Security exception when moving from toplink to eclipselink in glassfish 2.1

by

My app is working fine with toplink, but I need some eclipselink features, so I decided to swap.

I changed the provider in persistence.xml to:

<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>

and added the following property (though I’m not sure if this is needed):

<property name="eclipselink.target-server" value="SunAS9"/>

I’ve tried packaging eclipselink.jar with my app, and I’ve tried putting it in $GFHOME/lib and adding it to the classpath suffix through the glassfish admin ui. Whatever I do, I get:

Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException
Exception Description: Predeployment of PersistenceUnit [MYAPP] failed.
Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
javax.persistence.PersistenceException: Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException
Exception Description: Predeployment of PersistenceUnit [MYAPP] failed.
Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
        at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.predeploy(EntityManagerSetupImpl.java:878)
        at org.eclipse.persistence.jpa.PersistenceProvider.createContainerEntityManagerFactory(PersistenceProvider.java:216)
        at com.sun.enterprise.server.PersistenceUnitLoaderImpl.load(PersistenceUnitLoaderImpl.java:149)
        at com.sun.enterprise.server.PersistenceUnitLoaderImpl.load(PersistenceUnitLoaderImpl.java:84)
        at com.sun.enterprise.server.AbstractLoader.loadPersistenceUnits(AbstractLoader.java:895)
        at com.sun.enterprise.server.ApplicationLoader.doLoad(ApplicationLoader.java:184)
        at com.sun.enterprise.server.TomcatApplicationLoader.doLoad(TomcatApplicationLoader.java:126)
        <snip>
Caused by: Exception [EclipseLink-28018] (Eclipse Persistence Services - 1.1.3.v20091002-r5404): org.eclipse.persistence.exceptions.EntityManagerSetupException
Exception Description: Predeployment of PersistenceUnit [MYAPP] failed.
Internal Exception: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
        at org.eclipse.persistence.exceptions.EntityManagerSetupException.predeployFailed(EntityManagerSetupException.java:210)
        ... 82 more
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:594)
        at java.lang.ClassLoader.<init>(ClassLoader.java:202)
        at java.security.SecureClassLoader.<init>(SecureClassLoader.java:53)
        at com.sun.enterprise.loader.EJBClassLoader$DelegatingClassLoader.<init>(EJBClassLoader.java:1368)
        at com.sun.enterprise.loader.EJBClassLoader.copy(EJBClassLoader.java:384)
        at com.sun.enterprise.server.PersistenceUnitInfoImpl.getNewTempClassLoader(PersistenceUnitInfoImpl.java:216)
        at org.eclipse.persistence.platform.server.ServerPlatformBase.getNewTempClassLoader(ServerPlatformBase.java:477)
        at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.predeploy(EntityManagerSetupImpl.java:741)
        ... 81 more

and the app does not deploy.

Edit – I tried changing to security settings but ran into another problem

I would have though the following (in server.policy already) would have allowed
eclipselink.jar full access, but apparently not.

// Core server classes get all permissions by default
grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {
    permission java.security.AllPermission;
};

I added the following:

grant {
    permission java.security.AllPermission;
};

And now I get:

WARNING: "IOP00810257: (MARSHAL) Could not load class org.eclipse.persistence.indirection.IndirectList"

on the client side

Edit which I’ve just realised is GlassFish v2.1 — getting Application Client and Eclipselink to work together? and having ensured the jar gets bundled with the app, it now works.

Answer

The base cause is that GlassFish runs with the SecurityManager enabled and EclipseLink does not have all the required permissions to run within GlassFish V2. TopLink Essentials is given special permissions for GlassFish and to resolve your issue simply extend these permissions to EclipseLink. This blog goes into nice detail on how to configure the security policy for GlassFish.

–Gordon

Attribution
Source : Link , Question Author : Draemon , Answer Author : alanc

Leave a Comment