$require_relative.call(RubyKernel$INVOKER$s$1$0$require_relative.gen)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:375)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:174)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:96)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:81)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:30)
    at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
    at org.jruby.Ruby.runInterpreter(Ruby.java:1218)
    at org.jruby.Ruby.loadFile(Ruby.java:2785)
    at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:234)
    at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:34)
    at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:887)
    at org.jruby.runtime.load.LoadService.smartLoadInternal(LoadService.java:535)
    at org.jruby.runtime.load.LoadService.require(LoadService.java:402)
    at org.jruby.RubyKernel.requireCommon(RubyKernel.java:981)
    at org.jruby.RubyKernel.require(RubyKernel.java:974)
    at org.jruby.RubyKernel$INVOKER$s$1$0$require.call(RubyKernel$INVOKER$s$1$0$require.gen)
    at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:417)
    at org.jruby.internal.runtime.methods.AliasMethod.call(AliasMethod.java:95)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:172)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.InterpreterEngine.interpret(InterpreterEngine.java:86)
    at org.jruby.internal.runtime.methods.InterpretedIRMethod.INTERPRET_METHOD(InterpretedIRMethod.java:159)
    at org.jruby.internal.runtime.methods.InterpretedIRMethod.call(InterpretedIRMethod.java:146)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:375)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:174)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:96)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:81)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:30)
    at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
    at org.jruby.Ruby.runInterpreter(Ruby.java:1218)
    at org.jruby.Ruby.loadFile(Ruby.java:2785)
    at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:234)
    at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:34)
    at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:887)
    at org.jruby.runtime.load.LoadService.smartLoadInternal(LoadService.java:535)
    at org.jruby.runtime.load.LoadService.require(LoadService.java:402)
    at org.jruby.RubyKernel.requireCommon(RubyKernel.java:981)
    at org.jruby.RubyKernel.require(RubyKernel.java:974)
    at org.jruby.RubyKernel.require_relative(RubyKernel.java:1002)
    at org.jruby.RubyKernel$INVOKER$s$1$0$require_relative.call(RubyKernel$INVOKER$s$1$0$require_relative.gen)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:375)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:174)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:96)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:81)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:30)
    at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
    at org.jruby.Ruby.runInterpreter(Ruby.java:1218)
    at org.jruby.Ruby.loadFile(Ruby.java:2785)
    at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:234)
    at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:34)
    at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:887)
    at org.jruby.runtime.load.LoadService.smartLoadInternal(LoadService.java:535)
    at org.jruby.runtime.load.LoadService.require(LoadService.java:402)
    at org.jruby.RubyKernel.requireCommon(RubyKernel.java:981)
    at org.jruby.RubyKernel.require(RubyKernel.java:974)
    at org.jruby.RubyKernel.require_relative(RubyKernel.java:1002)
    at org.jruby.RubyKernel$INVOKER$s$1$0$require_relative.call(RubyKernel$INVOKER$s$1$0$require_relative.gen)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:375)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:174)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:96)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:81)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:30)
    at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
    at org.jruby.Ruby.runInterpreter(Ruby.java:1218)
    at org.jruby.Ruby.loadFile(Ruby.java:2785)
    at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:234)
    at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:34)
    at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:887)
    at org.jruby.runtime.load.LoadService.smartLoadInternal(LoadService.java:535)
    at org.jruby.runtime.load.LoadService.require(LoadService.java:402)
    at org.jruby.RubyKernel.requireCommon(RubyKernel.java:981)
    at org.jruby.RubyKernel.require(RubyKernel.java:974)
    at org.jruby.RubyKernel.require_relative(RubyKernel.java:1002)
    at org.jruby.RubyKernel$INVOKER$s$1$0$require_relative.call(RubyKernel$INVOKER$s$1$0$require_relative.gen)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:375)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:174)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:96)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:81)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:30)
    at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
    at org.jruby.Ruby.runInterpreter(Ruby.java:1218)
    at org.jruby.Ruby.loadFile(Ruby.java:2785)
    at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:234)
    at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:34)
    at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:887)
    at org.jruby.runtime.load.LoadService.smartLoadInternal(LoadService.java:535)
    at org.jruby.runtime.load.LoadService.require(LoadService.java:402)
    at org.jruby.RubyKernel.requireCommon(RubyKernel.java:981)
    at org.jruby.RubyKernel.require(RubyKernel.java:974)
    at org.jruby.RubyKernel.require_relative(RubyKernel.java:1002)
    at org.jruby.RubyKernel$INVOKER$s$1$0$require_relative.call(RubyKernel$INVOKER$s$1$0$require_relative.gen)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:375)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:174)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:96)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:81)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:30)
    at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
    at org.jruby.Ruby.runInterpreter(Ruby.java:1218)
    at org.jruby.Ruby.loadFile(Ruby.java:2785)
    at org.jruby.runtime.load.LibrarySearcher$ResourceLibrary.load(LibrarySearcher.java:234)
    at org.jruby.runtime.load.LibrarySearcher$FoundLibrary.load(LibrarySearcher.java:34)
    at org.jruby.runtime.load.LoadService.tryLoadingLibraryOrScript(LoadService.java:887)
    at org.jruby.runtime.load.LoadService.smartLoadInternal(LoadService.java:535)
    at org.jruby.runtime.load.LoadService.require(LoadService.java:402)
    at org.jruby.RubyKernel.requireCommon(RubyKernel.java:981)
    at org.jruby.RubyKernel.require(RubyKernel.java:974)
    at org.jruby.RubyKernel$INVOKER$s$1$0$require.call(RubyKernel$INVOKER$s$1$0$require.gen)
    at org.jruby.internal.runtime.methods.JavaMethod$JavaMethodOneOrNBlock.call(JavaMethod.java:417)
    at org.jruby.internal.runtime.methods.AliasMethod.call(AliasMethod.java:95)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:172)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.InterpreterEngine.interpret(InterpreterEngine.java:86)
    at org.jruby.internal.runtime.methods.InterpretedIRMethod.INTERPRET_METHOD(InterpretedIRMethod.java:159)
    at org.jruby.internal.runtime.methods.InterpretedIRMethod.call(InterpretedIRMethod.java:146)
    at org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:375)
    at org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:174)
    at org.jruby.ir.interpreter.InterpreterEngine.processCall(InterpreterEngine.java:316)
    at org.jruby.ir.interpreter.StartupInterpreterEngine.interpret(StartupInterpreterEngine.java:72)
    at org.jruby.ir.interpreter.Interpreter.INTERPRET_ROOT(Interpreter.java:96)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:81)
    at org.jruby.ir.interpreter.Interpreter.execute(Interpreter.java:30)
    at org.jruby.ir.IRTranslator.execute(IRTranslator.java:42)
    at org.jruby.Ruby.evalScriptlet(Ruby.java:860)
    at org.jruby.Ruby.evalScriptlet(Ruby.java:836)
    at org.asciidoctor.jruby.internal.RubyGemsPreloader.preloadLibrary(RubyGemsPreloader.java:78)
    at org.asciidoctor.jruby.internal.RubyGemsPreloader.preloadRequiredLibraries(RubyGemsPreloader.java:69)
    at org.asciidoctor.jruby.internal.JRubyAsciidoctor.convertFile(JRubyAsciidoctor.java:372)
    at org.asciidoctor.jruby.internal.JRubyAsciidoctor.convertFile(JRubyAsciidoctor.java:366)

