java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • AccessControlException when undeploying application
    via by stephan.bublava,
  • Trouble with Connector/J in an applet
    via by apchar,
  • My Error ======= I have a Spring webapp running in Google App Engine (GAE). It has been running fine for more than a year, but once I upgraded to Spring 3.2.9.RELEASE, I started getting java.security.AccessControlException's (see stack trace below) when running the app in the AppEngine runtime (Note: the app works fine locally in the AppEngine devserver, which is basically a Jetty container). This is typical for appengine - the runtime classloader permissions are more restrictive in the production runtime than in the development server. Cause ===== My app has an HttpSessionEventPublisher configured to publish session events. It appears that SPR-11606 introduced subtle changes to AbstractApplicationEventMulticaster (https://github.com/spring-projects/spring-framework/commit/e1602f7f83ded6438ce1307605d4de2366cfb8f7#diff-2047c68c136729519797ac17b17a5bcc) on line 178 that start accessing the classloader of each event's "source" and "type". From my own investigation, it appears that while using SpringSocial (Facebook), the ProviderSignInUtils kicks off a new session, and when the AbstractApplicationEventMulticaster encounters this event, it attempts to get the ClassLoader for the following class, which is not allowed in Appengine: com.google.apphosting.runtime.jetty.SessionManager$AppEngineSession (throws the AccessControlException). I realize this is somewhat of an AppEngine issue, but am wondering if it makes sense for Spring to try and do something more appropriate here? As-is, anyone using HttpSessions with HttpSessionEventPublisher in AppEngine will probably break. Here's the stack trace: -- org.springframework.social.connect.web.ProviderSignInController signIn: Exception while building authorization URL: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at com.google.appengine.runtime.Request.process-b35531ed0170125f(Request.java) at java.lang.Class.getClassLoader(Class.java:445) at org.springframework.util.ClassUtils.isCacheSafe(ClassUtils.java:400) at org.springframework.context.event.AbstractApplicationEventMulticaster.getApplicationListeners(AbstractApplicationEventMulticaster.java:178) at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:86) at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:334) at org.springframework.security.web.session.HttpSessionEventPublisher.sessionCreated(HttpSessionEventPublisher.java:69) at org.mortbay.jetty.servlet.AbstractSessionManager.addSession(AbstractSessionManager.java:577) at org.mortbay.jetty.servlet.AbstractSessionManager.newHttpSession(AbstractSessionManager.java:415) at org.mortbay.jetty.Request.getSession(Request.java:1242) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216) at org.springframework.web.context.request.ServletRequestAttributes.getSession(ServletRequestAttributes.java:79) at org.springframework.web.context.request.ServletRequestAttributes.setAttribute(ServletRequestAttributes.java:127) at org.springframework.social.connect.web.HttpSessionSessionStrategy.setAttribute(HttpSessionSessionStrategy.java:8) at org.springframework.social.connect.web.ConnectSupport.buildOAuth2Url(ConnectSupport.java:223) at org.springframework.social.connect.web.ConnectSupport.buildOAuthUrl(ConnectSupport.java:128) at org.springframework.social.connect.web.ProviderSignInController.signIn(ProviderSignInController.java:175) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:45) at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:685) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:855) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    via by David Fuelling,
  • Java3D on Konqueror.
