Community
Participate
Working Groups
Build ID: 3.2 Steps To Reproduce: 1. Just use java security manager and do not allow getClassloader() in the JVM. More information: To maintain some static info on classes aspectj has a factory that uses reflection to cache the class info using class.getClassLoader(). In a container using the java security policy this code will violate the policy for each weaved class. It should use a doPrivileged to access the getClassLoader method. AccessController.doPrivileged(new PrivilegedAction() { public Object run() { // privileged code goes here, for example: class.getClassLoader(); return null; // nothing to return } });
I think I am bitten by this problem on Websphere AS. ... 116 more Caused by: java.lang.ExceptionInInitializerError at org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegateFactory.createDelegate(ReflectionBasedReferenceTypeDelegateFactory.java:45) at org.aspectj.weaver.reflect.ReflectionWorld.resolveDelegate(ReflectionWorld.java:111) at org.aspectj.weaver.World.resolveToReferenceType(World.java:388) at org.aspectj.weaver.World.resolve(World.java:279) at org.aspectj.weaver.World.resolve(World.java:199) at org.aspectj.weaver.World.resolve(World.java:348) at org.aspectj.weaver.tools.PointcutParser.buildResolutionScope(PointcutParser.java:400) at org.aspectj.weaver.tools.PointcutParser.resolvePointcutExpression(PointcutParser.java:331) at org.aspectj.weaver.tools.PointcutParser.parsePointcutExpression(PointcutParser.java:310) at org.springframework.aop.aspectj.AspectJExpressionPointcut.buildPointcutExpression(AspectJExpressionPointcut.java:206) at org.springframework.aop.aspectj.AspectJExpressionPointcut.checkReadyToMatch(AspectJExpressionPointcut.java:193) at org.springframework.aop.aspectj.AspectJExpressionPointcut.getClassFilter(AspectJExpressionPointcut.java:174) at org.springframework.aop.support.AopUtils.canApply(AopUtils.java:195) at org.springframework.aop.support.AopUtils.canApply(AopUtils.java:250) at org.springframework.aop.support.AopUtils.findAdvisorsThatCanApply(AopUtils.java:284) at org.springframework.aop.framework.autoproxy.AbstractAdvisorAutoProxyCreator.findAdvisorsThatCanApply(AbstractAdvisorAutoProxyCreator.java:113) at org.springframework.aop.framework.autoproxy.AbstractAdvisorAutoProxyCreator.findEligibleAdvisors(AbstractAdvisorAutoProxyCreator.java:85) at org.springframework.aop.framework.autoproxy.AbstractAdvisorAutoProxyCreator.getAdvicesAndAdvisorsForBean(AbstractAdvisorAutoProxyCreator.java:66) at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.wrapIfNecessary(AbstractAutoProxyCreator.java:362) at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.postProcessAfterInitialization(AbstractAutoProxyCreator.java:325) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsAfterInitialization(AbstractAutowireCapableBeanFactory.java:361) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1344) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473) ... 126 more Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java(Compiled Code)) at java.security.AccessController.checkPermission(AccessController.java(Compiled Code)) at java.lang.SecurityManager.checkPermission(SecurityManager.java(Compiled Code)) at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java(Compiled Code)) at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:600) at java.lang.ClassLoader.<init>(ClassLoader.java:371) at java.security.SecureClassLoader.<init>(SecureClassLoader.java:100) at java.net.URLClassLoader.<init>(URLClassLoader.java:180) at org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegate.<clinit>(ReflectionBasedReferenceTypeDelegate.java:46) ... 149 more
> I think I am bitten by this problem on Websphere AS. > > ... 116 more > Caused by: java.lang.ExceptionInInitializerError > at > org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegateFactory.createDelegate(ReflectionBasedReferenceTypeDelegateFactory.java:45) > at > org.aspectj.weaver.reflect.ReflectionWorld.resolveDelegate(ReflectionWorld.java:111) what version of AspectJ are you using? Since 1.6.2 there are no calls to getClassLoader() in the reflection delegate loading code, it all uses the classloader passed into the weaver at the top level. Also I thought if there was a security exception it would report the permission that was violated?
I am getting similar error: Currently migrating my application from java 1.4 to 1.5 org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'messageSource' defined in ServletContext resource [/WEB-INF/siena-beans.xml]: BeanPostProcessor before instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.aop.aspectj.AspectJPointcutAdvisor#0': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.aop.aspectj.AspectJPointcutAdvisor]: Constructor threw exception; nested exception is java.lang.ExceptionInInitializerError at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:405) at java.security.AccessController.doPrivileged(Native Method) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380) Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.aop.aspectj.AspectJPointcutAdvisor#0': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.aop.aspectj.AspectJPointcutAdvisor]: Constructor threw exception; nested exception is java.lang.ExceptionInInitializerError at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:243) Caused by: java.lang.ExceptionInInitializerError at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:164) at org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegateFactory.create15Delegate(ReflectionBasedReferenceTypeDelegateFactory.java:65) at org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegateFactory.createDelegate(ReflectionBasedReferenceTypeDelegateFactory.java:40) at org.aspectj.weaver.reflect.ReflectionWorld.resolveDelegate(ReflectionWorld.java:113) at org.aspectj.weaver.World.resolveToReferenceType(World.java:440) at org.aspectj.weaver.World.resolve(World.java:296) at org.aspectj.weaver.World.resolve(World.java:209) at org.aspectj.weaver.World.resolve(World.java:401) at org.aspectj.weaver.tools.PointcutParser.buildResolutionScope(PointcutParser.java:380) at org.aspectj.weaver.tools.PointcutParser.resolvePointcutExpression(PointcutParser.java:313) at org.aspectj.weaver.tools.PointcutParser.parsePointcutExpression(PointcutParser.java:295) ... 72 more Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) at java.security.AccessController.checkPermission(AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:594) at java.lang.ClassLoader.<init>(ClassLoader.java:225) at java.security.SecureClassLoader.<init>(SecureClassLoader.java:76) at java.net.URLClassLoader.<init>(URLClassLoader.java:113) at org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegate.<clinit>(ReflectionBasedReferenceTypeDelegate.java:45) ... 94 more
The problem occurs using version 1.6.12, with exception stack: java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessController.checkPermission(AccessController.java:132) at java.lang.SecurityManager.checkPermission(SecurityManager.java:544) at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:208) at java.lang.Class.getClassLoader(Class.java:241) at org.aspectj.runtime.reflect.Factory.<init>(Factory.java:84) The constructor in org.aspectj.runtime.reflect.Factory in version 1.6.12 is: public Factory(String filename, Class lexicalClass) { // System.out.println("making this.filename = filename; this.lexicalClass = lexicalClass; this.count = 0; lookupClassLoader = lexicalClass.getClassLoader(); } A fix to avoid this problem: public Factory(String filename, Class lexicalClass) { // System.out.println("making this.filename = filename; this.lexicalClass = lexicalClass; this.count = 0; final Class<?> clazz = lexicalClass; lookupClassLoader = (ClassLoader)AccessController.doPrivileged( new PrivilegedAction() { public Object run() { return clazz.getClassLoader(); } } ); }
