Jetty plugin and (RMI)SecurityManager

Hello,

In an application test-run within gradle jetty plugin I need to use RMISecurityManager. This requires appropriate configuration of jetty. The docs here http://wiki.eclipse.org/Jetty/Tutorial/Jetty-Policy states, that: "create a policy file in lib/policy for that webapp

this policy file should contain two codebases

${jetty.home}/work/

${jetty.home}/lib/-"

For jetty plugin where is this “lib/policy” dir?

Is there an example how to do what I need

Thanks! Zsolt

This is what I tried, but does not work:

  1. Configured jettyRunWar in the build file with a jetty.xml as in the above link: jettyConfig = ‘<my/conf/path/>/jetty.xml’ jetty.xml contains:
<Configure id="Policy" class="org.eclipse.jetty.policy.JettyPolicyConfigurator">
    <Call name="setPolicyDirectory">
       <Arg><Property name="plcy"/>/WEB-INF/lib/policy</Arg>
    </Call>
    <Call name="addProperty">
      <Arg>plcy</Arg>
      <Arg><Property name="plcy"/></Arg>
    </Call>
     <Call name="initialize"/>
</Configure>
  1. Configured war task to include my policy file under WEB-INF/lib/policy/, which contains:
grant codebase "file:${jetty.home}/work/webapp/-" {
    permission java.security.AllPermission;
};
  grant codeBase "file:${jetty.home}/lib/-" {
    permission java.security.AllPermission;
}

Note that jettRunWar reports the war extracted to: …/tmp/jettyRunWar/webapp and context path as constructed from the project base name: /psmc I checked that policy file is present within the extracted path.

When my application reaches the point in code of setting RMISecurityManager it stalles, no throwable can be caught. If I do not set it, the application reports error at places where SM’s presence is expected.

jettyRunWar startup messages give no hint if jetty config is set. I tried -d flag for gradle, but could not see any more than before.

Any idea welcome! Zsolt

Hi, when using a custom jetty config, the info logging output should show you something like

“Configuring Jetty from xml configuration file = …”. It seems there is something wrong in your configuration. Maybe the leading / in your definition is misinterpreted here.

regards, René

Hmm. I used meta naming of a path/to/jetty.xml, the forum engine swallowed it unnoticed. This is for sure a path to a dir I store project configurations in. For instance, other files from it are successfully used in building the war. Your comment on jetty output is what one expects and it means the problem may still lay here.

Thanks for your help!

I made some more observations.

Your snippet

jettyConfig = '/jetty.xml'

causes two problems. The property jettyConfig is of type File, so you must convert the path to the jetty config to a file. The other problem I see, is that ‘/jetty.xml’ is pointing to the root of your machine instead of the relative path in your webinf folder. The default name for war specific jetty configurations is jetty-web.xml. So if you rename your webapp/jetty.xml to webapp/jetty-web.xml the jettyRunWar should work out of the box without explicitly setting the jettyConfig file.

regards, René

Hi René,

I am not too familiar with this forum style yet, so it is possible that the form of my answer to your previous post was not feasible: I’ve chosen the comment style. Do you see it?

In the meantime, along the line of your earlier suggestion came to the same conclusion (argh, I’d better reading docs more carefully…). Making the story short this is what has let progress: jettyRunWar.jettyConfig = new File(projectDir, ‘conf/jetty.xml’)

So beside what you’ve found I missed another relevant point in using jetty plugin: jettyConfig property is set on jettyRunWar task, not of the plugin itself. I tricked myself by automatically following other properties’s usage (like httpPort). These however exist for the plugin and the task too…

Now I am in the process of figuring out why org.eclipse.jetty.policy.JettyPolicyConfigurator class is not found. Probably the something to do with version differences in docs looked at and the actual jetty shipped with gradle.

I’m gong to come back with the findings.

Thanks!

At the moment, the jetty plugin does not support different versions of jetty. The latest 1.0-milestone-6 uses jetty 6.1.25. As far as I know, the JettyPolicyConfigurator class you mentioned was added later as its packaging convention uses eclipse packages and 6.1.25 uses the old org.mortbay package convention.

I was told on the jetty list that for 6.x the way to set SM is from the command line, no policy support as in the doc I referred to.

Thx Zsolt