0

I'm trying to do the following (running in Jetty 8):

public class FooListener implements ServletContextListener {
  public void contextInitialized(ServletContextEvent event) {
    event.getServletContext().getClassLoader();
  }
}

This is what I'm getting:

java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at org.eclipse.jetty.server.handler.ContextHandler$Context.getClassLoader(ContextHandler.java:2179)
at com.example.FooListener.contextInitialized(FooListener.java:69)
at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:672)
at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:403)
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:664)

What is it about and how can be solved?

yegor256
  • 102,010
  • 123
  • 446
  • 597
  • The restriction is mentioned in the API docs (similar to `Class.getClassLoader`): http://download.oracle.com/javaee/6/api/javax/servlet/ServletContext.html#getClassLoader() – Tom Hawtin - tackline Oct 25 '11 at 16:26

1 Answers1

2

jetty is running with a security manager which limits the things the servlets can do (to avoid malicous code to be able to do nasty things to the servlet container). The easist thing to get around this issue is to switch off the security manager, search for this cmdline option in your jetty start scripts:

-Djava.security.manager

But beware: this switches off all security checks, better way of fixing this is to enhance the policy file, look for this option:

-Djava.security.policy=

which will lead you to the used policy file and edit it to fit your needs, here is the documentation:

http://download.oracle.com/javase/1.4.2/docs/guide/security/PolicyFiles.html

HefferWolf
  • 3,894
  • 1
  • 23
  • 29