web start deployment only works if ejbs are looked up through dependency injection

[glassfishrobot]

I have a test javaee client app thats contained in a ear file. the client uses 2 variants to call the ejbs: 1.) using DI in the main class 2.) using initialcontext.lookup()

Running with appclient both variants work. Accessing the client through webstart feature fails for (2) catching a security exception. Using Dependency Injection works. It seems that the appserver jar files used for loading the ee orb are not signed or the policy file generated is incorrect.

INFO: ACC009: Load Application Class: [enterpriseapplication2.Main] GroupInfoServiceBase(javawsApplicationMain): .notifyObservers->: GroupInfoServiceBase(javawsApplicationMain): .notifyObservers: com.sun.appserv.naming.GroupInfoServiceObserverImpl@145e2d5 18.04.2007 11:32:30 com.sun.appserv.naming.RoundRobinPolicy setClusterInstanceInfo INFO: endpoint.weight after checking isWeight = 10 18.04.2007 11:32:30 com.sun.appserv.naming.RoundRobinPolicy setClusterInstanceInfo INFO: endpoint.weight after checking isWeight = 10 18.04.2007 11:32:30 com.sun.appserv.naming.RoundRobinPolicy setClusterInstanceInfo INFO: sumOfAllWeights = 20 GroupInfoServiceBase(javawsApplicationMain): .notifyObservers<-: 18.04.2007 11:32:30 com.sun.enterprise.appclient.MainWithModuleSupport INFO: Application main() returned; GUI elements may be continuing to run Exception in thread "AWT-EventQueue-0" java.lang.ExceptionInInitializerError at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Unknown Source) at com.sun.naming.internal.VersionHelper12.loadClass(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.InitialContext.(Unknown Source) at enterpriseapplication2.NewJFrame.jButton3ActionPerformed(NewJFrame.java:129) at enterpriseapplication2.NewJFrame.access$100(NewJFrame.java:18) at enterpriseapplication2.NewJFrame$2.actionPerformed(NewJFrame.java:55) at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.setPressed(Unknown Source) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) at java.awt.Component.processMouseEvent(Unknown Source) at javax.swing.JComponent.processMouseEvent(Unknown Source) at java.awt.Component.processEvent(Unknown Source) at java.awt.Container.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.run(Unknown Source) Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission org.omg.CORBA.ORBClass read) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPropertyAccess(Unknown Source) at java.lang.System.getProperty(Unknown Source) at com.sun.enterprise.util.ORBManager$1.run(ORBManager.java:369) at java.security.AccessController.doPrivileged(Native Method) at com.sun.enterprise.util.ORBManager.setORBSystemProperties(ORBManager.java:366) at com.sun.en

As the EJB3 limitation for Dep Injection to the main class only is pretty annoying we can expect that many people will run into this as they do traditional lookups for clients deployed using webstart.

test ear is attached.

Environment

Operating System: All Platform: All

Affected Versions

[9.1pe]

[glassfishrobot]

• Issue Imported From: https://github.com/javaee/glassfish/issues/2856
• Original Issue Raised By:@glassfishrobot
• Original Issue Assigned To: @yaminikb
• Original Issue Closed By:@glassfishrobot

[glassfishrobot]

@glassfishrobot Commented barz26 said: Created an attachment (id=872) test ear file - deploy to GF V2 and access client with webstart

[glassfishrobot]

@glassfishrobot Commented gfbugbridge said:

[glassfishrobot]

@glassfishrobot Commented @tjquinno said: I will need to work with the ORB folks to understand more about why the security issue is arising during a Java Web Start launch. The Java Web Start-aware app client container takes steps to grant the necessary permissions to code that comes from the app server, including the ORB code, but clearly something is not quite right.

[glassfishrobot]

@glassfishrobot Commented @tjquinno said: Hi, again.

Which specific build of GlassFish V2 are you using?

• Tim

[glassfishrobot]

@glassfishrobot Commented @tjquinno said: Sorry for the multiple short messages. I assume you are using Java SE 6 (given the references in the client to javax.swing.grouplayout). Is that right?

Thanks.

• Tim

[glassfishrobot]

@glassfishrobot Commented @tjquinno said: barz26 responded that JDK 6.0u1 and GlassFish b41c are in use.

[glassfishrobot]

@glassfishrobot Commented @tjquinno said: I was able to reproduce this problem in my environment.

I have a candidate fix I am testing. Looks promising.

[glassfishrobot]

@glassfishrobot Commented @tjquinno said: Fixes checked in.

The problem turned out to be this:

During a Java Web Start launch the event dispatcher thread runs with a context class loader assigned by Java Web Start before the app client container (ACC) code ever runs. This is a different class loader from the one the ACC prepares and intends for the app client to use. When code triggered by a U/I gesture would run and trigger access to a remote bean, for example, the ORB could not locate the required classes or interfaces since the thread's class loader excluded any user-provided code. The ORB reported this as a security violation.

The fix explicitly sets the context class loader for the event dispatcher thread to the loader that the ACC sets up as part of the ACC initialization if a Java Web Start launch is in progress.

[glassfishrobot]

@glassfishrobot Commented @tjquinno said: Marking as fixed.

[glassfishrobot]

@glassfishrobot Commented @tjquinno said: Jagadesh found a typo in the earlier check-in.

[glassfishrobot]

@glassfishrobot Commented @tjquinno said: The problem Jagadish found is due to the fact that the system property that points to the Derby installation directory was not needed inside the ACC before this change. (The corresponding environment variable defined in asenv was used in constructing the system class path to include the derby jar.)

Now that the JAR must be added to the class path of the EJBClassLoader inside the ACC, the system property pointing to the Derby root must be defined for the JVM.

The fix is working in my local workspace, and testing is underway.

(also added Jagadish to the cc list)

[glassfishrobot]

@glassfishrobot Commented @tjquinno said: Fixes checked in.

Checking in misc/templates/appclient.bat.template; /cvs/glassfish/appserv-core/misc/templates/appclient.bat.template,v <-- appclient.bat.template new revision: 1.19; previous revision: 1.18 done Checking in misc/templates/appclient.template; /cvs/glassfish/appserv-core/misc/templates/appclient.template,v <-- appclient.template new revision: 1.15; previous revision: 1.14 done Checking in src/java/com/sun/enterprise/appclient/jws/AppclientJWSSupportInfo.java; /cvs/glassfish/appserv-core/src/java/com/sun/enterprise/appclient/jws/AppclientJWSSupportInfo.java,v <-- AppclientJWSSupportInfo.java new revision: 1.37; previous revision: 1.36 done Checking in src/java/com/sun/enterprise/appclient/MainWithModuleSupport.java; /cvs/glassfish/appserv-core/src/java/com/sun/enterprise/appclient/MainWithModuleSupport.java,v <-- MainWithModuleSupport.java new revision: 1.25; previous revision: 1.24 done

[glassfishrobot]

@glassfishrobot Commented File: EnterpriseApplication2.ear Attached By: barz26

[glassfishrobot]

@glassfishrobot Commented Was assigned to tjquinno

[glassfishrobot]

@glassfishrobot Commented This issue was imported from java.net JIRA GLASSFISH-2856

[glassfishrobot]

@glassfishrobot Commented Reported by barz26

[glassfishrobot]

@glassfishrobot Commented Marked as fixed on Thursday, May 31st 2007, 4:03:27 am