Topic
10 replies Latest Post - ‏2013-09-26T13:19:16Z by T.E.Teich
SystemAdmin
SystemAdmin
7615 Posts
ACCEPTED ANSWER

Pinned topic Help needed about Java Security Exception in BPM toolkit development

‏2013-01-25T10:51:50Z |
I am developing a toolkit using BPM 8.0, IBM BPM Process Designer 8.0 & need help regarding an error which I am seeing while testing it.

I have a Human Service named "Create DCM Object" (this is connected to an Integration service named "Insert DCM Objects" which is in turn connected to a Java method, in one of the Jars, ScoTpmIntegrator.jar included in this toolkit.

ScoTpmIntegrator.jar is a BPM plugin written by me, it uses the other jars included in this toolkit which have been provided by TPM.

None of the Jar files included in this are signed. But I am seeing an exception while trying to test this human service (its coming while my code in ScoTpmIntegrator.jar tries to create an instance of a class in the TPM provided jars)
12/19/12 10:15:53:508 CET 00000091 SystemOut O
java.lang.SecurityException
at java.lang.ClassLoader.defineClassImpl(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:262)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:69)
at com.lombardisoftware.server.core.ManagedAssetClassLoader.findClassInAssets(ManagedAssetClassLoader.java:466)
at com.lombardisoftware.server.core.ManagedAssetClassLoader.loadClass(ManagedAssetClassLoader.java:168)
at java.lang.ClassLoader.loadClass(ClassLoader.java:627)
at java.lang.J9VMInternals.verifyImpl(Native Method)
at java.lang.J9VMInternals.verify(J9VMInternals.java:90)
at java.lang.J9VMInternals.verify(J9VMInternals.java:88)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:167)
at com.ibm.tivoli.sco.content.tpmintegration.DcmManager.<init>(DcmManager.java:57)
at com.ibm.tivoli.sco.content.tpmintegration.ScoTpmIntegrator.main(ScoTpmIntegrator.java:40)
at com.ibm.tivoli.sco.content.tpmintegration.ScoTpmIntegrator.createDcmObjects(ScoTpmIntegrator.java:66)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at teamworks.connector.JavaReflectionConnector$1.execute(JavaReflectionConnector.java:81)
at com.lombardisoftware.server.core.ManagedAssetClassLoaderUtil.executeWithManagedAssetClassLoader(ManagedAssetClassLoaderUtil.java:53)
at teamworks.connector.JavaReflectionConnector.execute(JavaReflectionConnector.java:49)
at com.lombardisoftware.component.javaconnector.worker.JavaConnectorWorker.invokeJavaMethod(JavaConnectorWorker.java:149)
at com.lombardisoftware.component.javaconnector.worker.JavaConnectorWorker.doJob(JavaConnectorWorker.java:82)
at com.lombardisoftware.component.common.workflow.ExecutionJob.doJob(ExecutionJob.java:409)
at com.lombardisoftware.server.ejb.workflow.EJBWorkflowManagerBean.doResumeWorkflowEngine(EJBWorkflowManagerBean.java:1045)
at com.lombardisoftware.server.ejb.workflow.EJBWorkflowManagerBean.resumeProcess(EJBWorkflowManagerBean.java:382)
at com.lombardisoftware.server.ejb.workflow.EJSRemoteStatefulEJBWorkflowManager_82478d70.resumeProcess(Unknown Source)
at com.lombardisoftware.server.ejb.workflow._EJBWorkflowManagerInterface_Stub.resumeProcess(_EJBWorkflowManagerInterface_Stub.java:518)
at com.lombardisoftware.component.common.workflow.EJBWorkflowManagerDelegateDefault.resumeProcess(EJBWorkflowManagerDelegateDefault.java:142)
at com.lombardisoftware.component.common.workflow.EJBWorkflowManagerDelegateWebSphere$6.run(EJBWorkflowManagerDelegateWebSphere.java:84)
at java.security.AccessController.doPrivileged(AccessController.java:254)
at com.lombardisoftware.client.delegate.common.WebsphereDelegateHelper.doAsCurrentSubjectContextSensitive(WebsphereDelegateHelper.java:175)
at com.lombardisoftware.client.delegate.common.WebsphereDelegateHelper.doAsCurrentSubjectContextSensitive(WebsphereDelegateHelper.java:159)
at com.lombardisoftware.component.common.workflow.EJBWorkflowManagerDelegateWebSphere.resumeProcess(EJBWorkflowManagerDelegateWebSphere.java:82)
at com.lombardisoftware.component.common.web.WebWorkflowManager.callEJBWorkflowManager(WebWorkflowManager.java:721)
at com.lombardisoftware.component.common.web.WebWorkflowManager.processScreen(WebWorkflowManager.java:680)
at com.lombardisoftware.component.common.web.WebWorkflowManager.processRequest(WebWorkflowManager.java:281)
at com.lombardisoftware.servlet.AjaxControllerServlet.doPost(AjaxControllerServlet.java:129)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1214)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:774)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:456)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:125)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:92)
at com.lombardisoftware.servlet.ClearThreadCachesFilter.doFilter(ClearThreadCachesFilter.java:24)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:192)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:89)
at com.lombardisoftware.servlet.SetUserTimeZoneFilter.doFilter(SetUserTimeZoneFilter.java:41)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:192)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:89)
at com.lombardisoftware.servlet.BidiSupportFilter.doFilter(BidiSupportFilter.java:39)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:192)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:89)
at com.lombardisoftware.servlet.CrossSiteScriptingFilter.doFilter(CrossSiteScriptingFilter.java:81)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:192)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:89)
at com.lombardisoftware.servlet.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:35)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:192)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:89)
at com.lombardisoftware.servlet.CompressionFilter.doFilter(CompressionFilter.java:47)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:192)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:89)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:926)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1023)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:895)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:452)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:511)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:305)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1659)

