2

I'm trying to port an application using Weld 1.1.8 to Google App Engine. I'm using a listener in web.xml to bootstrap Weld:

<listener>
  <listener-class>org.jboss.weld.environment.servlet.Listener</listener-class>
</listener>

The application starts fine on a regular Jetty 7. But upon bootstrapping on GAE, things go wrong:

com.google.common.collect.ComputationException: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
    at com.google.common.collect.ComputingConcurrentHashMap$ComputingMapAdapter.get(ComputingConcurrentHashMap.java:397)
    at org.jboss.weld.resources.ClassTransformer.loadClass(ClassTransformer.java:163)
    at org.jboss.weld.bootstrap.BeanDeployer.loadWeldClass(BeanDeployer.java:108)
    at org.jboss.weld.bootstrap.BeanDeployer.addClass(BeanDeployer.java:79)
    at org.jboss.weld.bootstrap.BeanDeployer.addClasses(BeanDeployer.java:123)
    at org.jboss.weld.bootstrap.BeanDeployment.createBeans(BeanDeployment.java:184)
    at org.jboss.weld.bootstrap.WeldBootstrap.deployBeans(WeldBootstrap.java:350)
    at org.jboss.weld.environment.servlet.Listener.contextInitialized(Listener.java:182)
    at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
    at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
    at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
    at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
    at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
    at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.createHandler(AppVersionHandlerMap.java:202)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.getHandler(AppVersionHandlerMap.java:171)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:123)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:446)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:449)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:455)
    at com.google.tracing.TraceContext.runInContext(TraceContext.java:695)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:333)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:325)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:453)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:251)
    at java.lang.Thread.run(Thread.java:679)
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:355)
    at java.security.AccessController.checkPermission(AccessController.java:567)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:56)
    at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1679)
    at java.lang.Class.checkMemberAccess(Class.java:2174)
    at java.lang.Class.getDeclaredMethods(Class.java:1807)
    at java.lang.Class.getEnclosingMethod(Class.java:919)
    at sun.reflect.generics.scope.ClassScope.computeEnclosingScope(ClassScope.java:50)
    at sun.reflect.generics.scope.AbstractScope.getEnclosingScope(AbstractScope.java:74)
    at sun.reflect.generics.scope.AbstractScope.lookup(AbstractScope.java:90)
    at sun.reflect.generics.scope.AbstractScope.lookup(AbstractScope.java:90)
    at sun.reflect.generics.factory.CoreReflectionFactory.findTypeVariable(CoreReflectionFactory.java:109)
    at sun.reflect.generics.visitor.Reifier.visitTypeVariableSignature(Reifier.java:165)
    at sun.reflect.generics.tree.TypeVariableSignature.accept(TypeVariableSignature.java:43)
    at sun.reflect.generics.repository.MethodRepository.getReturnType(MethodRepository.java:68)
    at java.lang.reflect.Method.getGenericReturnType(Method.java:254)
    at org.jboss.weld.introspector.jlr.WeldMethodImpl.of(WeldMethodImpl.java:70)
    at org.jboss.weld.introspector.jlr.WeldClassImpl.<init>(WeldClassImpl.java:235)
    at org.jboss.weld.introspector.jlr.WeldClassImpl.of(WeldClassImpl.java:119)
    at org.jboss.weld.resources.ClassTransformer$TransformTypeToWeldClass.apply(ClassTransformer.java:59)
    at org.jboss.weld.resources.ClassTransformer$TransformTypeToWeldClass.apply(ClassTransformer.java:50)
    at com.google.common.collect.ComputingConcurrentHashMap$ComputingValueReference.compute(ComputingConcurrentHashMap.java:355)
    at com.google.common.collect.ComputingConcurrentHashMap$ComputingSegment.compute(ComputingConcurrentHashMap.java:184)
    at com.google.common.collect.ComputingConcurrentHashMap$ComputingSegment.getOrCompute(ComputingConcurrentHashMap.java:153)
    at com.google.common.collect.ComputingConcurrentHashMap.getOrCompute(ComputingConcurrentHashMap.java:69)
    at com.google.common.collect.ComputingConcurrentHashMap$ComputingMapAdapter.get(ComputingConcurrentHashMap.java:393)
    ... 25 more

I tried using older versions of Weld down to 1.1.0 to no avail. Any clues on how to troubleshoot an issue like this?

Stijn Van Bael
  • 4,830
  • 2
  • 32
  • 38

2 Answers2

2

You've run into a Sandbox restriction.

In particular, the WeldClassImpl constructor traverses up the annotated class's hierarchy calling WeldMethodImpl.of() for every method: if the class in question extends a JRE or API class, then the sandbox will deny access to non-public methods; if the does class not belong to the application, the sandbox will deny all access altogether. I think you'll need the full stacktrace to identify which it is in this case.

As stated in the documentation:

Reflection

An application is allowed full, unrestricted, reflective access to its own classes. It may query any private members, use java.lang.reflect.AccessibleObject.setAccessible(), and read/set private members.

An application can also also reflect on JRE and API classes, such as java.lang.String and javax.servlet.http.HttpServletRequest. However, it can only access public members of these classes, not protected or private.

An application cannot reflect against any other classes not belonging to itself, and it can not use the setAccessible() method to circumvent these restrictions.

eggyal
  • 122,705
  • 18
  • 212
  • 237
  • What do you mean by _full_ stacktrace? That's all there is in the GAE logs. And if I understand this correctly, this issue could be caused by any non-public method of a third party library with a generic return type? – Stijn Van Bael Jun 01 '12 at 10:42
0

Seems that an anonymous guava Function was the cause.

Stijn Van Bael
  • 4,830
  • 2
  • 32
  • 38