    via by 843799,
    • java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) at java.security.AccessController.checkPermission(AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.Class.getClassLoader(Class.java:588) at org.apache.commons.discovery.resource.ClassLoaders.getLibLoaders(ClassLoaders.java:174) at org.apache.commons.discovery.tools.DiscoverClass.find(DiscoverClass.java:355) at org.apache.commons.discovery.tools.DiscoverClass.newInstance(DiscoverClass.java:579) at org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.java:418) at org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.java:378) at org.apache.axis.components.logger.LogFactory$1.run(LogFactory.java:45) at java.security.AccessController.doPrivileged(Native Method) at org.apache.axis.components.logger.LogFactory.getLogFactory(LogFactory.java:41) at org.apache.axis.components.logger.LogFactory.<clinit>(LogFactory.java:33) at org.apache.axis.handlers.BasicHandler.<clinit>(BasicHandler.java:43) at org.apache.axis.client.Service.getAxisClient(Service.java:104) at org.apache.axis.client.Service.<init>(Service.java:113) at com.javr20n0.client.Javr20n0Client.run(Javr20n0Client.java:48) at com.portlet.GetClassInfoEntry.processAction(GetClassInfoEntry.java:45) at com.sun.portal.portletappengine.PortletAppEngineServlet.service(PortletAppEngineServlet.java:229) at javax.servlet.http.HttpServlet.service(HttpServlet.java:860) at sun.reflect.GeneratedMethodAccessor61.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:723) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:599) at org.apache.catalina.core.ApplicationDispatcher.access$100(ApplicationDispatcher.java:80) at org.apache.catalina.core.ApplicationDispatcher$PrivilegedInclude.run(ApplicationDispatcher.java:111) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:509) at com.sun.portal.container.portlet.impl.PortletContainer.invokePAE(PortletContainer.java:348) at com.sun.portal.container.portlet.impl.PortletContainer.executeAction(PortletContainer.java:219) at com.sun.portal.harness.HarnessPortletProvider.doProcessEdit(Unknown Source) at com.sun.portal.harness.HarnessPortletProvider.processEdit(Unknown Source) at com.sun.portal.harness.ProviderHarness.processEdit(Unknown Source) at com.sun.portal.harness.ProviderHarness.runAction(Unknown Source) at com.sun.portal.harness.ProviderHarness.restoreProvider(Unknown Source) at com.sun.portal.harness.ProviderHarness.getHarness(Unknown Source) at org.apache.jsp.desktop.default_.harness.PSSimTarget_jsp._jspService(PSSimTarget_jsp.java:125) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:105) at javax.servlet.http.HttpServlet.service(HttpServlet.java:860) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:336) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:251) at javax.servlet.http.HttpServlet.service(HttpServlet.java:860) at sun.reflect.GeneratedMethodAccessor61.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:723) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:599) at org.apache.catalina.core.ApplicationDispatcher.access$100(ApplicationDispatcher.java:80) at org.apache.catalina.core.ApplicationDispatcher$PrivilegedInclude.run(ApplicationDispatcher.java:111) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:509) at org.apache.jsp.PSSim_jsp._jspService(PSSim_jsp.java:53) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:105) at javax.servlet.http.HttpServlet.service(HttpServlet.java:860) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:336) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:251) at javax.servlet.http.HttpServlet.service(HttpServlet.java:860) at sun.reflect.GeneratedMethodAccessor61.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157) at com.sun.tools.ide.portletbuilder.harness.filters.EncodeFilter.doFilter(EncodeFilter.java:27) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:132) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:185) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:653) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:534) at com.sun.enterprise.web.connector.grizzly.ProcessorTask.doTask(ProcessorTask.java:403) at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:55) at org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.java:426) at org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.java:378) at org.apache.axis.components.logger.LogFactory$1.run(LogFactory.java:45) at java.security.AccessController.doPrivileged(Native Method) at org.apache.axis.components.logger.LogFactory.getLogFactory(LogFactory.java:41) at org.apache.axis.components.logger.LogFactory.<clinit>(LogFactory.java:33) Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) at java.security.AccessController.checkPermission(AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.Class.getClassLoader(Class.java:588) at org.apache.commons.discovery.resource.ClassLoaders.getLibLoaders(ClassLoaders.java:174) at org.apache.commons.discovery.tools.DiscoverClass.find(DiscoverClass.java:355) at org.apache.commons.discovery.tools.DiscoverClass.newInstance(DiscoverClass.java:579) at org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.java:418) ... 106 more

    Users with the same issue

    Unknown visitor1 times, last one,
    andyglick
    andyglick1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    71 more bugmates