velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robin Mannering" <robin_mannerin...@hotmail.com>
Subject Re: Velocity Config/Security Issue
Date Wed, 11 Oct 2006 22:08:29 GMT
Hi all,

Can anyone shed some light? I have some more facts now....

The original problem was Velocity required permission on a core package 
within catalina. Is this because it couldn't find the 'correct' request 
object.

Here are some logs, the first is from a Struts action class,  the second is 
output from the velocity template forwarded to immediately after the action 
class.  They refer to different request objects that ultimately give 
different values. Should the velocity template not also refer to 
org.apache.catalina.connector.RequestFacade@121d818 ??

Any help/clues would be greatly appreciated.

Log 1 - From action class
----------------------------------
11-Oct 17:52:49.647 |DEBUG|                TestAction.executeLogic           
    | request = 'org.apache.catalina.connector.RequestFacade@121d818'
11-Oct 17:52:49.648 |DEBUG|                TestAction.executeLogic           
    | request.getContextPath() = ''
11-Oct 17:52:49.648 |DEBUG|                TestAction.executeLogic           
    | request.getMethod() = 'GET'
11-Oct 17:52:49.649 |DEBUG|                TestAction.executeLogic           
    | request.getSession().getId() = '28536F4542A222DC6F0E6DE23442DC6D'
11-Oct 17:52:49.650 |DEBUG|                TestAction.executeLogic           
    | request.getRequestURI() = '/test.htm'
11-Oct 17:52:49.650 |DEBUG|                TestAction.executeLogic           
    | request.getRequestURL() = 'http://www.chaletexplorer.com/test.htm'
11-Oct 17:52:49.651 |DEBUG|                TestAction.executeLogic           
    | request.getServletPath() = '/test.htm'

Log 2 - From VM Template/page
-----------------------------
request = 'org.apache.catalina.core.ApplicationHttpRequest@76f954'

request.contextPath = '/'

request.method = 'GET'

request.session.id = '$request.session.id'

request.requestURI = '//test.vm'

request.requestURL = 'http://www.chaletexplorer.com//test.vm'

request.servletPath = '/test.vm'







>From: "Will Glass-Husain" <wglass@forio.com>
>Reply-To: "Velocity Users List" <velocity-user@jakarta.apache.org>
>To: "Velocity Users List" <velocity-user@jakarta.apache.org>
>Subject: Re: Velocity Config/Security Issue
>Date: Wed, 11 Oct 2006 06:25:35 -0700
>
>I don't think it's Velocity which requires that permission, I'm
>guessing it's the request object which is ultimately provided by
>Tomcat...
>
>WILL
>
>On 10/11/06, Robin Mannering <robin_mannering75@hotmail.com> wrote:
>>Hi Will,
>>
>>Thanks for the links, I'll give them a thorough read.
>>
>>I've been working with the hosting company who set up the server config 
>>and
>>they have give the application permission to org.apache.catalina.core
>>although they are troubled to do so.
>>
>>They seem very surprised that velocity requires this permission.
>>
>>Since they granted the permission, the problem has cleared up and
>>$request.contextPath now has a value within a velocity template (although
>>this has changed from an empty value to '/' so I need to make source
>>amendments.  Not a problem, just worrying it takes on a new value in a
>>different hosting environment.
>>
>>Thanks again for your help
>>Robin
>>
>>
>> >From: "Will Glass-Husain" <wglass@forio.com>
>> >Reply-To: "Velocity Users List" <velocity-user@jakarta.apache.org>
>> >To: "Velocity Users List" <velocity-user@jakarta.apache.org>
>> >Subject: Re: Velocity Config/Security Issue
>> >Date: Tue, 10 Oct 2006 15:04:32 -0700
>> >
>> >What app server are you using?  This is a server configuration issue.
>> >If someone else set it up, you might also want to work with them.
>> >
>> >If you're using Tomcat, check out:
>> >http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
>> >
>> >And you should read the Sun docs at:
>> >http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html
>> >
>> >WILL
>> >
>> >On 10/10/06, Robin Mannering <robin_mannering75@hotmail.com> wrote:
>> >>Hi Will,
>> >>
>> >>thanks for your help. Sorry. I'm new to permissions, could you explain 
>>a
>> >>little more for me please.
>> >>
>> >>Thanks
>> >>Robin
>> >>
>> >>
>> >> >From: "Will Glass-Husain" <wglass@forio.com>
>> >> >Reply-To: "Velocity Users List" <velocity-user@jakarta.apache.org>
>> >> >To: "Velocity Users List" <velocity-user@jakarta.apache.org>
>> >> >Subject: Re: Velocity Config/Security Issue
>> >> >Date: Tue, 10 Oct 2006 08:24:57 -0700
>> >> >
>> >> >Looks like the security policy on your app server needs to be tuned.
>> >> >Have you tried giving the permission java.lang.RuntimePermission for
>> >> >accessClassInPackage.org.apache.catalina.core?
>> >> >
>> >> >WILL
>> >> >
>> >> >On 10/10/06, Robin Mannering <robin_mannering75@hotmail.com> wrote:
>> >> >>Hi all,
>> >> >>
>> >> >>I'm new back on this list in a while, please excuse if the following
>> >> >>problem
>> >> >>is obvious/has been posted before.
>> >> >>
>> >> >>I am transferring an existing site based on Struts/Velocity to a
new
>> >>web
>> >> >>hosting provider.  The application runs smoothly on its current