The problem goes away when adding permissions in the java policy file to the temporary generated jar files jruby uses here apparently:

[root@hostname tomcat]# find .|grep jruby
./temp/jruby-1
./temp/jruby-1/jruby4257562214173774470bctls-jdk15on-1.62.jar
./temp/jruby-1/jruby2507730441833188943psych.jar
./temp/jruby-1/jruby17345433168328524530snakeyaml-1.23.jar
./temp/jruby-1/jruby1812907166974319462jopenssl.jar
./temp/jruby-1/jruby6604912783809575262bcpkix-jdk15on-1.62.jar
./temp/jruby-1/jruby16888754197153238165bcprov-jdk15on-1.62.jar

I'm not happy doing this though as I'm not sure the postfix to the jruby folder here will always be "-1" and it seems I'm unable adding wildcards at this level, the current rule (overly permissive) I'm using to get it working is:

grant codeBase "file:${catalina.base}/temp/-" {
    permission java.security.AllPermission;
};

Do you see any possible thing we can do to make this more secure? (e.g. having a specific temporary directory for those temporary jar files, or a way to not having them used at all?)

robertpanzer commented 4 years ago

I guess this is rather a question for https://github.com/jruby/jruby. I wonder though why a web app does not have read access to its own classes directory?

dhx commented 4 years ago

Thats the thing, the webapp (that is the code in the classes / jars in the ${catalina.base}/webapps/... directory) does have its own policy entry granting access to itself already, BUT jruby seems to put the temporary jar files in the jvm wide configured temp directory (in our case in ${catalina.base}/temp/jruby-1/jruby2507730441833188943psych.jar) and code in those jar files is not covered by the policy the tomcat container has already in place for it's webapps (which makes sense to me - what sense does a security policy have when code lying in the global temp directory is not restricted...).

Anyway if you don't see a way this can somehow be addressed at the asciidoc layer - I'll try at the next layer - jruby then: https://github.com/jruby/jruby/issues/6314

dhx commented 3 years ago

@robertpanzer the issue seems to be fixed now in jruby 9.3 with a new configuration option to specify the temporary directory to unpack the nested jars to 'ji.nested.jar.tmpdir' ( https://github.com/jruby/jruby/pull/6330/files ). Are there any plans to update asciidoctorj-pdf to a newer jruby version?

robertpanzer commented 3 years ago

The PR that you pointed to doesn't seem to be released yet. If I didn't look wrong the last release right now is 9.2.13.0. While that PR was also merged into the jruby 9.2 branch it doesn't seem to be there yet either.

Asciidoctorj-pdf does not have an own dependency on jruby, but asciidoctorj has. If a new version of jruby is released you should be able to override the version. There haven't been any issues with upgrading jruby recently.

dhx commented 3 years ago

@robertpanzer thanks for your fast response and the info about upgrading the jruby dependency :+1:

dhx commented 2 years ago

Closing as asciidoctorj is at jruby 9.3.4.0 meanwhile