2) I can install jguard with no modify about jvm setting? I preferr all file in my web-app
3) When I launch example I get this error:
Server default ready (startup time: 6 seconds)
12/29 18:25:27 info Deploying web application "jGuardExample" from: file:/opt/jrun4/servers/default/jgard/
####### loading jGuardPolicy ###########
the applicationName param value doesn't match with an appConfiguration Entry configured by the ADMINISTRATOR
webApplication stops
you MUST place jGuard_j2ee_x.xx.jar in each webapp directory and NOT in the 'shared librairies directory for webapps'
12/29 18:25:27 error Error loading class for Filter AccessFilter: Filter is disabled.
[1]net.sf.jguard.authorization.AuthorizationException: the applicationName param value doesn't match with an appConfiguration Entry configured by the ADMINISTRATOR in the jGuard.loginScheme file
webApplication stops
at net.sf.jguard.security.JGuardPolicy.defineAuthorisations(JGuardPolicy.java:247)
at net.sf.jguard.filters.AccessFilter.init(AccessFilter.java:169)
at jrun.servlet.FilterObject.init(FilterObject.java:63)
at jrun.servlet.FilterManager.loadFilter(FilterManager.java:195)
at jrun.servlet.FilterManager.init(FilterManager.java:155)
at jrun.servlet.FilterManager.create(FilterManager.java:74)
at jrun.servlet.WebApplicationService.start(WebApplicationService.java:223)
at jrun.deployment.DeployerService.initModules(DeployerService.java:710)
at jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.java:242)
at jrun.deployment.DeployerService.deploy(DeployerService.java:430)
at jrun.deployment.DeployerService.checkWatchedDirectories(DeployerService.java:179)
at jrun.deployment.DeployerService.run(DeployerService.java:891)
at jrunx.scheduler.SchedulerService.invokeRunnable(SchedulerService.java:223)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:349)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:457)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:295)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
[0]javax.servlet.ServletException: jGuard requirement: you MUST place jGuard_j2ee_x.xx.jar in each webapp directory and NOT in the 'shared librairies directory for webapps'
at net.sf.jguard.filters.AccessFilter.init(AccessFilter.java:173)
at jrun.servlet.FilterObject.init(FilterObject.java:63)
at jrun.servlet.FilterManager.loadFilter(FilterManager.java:195)
at jrun.servlet.FilterManager.init(FilterManager.java:155)
at jrun.servlet.FilterManager.create(FilterManager.java:74)
at jrun.servlet.WebApplicationService.start(WebApplicationService.java:223)
at jrun.deployment.DeployerService.initModules(DeployerService.java:710)
at jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.java:242)
at jrun.deployment.DeployerService.deploy(DeployerService.java:430)
at jrun.deployment.DeployerService.checkWatchedDirectories(DeployerService.java:179)
at jrun.deployment.DeployerService.run(DeployerService.java:891)
at jrunx.scheduler.SchedulerService.invokeRunnable(SchedulerService.java:223)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:349)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:457)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:295)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
Thanks in advance for any answer.