>>host.
>> >> >>
>> >> >>However, there seems to be one last stumbling block with the new

>>server
>> >>in
>> >> >>that the Struts object; 'request' appears not to be in scope within
>> >> >>velocity
>> >> >>pages (there may be others not in scope).
>> >> >>
>> >> >>I'm using the VelocityLayoutServlet if that helps.
>> >> >>
>> >> >>I've attached a snippet of the log file that points to the problem
I
>> >> >>mentioned, notable the 'java.security.AccessControlException' and
>> >> >>'$request.contextPath is not a valid reference'
>> >> >>
>> >> >>All other velocity directives appear to be functioning as normal.
>> >> >>
>> >> >>Has anyone seen this behaviour before? Any help would be greatly
>> >> >>appreciated.
>> >> >>
>> >> >>Kind regards
>> >> >>Robin
>> >> >>
>> >> >>10-Oct 02:45:21.752 |INFO |                       [/].log
>> >> >>     |  Velocity   [info] ResourceManager : found
>> >>/pages/frontend/home.vm
>> >> >>with loader org.apache.velocity.tools.view.servlet.WebappLoader
>> >> >>10-Oct 02:45:21.761 |INFO |                       [/].log
>> >> >>     |  Velocity  [error] PROGRAMMER ERROR : PropertyExector() :
>> >> >>java.security.AccessControlException: access denied
>> >> >>(java.lang.RuntimePermission
>> >> >>accessClassInPackage.org.apache.catalina.core)
>> >> >>10-Oct 02:45:21.763 |INFO |                       [/].log
>> >> >>     |  Velocity  [error] ASTIdentifier.execute() : identifier =
>> >> >>contextPath
>> >> >>: java.security.AccessControlException: access denied
>> >> >>(java.lang.RuntimePermission
>> >> >>accessClassInPackage.org.apache.catalina.core)
>> >> >>10-Oct 02:45:21.764 |INFO |                       [/].log
>> >> >>     |  Velocity  [error] RHS of #set statement is null. Context

>>will
>> >>not
>> >> >>be
>> >> >>modified. /pages/frontend/home.vm [line 9, column 1]
>> >> >>10-Oct 02:45:21.772 |INFO |                       [/].log
>> >> >>     |  Velocity  [error] PROGRAMMER ERROR : PropertyExector() :
>> >> >>java.security.AccessControlException: access denied
>> >> >>(java.lang.RuntimePermission
>> >> >>accessClassInPackage.org.apache.catalina.core)
>> >> >>10-Oct 02:45:21.773 |INFO |                       [/].log
>> >> >>     |  Velocity  [error] ASTIdentifier.execute() : identifier =
>> >> >>contextPath
>> >> >>: java.security.AccessControlException: access denied
>> >> >>(java.lang.RuntimePermission
>> >> >>accessClassInPackage.org.apache.catalina.core)
>> >> >>10-Oct 02:45:21.774 |INFO |                       [/].log
>> >> >>     |  Velocity   [warn]
>> >> >>org.apache.velocity.runtime.exception.ReferenceException: reference

>>:
>> >> >>template = /pages/frontend/home.vm [line 32,column 34] :
>> >> >>$request.contextPath is not a valid reference.
>> >> >>
>> >> >>_________________________________________________________________
>> >> >>Windows Live™ Messenger has arrived. Click here to download it for
>> >>free!
>> >> >>http://imagine-msn.com/messenger/launch80/?locale=en-gb
>> >> >>
>> >> >>
>> >> 
>> >>---------------------------------------------------------------------
>> >> >>To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
>> >> >>For additional commands, e-mail: 
>>velocity-user-help@jakarta.apache.org
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >> >--
>> >> >Forio Business Simulations
>> >> >
>> >> >Will Glass-Husain
>> >> >wglass@forio.com
>> >> >www.forio.com
>> >> >
>> >> >---------------------------------------------------------------------
>> >> >To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
>> >> >For additional commands, e-mail: 
>>velocity-user-help@jakarta.apache.org
>> >> >
>> >>
>> >>_________________________________________________________________
>> >>Be the first to hear what's new at MSN - sign up to our free 
>>newsletters!
>> >>http://www.msn.co.uk/newsletters
>> >>
>> >>
>> >>---------------------------------------------------------------------
>> >>To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
>> >>For additional commands, e-mail: velocity-user-help@jakarta.apache.org
>> >>
>> >>
>> >
>> >
>> >--
>> >Forio Business Simulations
>> >
>> >Will Glass-Husain
>> >wglass@forio.com
>> >www.forio.com
>> >
>> >---------------------------------------------------------------------
>> >To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
>> >For additional commands, e-mail: velocity-user-help@jakarta.apache.org
>> >
>>
>>_________________________________________________________________
>>Download the new Windows Live Toolbar, including Desktop search!
>>http://toolbar.live.com/?mkt=en-gb
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: velocity-user-help@jakarta.apache.org
>>
>>
>
>
>--
>Forio Business Simulations
>
>Will Glass-Husain
>wglass@forio.com
>www.forio.com
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: velocity-user-help@jakarta.apache.org
>

_________________________________________________________________
Windows Live™ Messenger has arrived. Click here to download it for free! 
http://imagine-msn.com/messenger/launch80/?locale=en-gb


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org


Mime
View raw message