java.security.AccessControlException

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • My Error ======= I have a Spring webapp running in Google App Engine (GAE). It has been running fine for more than a year, but once I upgraded to Spring 3.2.9.RELEASE, I started getting java.security.AccessControlException's (see stack trace below) when running the app in the AppEngine runtime (Note: the app works fine locally in the AppEngine devserver, which is basically a Jetty container). This is typical for appengine - the runtime classloader permissions are more restrictive in the production runtime than in the development server. Cause ===== My app has an HttpSessionEventPublisher configured to publish session events. It appears that SPR-11606 introduced subtle changes to AbstractApplicationEventMulticaster (https://github.com/spring-projects/spring-framework/commit/e1602f7f83ded6438ce1307605d4de2366cfb8f7#diff-2047c68c136729519797ac17b17a5bcc) on line 178 that start accessing the classloader of each event's "source" and "type". From my own investigation, it appears that while using SpringSocial (Facebook), the ProviderSignInUtils kicks off a new session, and when the AbstractApplicationEventMulticaster encounters this event, it attempts to get the ClassLoader for the following class, which is not allowed in Appengine: com.google.apphosting.runtime.jetty.SessionManager$AppEngineSession (throws the AccessControlException). I realize this is somewhat of an AppEngine issue, but am wondering if it makes sense for Spring to try and do something more appropriate here? As-is, anyone using HttpSessions with HttpSessionEventPublisher in AppEngine will probably break. Here's the stack trace: -- org.springframework.social.connect.web.ProviderSignInController signIn: Exception while building authorization URL: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at com.google.appengine.runtime.Request.process-b35531ed0170125f(Request.java) at java.lang.Class.getClassLoader(Class.java:445) at org.springframework.util.ClassUtils.isCacheSafe(ClassUtils.java:400) at org.springframework.context.event.AbstractApplicationEventMulticaster.getApplicationListeners(AbstractApplicationEventMulticaster.java:178) at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:86) at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:334) at org.springframework.security.web.session.HttpSessionEventPublisher.sessionCreated(HttpSessionEventPublisher.java:69) at org.mortbay.jetty.servlet.AbstractSessionManager.addSession(AbstractSessionManager.java:577) at org.mortbay.jetty.servlet.AbstractSessionManager.newHttpSession(AbstractSessionManager.java:415) at org.mortbay.jetty.Request.getSession(Request.java:1242) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216) at org.springframework.web.context.request.ServletRequestAttributes.getSession(ServletRequestAttributes.java:79) at org.springframework.web.context.request.ServletRequestAttributes.setAttribute(ServletRequestAttributes.java:127) at org.springframework.social.connect.web.HttpSessionSessionStrategy.setAttribute(HttpSessionSessionStrategy.java:8) at org.springframework.social.connect.web.ConnectSupport.buildOAuth2Url(ConnectSupport.java:223) at org.springframework.social.connect.web.ConnectSupport.buildOAuthUrl(ConnectSupport.java:128) at org.springframework.social.connect.web.ProviderSignInController.signIn(ProviderSignInController.java:175) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:45) at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:685) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:855) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    via by David Fuelling,
  • My Error ======= I have a Spring webapp running in Google App Engine (GAE). It has been running fine for more than a year, but once I upgraded to Spring 3.2.9.RELEASE, I started getting java.security.AccessControlException's (see stack trace below) when running the app in the AppEngine runtime (Note: the app works fine locally in the AppEngine devserver, which is basically a Jetty container). This is typical for appengine - the runtime classloader permissions are more restrictive in the production runtime than in the development server. Cause ===== My app has an HttpSessionEventPublisher configured to publish session events. It appears that SPR-11606 introduced subtle changes to AbstractApplicationEventMulticaster (https://github.com/spring-projects/spring-framework/commit/e1602f7f83ded6438ce1307605d4de2366cfb8f7#diff-2047c68c136729519797ac17b17a5bcc) on line 178 that start accessing the classloader of each event's "source" and "type". From my own investigation, it