regards lorenzo
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
After this error I can't restar my application server (jrun4)
I get this exception:
java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.RemoteException: ; nested exception is:
java.security.AccessControlException: access denied (java.lang.RuntimePermission getServerIdentity)
at jrunx.cluster.ClusterAlgorithm.invokeService(ClusterAlgorithm.java:127)
at jrunx.cluster.ClusterAlgorithm.invokeService(ClusterAlgorithm.java:80)
at jrunx.rmi.Invocation.invoke(Invocation.java:304)
at jrunx.rmi.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:177)
at jrunx.rmi.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:154)
at $Proxy1.invoke(Unknown Source)
at jrunx.launcher.Launcher.status(Launcher.java:565)
at jrunx.launcher.Launcher.stop(Launcher.java:316)
at jrunx.kernel.JRun.stop(JRun.java:361)
at jrunx.kernel.JRun.stop(JRun.java:353)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at jrunx.kernel.JRun.invoke(JRun.java:180)
at jrunx.kernel.JRun.main(JRun.java:168)
Caused by: java.rmi.RemoteException: ; nested exception is:
java.security.AccessControlException: access denied (java.lang.RuntimePermission getServerIdentity)
at jrunx.rmi.RMIBroker.invoke(RMIBroker.java:186)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:534)
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getServerIdentity)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at jrunx.kernel.security.JRunIdentityService.getLocalServerIdentity(JRunIdentityService.java:34)
at jrun.naming.JndiSecurityHelper$1.run(JndiSecurityHelper.java:36)
at java.security.AccessController.doPrivileged(Native Method)
at jrun.naming.JndiSecurityHelper.getServerIdentityPriveleged(JndiSecurityHelper.java:31)
at jrun.naming.NamingService.lookupInServerContext(NamingService.java:936)
at jrunx.rmi.RMIBroker.getSecurityManager(RMIBroker.java:374)
at jrunx.rmi.RMIBroker.isSecIdValidOnTheServer(RMIBroker.java:388)
at jrunx.rmi.RMIBroker.invokeService(RMIBroker.java:253)
at jrunx.rmi.RMIBroker.invoke(RMIBroker.java:137)
... 11 more
regards Lorenzo
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
hi Lorenzo,
some points about your questions:
1)and 2) i 'm agree that append the java bootclasspath is not so usual...
but jGuard requires to do it!
you cannot replace this mechanism with some jars or some settings under your WEB-INF directory....
i recognise this setting is not so "beautiful", but we cannot do it in another way.....
So, you must follow the installation procedure.
firstly, to test quickly jGuard, you can follow the quick start guide (http://jguard.sourceforge.net/4.php).
=> this guide only show to you mandatory steps.
3)this stack trace here because you have not followed the quick start guide:
the j2ee part of jGuard cannot find the jGuard Policy (this part will find it only if you place the jGuard_jvm_x.xx.jar in the right place, and if you append your bootclasspath).
And when you want to restart your applications erver, and if the jGuard filter is configured, it auto-detect that jGuard is not configured and try to configure it, but doesn't find the class....
in conclusion:
your problems should disappear if you follow the quick start guide.
=> if you have other problems, say it and i will help you!(i have not tested jGuard on jrun=> so i'm interested twice! ;-) )
the installation steps on jrun are not povided on the jGuard web site=> you should look at the jrun documentation to know how to append the bootxlasspath (on tomcat, it is with the JAVA_OPTS variable).
sincerly yours,
Charles(jGuard team).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
first, many thanks for the answers.
I will try to install jguard and I follow all step :)
I would like understand why jguard requiremet is append it to the jvm classpath. I guess the problem it's jaas but in all simple example it seems no a must.
Anyway your work it's great and I hope can use it.
regards Lorenzo
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
hi Lorenzo,
the reason to append the bootclasspath is because
jGuard use his own Policy class , to interact with the JAAS framework.
the default Policy (provided by sun) is configured via a file : configuration cannot be changed on the fly (or with the Policy's refresh method, but your application restart), and doesn't protect ressources like URL.
it protects only file ressources, system properties and so on...but not URLs which are webapp ressources.
jGuard permits to refresh your configuration too, but only for your webapp, which is more suitable.
so, to use the JGuardPolicy class, the java application (in our case, your application server), should locate this class.
the only tips to do that is to append the bootclasspath.
i hope it clarifies the bootclasspath requirement.
sincerly yours,
charles (jGuard team).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
hi lorenzo, just some tips found to append the bootclasspath on jrun4:
the jvm configuration in jrun is (default location) here:
jrun_root/bin/jvm.config
so, in the "jvm.config" file, edit the "java.args" line, and add the -Xbootclasspath/a:C:/java/j2sdk1.4.2_04/jre/lib/jGuard_jvm_0.64.jar;
C:/java/j2sdk1.4.2_04/jre/lib/pg73jdbc3.jar;C:/java/j2sdk1.4.2_04/jre/lib/dom4j-1.5.1.jar;
arguments by example(your java.home can be different, and maybe you do not use the jdbc postgresql driver like above).
hope it helps,
charles (jGuard team).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi to all,
I am a newbie of jguard but I think it's a good idea.