I have highlighted the lines which are my Java code.

The exception comes at a line of which creates a new instance of a TPM provided class:
tpmProxy = new QLServiceProxy(tpmWsUrl, tpmWsUserId, tpmWsPasswd);
Here QLServiceProxy is a TPM provided class. As you see in the exception log Classloader is failing to load this class & throwing the Java security exception.
If classloader was successful, this line of code would then contact the TPM server with the given user id and password to create a connected session.

Since the classloader is failing to load QLServiceProxy, its instance is not being created & so no connection happens with TPM. I have confirmed the same by checking the logs in the TPM server I am using.

The plugin jar (ScoTpmIntegrator.jar) I have written works perfectly fine, when tried in a stand-alone Java test. The problem comes only when this is tried from the BPM Process Designer.

I have searched the BPM documentation to look for a tip, also I looked at the Java documentation of the exception which talks about signing of the Jar file, but none of the Jars I am using are signed. First I thought the error could be due missing SSL certificates (my code makes SOAP calls to TP), but that too have I have found not helping.

Could you please help me in debugging this. Is there some configuration in BPM that I am missing?

Any help on this will be highly appreciated. Thanks much!
Updated on 2013-01-31T13:06:20Z at 2013-01-31T13:06:20Z by Romy01
  • SystemAdmin
    SystemAdmin
    7615 Posts
    ACCEPTED ANSWER

    Re: Help needed about Java Security Exception in BPM toolkit development

    ‏2013-01-25T15:47:06Z  in response to SystemAdmin
    Have you either packaged the jar file containing the QLServiceProxy with your code or uploaded separately as a managed file so that your code can actually find it? Your stand alone code likely works becuase that class is in your class path and is failingon the server because it isn't there.

    Andrew Paier | Director of Special Operations | BP3 Global, Inc. www.bp-3.com
    • kolban
      kolban
      2929 Posts
      ACCEPTED ANSWER

      Re: Help needed about Java Security Exception in BPM toolkit development

      ‏2013-01-25T16:10:56Z  in response to SystemAdmin
      When a class instance is constructed, any static initialization code or the constructor of the class could throw an exception. It may be that the exception you are seeing is not an artifact of being unable to load the class but is instead being actually thrown from the initialization code in your class.

      Neil
      • SystemAdmin
        SystemAdmin
        7615 Posts
        ACCEPTED ANSWER

        Re: Help needed about Java Security Exception in BPM toolkit development

        ‏2013-01-25T20:29:15Z  in response to kolban
        Is there a security policy on the WAS server? I can't remember if one installs by default these days.

        Since it works for you standalone I suspect that one of three things is happening:

        1. The fact that it is running in WAS is the difference. For example, the security policy for the server prevents this class from doing something it is trying to do. I'd maybe see if I could get your code to run in a simple webapp running on WAS to test this, rather than running it completely standalone. Another possibility is that there is some kind of class conflict. The stack trace doesn't point to this, but I wouldn't rule it out completely since it is a common problem.

        2. The fact that it is running in IBM BPM is the difference. Custom classloaders can sometime create issues, especially with code that tries to get fancy with its construction. For all we know, the TPM code is trying do something custom with the classloader itself. I don't know anything about TPM, so it's hard for me to say.