appears that while using SpringSocial (Facebook), the ProviderSignInUtils kicks off a new session, and when the AbstractApplicationEventMulticaster encounters this event, it attempts to get the ClassLoader for the following class, which is not allowed in Appengine: com.google.apphosting.runtime.jetty.SessionManager$AppEngineSession (throws the AccessControlException). I realize this is somewhat of an AppEngine issue, but am wondering if it makes sense for Spring to try and do something more appropriate here? As-is, anyone using HttpSessions with HttpSessionEventPublisher in AppEngine will probably break. Here's the stack trace: -- org.springframework.social.connect.web.ProviderSignInController signIn: Exception while building authorization URL: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at com.google.appengine.runtime.Request.process-b35531ed0170125f(Request.java) at java.lang.Class.getClassLoader(Class.java:445) at org.springframework.util.ClassUtils.isCacheSafe(ClassUtils.java:400) at org.springframework.context.event.AbstractApplicationEventMulticaster.getApplicationListeners(AbstractApplicationEventMulticaster.java:178) at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:86) at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:334) at org.springframework.security.web.session.HttpSessionEventPublisher.sessionCreated(HttpSessionEventPublisher.java:69) at org.mortbay.jetty.servlet.AbstractSessionManager.addSession(AbstractSessionManager.java:577) at org.mortbay.jetty.servlet.AbstractSessionManager.newHttpSession(AbstractSessionManager.java:415) at org.mortbay.jetty.Request.getSession(Request.java:1242) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216) at org.springframework.web.context.request.ServletRequestAttributes.getSession(ServletRequestAttributes.java:79) at org.springframework.web.context.request.ServletRequestAttributes.setAttribute(ServletRequestAttributes.java:127) at org.springframework.social.connect.web.HttpSessionSessionStrategy.setAttribute(HttpSessionSessionStrategy.java:8) at org.springframework.social.connect.web.ConnectSupport.buildOAuth2Url(ConnectSupport.java:223) at org.springframework.social.connect.web.ConnectSupport.buildOAuthUrl(ConnectSupport.java:128) at org.springframework.social.connect.web.ProviderSignInController.signIn(ProviderSignInController.java:175) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:45) at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:685) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:855) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    via by David Fuelling,
  • Trouble with Connector/J in an applet
    via by apchar,
  • Java3D on Konqueror.
    via by 843799,
  • AccessControlException when undeploying application
    via by stephan.bublava,
    • java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at com.google.appengine.runtime.Request.process-b35531ed0170125f(Request.java) at java.lang.Class.getClassLoader(Class.java:445) at org.springframework.util.ClassUtils.isCacheSafe(ClassUtils.java:400) at org.springframework.context.event.AbstractApplicationEventMulticaster.getApplicationListeners(AbstractApplicationEventMulticaster.java:178) at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:86) at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:334) at org.springframework.security.web.session.HttpSessionEventPublisher.sessionCreated(HttpSessionEventPublisher.java:69) at org.mortbay.jetty.servlet.AbstractSessionManager.addSession(AbstractSessionManager.java:577) at org.mortbay.jetty.servlet.AbstractSessionManager.newHttpSession(AbstractSessionManager.java:415) at org.mortbay.jetty.Request.getSession(Request.java:1242) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216) at org.springframework.web.context.request.ServletRequestAttributes.getSession(ServletRequestAttributes.java:79) at org.springframework.web.context.request.ServletRequestAttributes.setAttribute(ServletRequestAttributes.java:127) at org.springframework.social.connect.web.HttpSessionSessionStrategy.setAttribute(HttpSessionSessionStrategy.java:8) at org.springframework.social.connect.web.ConnectSupport.buildOAuth2Url(ConnectSupport.java:223) at org.springframework.social.connect.web.ConnectSupport.buildOAuthUrl(ConnectSupport.java:128) at org.springframework.social.connect.web.ProviderSignInController.signIn(ProviderSignInController.java:175) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:45) at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:685) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:855) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    No Bugmate found.