I have some question:
1) in j2ee application I need add this path:
http://jguard.sourceforge.net/7.php?
I can't put this just in my /web-inf?
2) I can install jguard with no modify about jvm setting? I preferr all file in my web-app
3) When I launch example I get this error:
Server default ready (startup time: 6 seconds)
12/29 18:25:27 info Deploying web application "jGuardExample" from: file:/opt/jrun4/servers/default/jgard/
####### loading jGuardPolicy ###########
the applicationName param value doesn't match with an appConfiguration Entry configured by the ADMINISTRATOR
webApplication stops
you MUST place jGuard_j2ee_x.xx.jar in each webapp directory and NOT in the 'shared librairies directory for webapps'
12/29 18:25:27 error Error loading class for Filter AccessFilter: Filter is disabled.
[1]net.sf.jguard.authorization.AuthorizationException: the applicationName param value doesn't match with an appConfiguration Entry configured by the ADMINISTRATOR in the jGuard.loginScheme file
webApplication stops
at net.sf.jguard.security.JGuardPolicy.defineAuthorisations(JGuardPolicy.java:247)
at net.sf.jguard.filters.AccessFilter.init(AccessFilter.java:169)
at jrun.servlet.FilterObject.init(FilterObject.java:63)
at jrun.servlet.FilterManager.loadFilter(FilterManager.java:195)
at jrun.servlet.FilterManager.init(FilterManager.java:155)
at jrun.servlet.FilterManager.create(FilterManager.java:74)
at jrun.servlet.WebApplicationService.start(WebApplicationService.java:223)
at jrun.deployment.DeployerService.initModules(DeployerService.java:710)
at jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.java:242)
at jrun.deployment.DeployerService.deploy(DeployerService.java:430)
at jrun.deployment.DeployerService.checkWatchedDirectories(DeployerService.java:179)
at jrun.deployment.DeployerService.run(DeployerService.java:891)
at jrunx.scheduler.SchedulerService.invokeRunnable(SchedulerService.java:223)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:349)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:457)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:295)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
[0]javax.servlet.ServletException: jGuard requirement: you MUST place jGuard_j2ee_x.xx.jar in each webapp directory and NOT in the 'shared librairies directory for webapps'
at net.sf.jguard.filters.AccessFilter.init(AccessFilter.java:173)
at jrun.servlet.FilterObject.init(FilterObject.java:63)
at jrun.servlet.FilterManager.loadFilter(FilterManager.java:195)
at jrun.servlet.FilterManager.init(FilterManager.java:155)
at jrun.servlet.FilterManager.create(FilterManager.java:74)
at jrun.servlet.WebApplicationService.start(WebApplicationService.java:223)
at jrun.deployment.DeployerService.initModules(DeployerService.java:710)
at jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.java:242)
at jrun.deployment.DeployerService.deploy(DeployerService.java:430)
at jrun.deployment.DeployerService.checkWatchedDirectories(DeployerService.java:179)
at jrun.deployment.DeployerService.run(DeployerService.java:891)
at jrunx.scheduler.SchedulerService.invokeRunnable(SchedulerService.java:223)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:349)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:457)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:295)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
Thanks in advance for any answer.
