Google App Engine servlet 使用 Eclipse 插件抛出 java.security.AccessControlException

Question

我在 Google App Engine 上运行 Java servlet，它使用 kawa 运行 XQuery 脚本，重定向到 JSP 并显示答案

package com.myserver.servlet;

import gnu.xquery.lang.XQuery;
import java.io.FileReader;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class XQueryTest extends HttpServlet {
    public void doGet(HttpServletRequest request, HttpServletResponse response) 
        throws IOException, ServletException {
        XQuery xQuery = new XQuery();
        Object result = new String("");     
        try {
            String realPath = getServletContext().getRealPath("./XQueryTest.xquery");
            FileReader fileReader = new FileReader(realPath); 
            result = xQuery.eval(fileReader);
            request.setAttribute("xQueryTest", result.toString());              
        } catch (Throwable e) {
            e.printStackTrace();
        }
        RequestDispatcher requestDispatcher = request.getRequestDispatcher("/XQueryTest.jsp");
        requestDispatcher.forward(request, response);           
    }
}

这在 appspot.com 上运行良好并使用 dev_appserver 命令，但使用插件在 Eclipse 中运行相同的 servlet 会引发 java.security.AccessControlException

java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/myuser/eclipse/jee-latest/eclipse" "read")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:442)
    at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
    at java.io.File.isDirectory(File.java:844)
    at java.io.File.toURI(File.java:732)
    at gnu.text.FilePath.toUri(FilePath.java:245)
    at gnu.text.FilePath.toUri(FilePath.java:265)
    at gnu.text.Path.toURI(Path.java:279)
    at gnu.xquery.lang.XQParser.fixupStaticBaseUri(XQParser.java:99)
    at gnu.xquery.lang.XQParser.getStaticBaseUri(XQParser.java:132)
    at gnu.xquery.lang.XQParser.wrapWithBaseUri(XQParser.java:2722)
    at gnu.xquery.lang.XQParser.parseXMLConstructor(XQParser.java:2540)
    at gnu.xquery.lang.XQParser.parseMaybePrimaryExpr(XQParser.java:2954)
    at gnu.xquery.lang.XQParser.parsePrimaryExpr(XQParser.java:2181)
    at gnu.xquery.lang.XQParser.parseStepExpr(XQParser.java:2101)
    at gnu.xquery.lang.XQParser.parsePathExpr(XQParser.java:1816)
    at gnu.xquery.lang.XQParser.parseIntersectExceptExpr(XQParser.java:1779)
    at gnu.xquery.lang.XQParser.parseUnionExpr(XQParser.java:1763)
    at gnu.xquery.lang.XQParser.parseUnaryExpr(XQParser.java:1756)
    at gnu.xquery.lang.XQParser.parseBinaryExpr(XQParser.java:1671)
    at gnu.xquery.lang.XQParser.parseExprSingle(XQParser.java:1664)
    at gnu.xquery.lang.XQParser.parseExpr(XQParser.java:1636)
    at gnu.xquery.lang.XQParser.parseIfExpr(XQParser.java:3145)
    at gnu.xquery.lang.XQParser.parseExprSingle(XQParser.java:1652)
    at gnu.xquery.lang.XQParser.parseExpr(XQParser.java:1636)
    at gnu.xquery.lang.XQParser.parseEnclosedExpr(XQParser.java:2413)
    at gnu.xquery.lang.XQParser.parseFunctionDefinition(XQParser.java:3620)
    at gnu.xquery.lang.XQParser.parse(XQParser.java:3784)
    at gnu.xquery.lang.XQuery.parse(XQuery.java:147)
    at gnu.expr.Language.parse(Language.java:702)
    at gnu.expr.Language.parse(Language.java:656)
    at gnu.expr.Language.eval(Language.java:1122)
    at gnu.expr.Language.eval(Language.java:1063)
    at gnu.expr.Language.eval(Language.java:1053)
    at com.myserver.servlet.XQueryTest.doGet(XQueryTest.java:30)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    at com.google.appengine.api.socket.dev.DevSocketFilter.doFilter(DevSocketFilter.java:74)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.tools.development.ResponseRewriterFilter.doFilter(ResponseRewriterFilter.java:128)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.tools.development.HeaderVerificationFilter.doFilter(HeaderVerificationFilter.java:34)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:63)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:122)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.tools.development.DevAppServerModulesFilter.doDirectRequest(DevAppServerModulesFilter.java:366)
    at com.google.appengine.tools.development.DevAppServerModulesFilter.doDirectModuleRequest(DevAppServerModulesFilter.java:349)
    at com.google.appengine.tools.development.DevAppServerModulesFilter.doFilter(DevAppServerModulesFilter.java:116)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.appengine.tools.development.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:95)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:508)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:547)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
    at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

我认为运行 eclipse 的 JRE 的安全策略导致了问题，但是在 eclipse.ini 中为 JRE 添加 java.policy 和 javaws.policy 的权限没有任何区别。

-vm
/usr/lib/jvm/java-8-oracle/jre/bin

我正在使用 Eclipse 氧气和 1.0.3.201704111618 版的 Google Cloud Platform 插件 这在 eclipse Mars 和 Java 1.7 中运行良好

我应该进行哪些更改才能让 servlet 在 Eclipse 中正确运行？

Answer 1

/home/myuser/eclipse/jee-latest/eclipse 看起来像您启动 Eclipse IDE 的位置。如果是这种情况，那么现在，该目录将成为 Google Cloud Tools for Eclipse (CT4E) 插件的本地开发服务器的工作目录。问题可能是 XQuery 在内部尝试访问 servlet 上下文之外的文件，因为 XQuery 可能基于 Eclipse 工作目录。您可以尝试以下变通方法来设置正确的工作目录，看看是否能解决问题？

Cannot access file using relative path in local test when developing Google App Engine applications

更新：我们修复了 CT4E 以自动正确设置工作目录（除非您在单个本地服务器上运行多个项目），一旦修复版本推出，您将不需要解决方法。