        3. The fact that it is running in a connector (with its "load the default construction, run one method, and save no state) approach is the problem. I'm assuming that it isn't failing in the initializing because you say its failing on a specific line of the method. But this one is actually easier to test for: you can try to get it working in LiveScript before you take the connector approach. Although LiveScript isn't a best practice for a production app, I find it useful for troubleshooting and when I'm iterating frequently.

        I have no magic bullet for you. Dealing with Java classloading issues is tricky and it could be any number of things. Especially when dealing with third party code that you don't control.

        My advice is:
        • Use LiveScript for testing
        • Try and get the simplest case working and iterate from there. When I had these issues I'd often just try and get a single class from the third party loaded. If the QLServiceProxy won't work, will any other classes load? Will they work? On a couple of occasions this has revealed that the problem isn't what I thought it was. It might help you figure out if #1 is playing into this.
        • Try adding the third party JAR to the system classpath rather than as a managed asset. Although I don't like this as a workaround, it will at least reveal if the issue is specific to the custom classloader.
        • Consider not using Java at all. My preferred approach these days is web services (typically SOAP, but REST will do), I would imagine that TPM would have something you could connect to. I've just had too many issues where I had to fight version conflicts between libraries, JVM version issues, or other problems when I try to import third party Java libraries. Java just seems like too tight of coupling if I can avoid it.

        David
        • SystemAdmin
          SystemAdmin
          7615 Posts
          ACCEPTED ANSWER

          Re: Help needed about Java Security Exception in BPM toolkit development

          ‏2013-01-30T06:06:20Z  in response to SystemAdmin
          I also think that its due to a security policy, but I am new to BPM and do not how to access/modify the security policies on BPM.
          • SystemAdmin
            SystemAdmin
            7615 Posts
            ACCEPTED ANSWER

            Re: Help needed about Java Security Exception in BPM toolkit development

            ‏2013-01-30T06:07:56Z  in response to SystemAdmin
            I am currently trying to solve the simplest case, all I am doing is trying to create an instance of QLServiceProxy and that itself if not working. :(
            • SystemAdmin
              SystemAdmin
              7615 Posts
              ACCEPTED ANSWER

              Re: Help needed about Java Security Exception in BPM toolkit development

              ‏2013-01-30T16:03:10Z  in response to SystemAdmin
              Generally the java connectors I've created have been relatively simple and I have yet to run into a security error in any of them. This implies that the QLServiceProxy itself is causing the problem. Looking at the constructor for the QLServiceProxy, it takes the parameters required to login to the TPM server. In your test when not in the server context, what is the result if you hand in bad credentials? Is it the same error that we are getting? What error do you get if you give it a bad server name/port?

              Have you checked that the TPM server you are attempting to connect to resolves properly from the BPM server? Also, if the credentials are not hard coded, have you logged the ones being used in the call to the QLServiceProxy to see if something was passed incorrectly or was somehow lost?

              Andrew Paier | Director of Special Operations | BP3 Global, Inc. www.bp-3.com
              • SystemAdmin
                SystemAdmin
                7615 Posts
                ACCEPTED ANSWER

                Re: Help needed about Java Security Exception in BPM toolkit development

                ‏2013-01-31T10:12:23Z  in response to SystemAdmin
                I have already tried the standalone test with wrong credentials for TPM. But that gives right errors (saying that the credentials are not correct).

                The issue I am facing is actually a classloader thing, the classloader is not loading the class QLServiceProxy, instead it is throwing the java.lang.SecurityException, so no instance of QLServiceProxy is being created, hence no connection is happening with TPM.
                • Romy01
                  Romy01
                  85 Posts
                  ACCEPTED ANSWER

                  Re: Help needed about Java Security Exception in BPM toolkit development

                  ‏2013-01-31T13:06:20Z  in response to SystemAdmin
                  Have you tried source level debugging
                  http://vimeo.com/m/30870590
    • SystemAdmin
      SystemAdmin
      7615 Posts
      ACCEPTED ANSWER

      Re: Help needed about Java Security Exception in BPM toolkit development

      ‏2013-01-30T06:03:52Z  in response to SystemAdmin
      I have uploaded the jar containing QLServiceProxy (tpmlitesoapclient.jar) as a separate managed file (server file) in my toolkit.

      This is NOT an issue of the QLServiceProxy class not being found in the classpath, had that been the case then I would have received a ClassNotFoundException, not a Java Security Exception from the classloader.
      • T.E.Teich
        T.E.Teich
        1 Post
        ACCEPTED ANSWER

        Re: Help needed about Java Security Exception in BPM toolkit development

        ‏2013-09-26T13:19:16Z  in response to SystemAdmin

        Hello, this thread is a bit aged now but since I encountered the same kind of trouble recently I'm wondering whether you found a solution for your problem. Any reply is appreciated!