regards lorenzo
After this error I can't restar my application server (jrun4)
I get this exception:
java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.RemoteException: ; nested exception is:
java.security.AccessControlException: access denied (java.lang.RuntimePermission getServerIdentity)
at jrunx.cluster.ClusterAlgorithm.invokeService(ClusterAlgorithm.java:127)
at jrunx.cluster.ClusterAlgorithm.invokeService(ClusterAlgorithm.java:80)
at jrunx.rmi.Invocation.invoke(Invocation.java:304)
at jrunx.rmi.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:177)
at jrunx.rmi.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:154)
at $Proxy1.invoke(Unknown Source)
at jrunx.launcher.Launcher.status(Launcher.java:565)
at jrunx.launcher.Launcher.stop(Launcher.java:316)
at jrunx.kernel.JRun.stop(JRun.java:361)
at jrunx.kernel.JRun.stop(JRun.java:353)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at jrunx.kernel.JRun.invoke(JRun.java:180)
at jrunx.kernel.JRun.main(JRun.java:168)
Caused by: java.rmi.RemoteException: ; nested exception is:
java.security.AccessControlException: access denied (java.lang.RuntimePermission getServerIdentity)
at jrunx.rmi.RMIBroker.invoke(RMIBroker.java:186)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:534)
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getServerIdentity)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at jrunx.kernel.security.JRunIdentityService.getLocalServerIdentity(JRunIdentityService.java:34)
at jrun.naming.JndiSecurityHelper$1.run(JndiSecurityHelper.java:36)
at java.security.AccessController.doPrivileged(Native Method)
at jrun.naming.JndiSecurityHelper.getServerIdentityPriveleged(JndiSecurityHelper.java:31)
at jrun.naming.NamingService.lookupInServerContext(NamingService.java:936)
at jrunx.rmi.RMIBroker.getSecurityManager(RMIBroker.java:374)
at jrunx.rmi.RMIBroker.isSecIdValidOnTheServer(RMIBroker.java:388)
at jrunx.rmi.RMIBroker.invokeService(RMIBroker.java:253)
at jrunx.rmi.RMIBroker.invoke(RMIBroker.java:137)
... 11 more
regards Lorenzo
hi Lorenzo,
some points about your questions:
1)and 2) i 'm agree that append the java bootclasspath is not so usual...
but jGuard requires to do it!
you cannot replace this mechanism with some jars or some settings under your WEB-INF directory....
i recognise this setting is not so "beautiful", but we cannot do it in another way.....
So, you must follow the installation procedure.
firstly, to test quickly jGuard, you can follow the quick start guide (http://jguard.sourceforge.net/4.php).
=> this guide only show to you mandatory steps.
3)this stack trace here because you have not followed the quick start guide:
the j2ee part of jGuard cannot find the jGuard Policy (this part will find it only if you place the jGuard_jvm_x.xx.jar in the right place, and if you append your bootclasspath).
And when you want to restart your applications erver, and if the jGuard filter is configured, it auto-detect that jGuard is not configured and try to configure it, but doesn't find the class....
in conclusion:
your problems should disappear if you follow the quick start guide.
=> if you have other problems, say it and i will help you!(i have not tested jGuard on jrun=> so i'm interested twice! ;-) )
the installation steps on jrun are not povided on the jGuard web site=> you should look at the jrun documentation to know how to append the bootxlasspath (on tomcat, it is with the JAVA_OPTS variable).
sincerly yours,
Charles(jGuard team).
first, many thanks for the answers.
I will try to install jguard and I follow all step :)
I would like understand why jguard requiremet is append it to the jvm classpath. I guess the problem it's jaas but in all simple example it seems no a must.
Anyway your work it's great and I hope can use it.
regards Lorenzo
hi Lorenzo,
the reason to append the bootclasspath is because
jGuard use his own Policy class , to interact with the JAAS framework.
the default Policy (provided by sun) is configured via a file : configuration cannot be changed on the fly (or with the Policy's refresh method, but your application restart), and doesn't protect ressources like URL.
it protects only file ressources, system properties and so on...but not URLs which are webapp ressources.
jGuard permits to refresh your configuration too, but only for your webapp, which is more suitable.
so, to use the JGuardPolicy class, the java application (in our case, your application server), should locate this class.
the only tips to do that is to append the bootclasspath.
i hope it clarifies the bootclasspath requirement.
sincerly yours,
charles (jGuard team).
hi lorenzo, just some tips found to append the bootclasspath on jrun4:
the jvm configuration in jrun is (default location) here:
jrun_root/bin/jvm.config
so, in the "jvm.config" file, edit the "java.args" line, and add the -Xbootclasspath/a:C:/java/j2sdk1.4.2_04/jre/lib/jGuard_jvm_0.64.jar;
C:/java/j2sdk1.4.2_04/jre/lib/pg73jdbc3.jar;C:/java/j2sdk1.4.2_04/jre/lib/dom4j-1.5.1.jar;
arguments by example(your java.home can be different, and maybe you do not use the jdbc postgresql driver like above).
hope it helps,
charles (jGuard team).