java.security.AccessControlException:access denied(“java.lang.RuntimePermission”“accessClassInPackage.sun.reflect.annotation”)Spring

前端之家收集整理的这篇文章主要介绍了java.security.AccessControlException:access denied(“java.lang.RuntimePermission”“accessClassInPackage.sun.reflect.annotation”)Spring前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我使用谷歌应用程序引擎和 spring-security创建简单的spring mvc应用程序.当我运行我的应用程序时,我得到了堆栈跟踪:
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect.annotation")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
    at java.security.AccessController.checkPermission(AccessController.java:559)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:429)
    at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1525)
    at sun.reflect.misc.ReflectUtil.checkPackageAccess(ReflectUtil.java:188)
    at sun.reflect.misc.ReflectUtil.checkPackageAccess(ReflectUtil.java:164)
    at java.lang.reflect.Proxy.getInvocationHandler(Proxy.java:822)
    at org.springframework.core.annotation.AnnotationUtils.synthesizeAnnotation(AnnotationUtils.java:1364)
    at org.springframework.core.annotation.AnnotationUtils.findAnnotation(AnnotationUtils.java:498)
    at org.springframework.core.annotation.AnnotationUtils.findAnnotation(AnnotationUtils.java:563)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter$2.matches(RequestMappingHandlerAdapter.java:948)
    at org.springframework.core.MethodIntrospector$2.inspect(MethodIntrospector.java:99)
    at org.springframework.core.MethodIntrospector$2.inspect(MethodIntrospector.java:96)
    at org.springframework.core.MethodIntrospector$1.doWith(MethodIntrospector.java:72)
    at org.springframework.util.ReflectionUtils.doWithMethods(ReflectionUtils.java:527)
    at org.springframework.core.MethodIntrospector.selectMethods(MethodIntrospector.java:68)
    at org.springframework.core.MethodIntrospector.selectMethods(MethodIntrospector.java:96)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.getModelFactory(RequestMappingHandlerAdapter.java:837)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:782)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:737)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:969)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:860)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:845)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:162)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at com.blogGAE.security.security.GaeAuthenticationFilter.doFilter(GaeAuthenticationFilter.java:75)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.authentication.logout.logoutFilter.doFilter(logoutFilter.java:120)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:96)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.api.socket.dev.DevSocketFilter.doFilter(DevSocketFilter.java:74)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.tools.development.ResponseRewriterFilter.doFilter(ResponseRewriterFilter.java:127)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.tools.development.HeaderVerificationFilter.doFilter(HeaderVerificationFilter.java:34)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:63)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:125)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.tools.development.DevAppServerModulesFilter.doDirectRequest(DevAppServerModulesFilter.java:366)
    at com.google.appengine.tools.development.DevAppServerModulesFilter.doDirectModuleRequest(DevAppServerModulesFilter.java:349)
    at com.google.appengine.tools.development.DevAppServerModulesFilter.doFilter(DevAppServerModulesFilter.java:116)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.appengine.tools.development.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:98)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:502)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:547)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
    at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

我的GaeAuthenticationFilter

public class GaeAuthenticationFilter extends GenericFilterBean {

private static final String REGISTRATION_URL = "/register";

private final AuthenticationDetailsSource<HttpServletRequest,WebAuthenticationDetails> ads = new WebAuthenticationDetailsSource();
private AuthenticationManager authenticationManager;
private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();


@Override
public void doFilter(ServletRequest servletRequest,ServletResponse servletResponse,FilterChain filterChain) throws IOException,ServletException {
    Authentication authentication= SecurityContextHolder.getContext().getAuthentication();
    User googleUser= UserServiceFactory.getUserService().getCurrentUser();

    if(authentication!=null && !loggedInUserMatchesGaeUser(authentication,googleUser)){
        SecurityContextHolder.clearContext();
        authentication=null;
        ((HttpServletRequest) servletRequest).getSession().invalidate();
    }

    if(authentication==null){
        if(googleUser!=null){
            logger.debug("GAE user "+ googleUser + "logged to Blog");

            PreAuthenticatedAuthenticationToken token=new PreAuthenticatedAuthenticationToken(googleUser,null);
            token.setDetails(ads.buildDetails((HttpServletRequest) servletRequest));
            try {
                authentication=authenticationManager.authenticate(token);
                SecurityContextHolder.getContext().setAuthentication(authentication);

                if (authentication.getAuthorities().contains(AppRole.NEW_USER)){
                    logger.debug("New user,redirect to registration page");
                    ((HttpServletResponse)servletResponse).sendRedirect(REGISTRATION_URL);
                    return;
                }
            }
            catch (AuthenticationException ex){
                failureHandler.onAuthenticationFailure((HttpServletRequest)servletRequest,(HttpServletResponse)servletResponse,ex);

                return;
            }

        }
    }

    filterChain.doFilter(servletRequest,servletResponse);
}
}

和spring-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:b="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <b:bean id="geaEntryPoint" class="com.blogGAE.security.security.GoogleAccountsAuthenticationEntryPoint"/>


    <http auto-config="true" use-expressions="true" entry-point-ref="geaEntryPoint">
        <intercept-url pattern="/" access="permitAll"/>
        <intercept-url pattern="/logout" access="permitAll" />
        <intercept-url pattern="/user/**" access="hasRole('USER')"/>
        <custom-filter position="PRE_AUTH_FILTER" ref="gaeFilter" />
    </http>

    <b:bean id="gaeAuthenticationProvider" class="com.blogGAE.security.security.GoogleAccountsAuthenticationProvider">
        <b:property name="userRegistry" ref="userRegistry"/>
    </b:bean>

    <b:bean id="userRegistry" class="com.blogGAE.security.users.GAEDatastoreUserRegister"/>

    <b:bean id="gaeFilter" class="com.blogGAE.security.security.GaeAuthenticationFilter">
        <b:property name="authenticationManager" ref="authenticationManager"/>
    </b:bean>

    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="gaeAuthenticationProvider"/>
    </authentication-manager>

</b:beans>

我认为注释有一些问题,我在实体中使用客体化注释,在控制器和服务中使用spring.我是Spring和GAE的新手,请帮助;)

解决方法

我不确定你问题的原因是什么,但如果你使用的是Spring 4.2,你可以通过降级到4.1来解决它.如果这没有帮助,请尝试降级Spring Security版本并告诉我它的内容.

UPDATE

正如here所指出的,这将在Spring 4.2.5中修复.

原文链接:https://www.f2er.com/java/128843.html

猜你在找的Java相关文章