Known Participant

Question

After upgrade to CF9, making a change to a CFC blows up sandbox security and CF in general

Forum|Forum|15 years ago
June 30, 2010
2 replies
2271 views

Since we've upgraded from CF8 to CF9 (with Updater 1), any change to the CFCs we use in a common directory cause the following error to be thrown:

Security: The requested template has been denied access to C:\Jrun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfclasses\cfevents2ecfc1164220552.class.

The following is the internal exception message: access denied

(java.io.FilePermission C:\Jrun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfclasses\cfevents2ecfc1164220552.class read)

Coldfusion cannot determine the line of the template that caused this error. This is often caused by an error in the exception handling subsystem.

... at this point any requests to any of our other CF sites (and sandboxes) on this server fail with an error similar to the above. I need to restart the CF service and all is well again. Also note my earlier thread http://forums.adobe.com/thread/663288 related to sandboxing issues in CF9.

I've manually rebuilt all the sandboxes one by one, hoping to eliminate this problem, but it still persists.

This topic has been closed for replies.

P

paule1234Author

Known Participant

I think we've found the solution to the problem. The path:

C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfclasses\-

needs to be added to each sandbox, with R,W,X,D permissions. Not exactly sure why this isn't covered by the system installed "( ColdFusion WEB-INF system directory ) " sandbox which points to C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\

I don't remember having to do this with CF8... :shrug:

A

Anonymous

I am having the same problem, unfortunately the solution doesnt work for me.

I only have one sandbox and I've already added this path to it. Has this solution worked for anyone else?

H

hemant_k1

Participating Frequently

The relevant bug is 81655 and we have fixed this bug in CF9.0.1

Feel free to log bugs using our public bugtracker http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html

81655 is not yet available for details and we will make all CF901 bugs viewable very soon.

Thanks,

Hemant

R

rupesh_kumar

Adobe Employee

Hi,

Could you please post the stacktrace as well? You mentioned that you are seeing this error after upgrading to CF9 updater 1. That does not sound right as the CF9 updater 1 has not been released yet. Am I missing something?

Rupesh

P

paule1234Author

Known Participant

Sorry, not "Updater 1" but ColdFusion 9 Cumulative Hot Fix 1.

I'll post the stack trace tonight when I can reproduce the error after business hours.

P

paule1234Author

Known Participant

Stack trace below (IP address and path to site content edited). I can also recreate the error by simply going into CF admin and editing a sandbox path and saving the settings, then hitting the web root from a browser. Note the "1510154633" part of the class name changes on every hit.

The web site you are accessing has experienced an unexpected error.
Please contact the website administrator.

The following information is meant for the website developer for debugging purposes.
Error Occurred While Processing Request
Security: The requested template has been denied access to C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfclasses\cfapp2ecfc1510154633.class.
The following is the internal exception message: access denied (java.io.FilePermission C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfclasses\cfapp2ecfc1510154633.class read)

ColdFusion cannot determine the line of the template that caused this error. This is often caused by an error in the exception handling subsystem.
Resources:

* Check the ColdFusion documentation to verify that you are using the correct syntax.
* Search the Knowledge Base to find a solution to your problem.

Browser       Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.10 (.NET CLR 3.5.30729)
Remote Address       1.2.3.4
Referrer
Date/Time       30-Jun-10 06:31 PM
Stack Trace
java.security.AccessControlException: access denied (java.io.FilePermission C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfclasses\cfapp2ecfc1510154633.class read) at cfApplication2ecfm1979253838.runPage(F:\MySites\Site1\Application.cfm:16)

java.security.AccessControlException: access denied (java.io.FilePermission C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfclasses\cfapp2ecfc1510154633.class read)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    at java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
    at java.io.FileInputStream.<init>(FileInputStream.java:100)
    at coldfusion.runtime.TemplateClassLoader.getClassBytes(TemplateClassLoader.java:257)
    at coldfusion.runtime.TemplateClassLoader.access$300(TemplateClassLoader.java:50)
    at coldfusion.runtime.TemplateClassLoader$TemplateCache$1.fetch(TemplateClassLoader.java:401)
    at coldfusion.util.LruCache.get(LruCache.java:180)
    at coldfusion.runtime.TemplateClassLoader$TemplateCache.fetchSerial(TemplateClassLoader.java:362)
    at coldfusion.util.AbstractCache.fetch(AbstractCache.java:58)
    at coldfusion.util.SoftCache.get_statsOff(SoftCache.java:133)
    at coldfusion.util.SoftCache.get(SoftCache.java:81)
    at coldfusion.runtime.TemplateClassLoader.findClass(TemplateClassLoader.java:591)
    at coldfusion.cfc.ComponentProxyFactory.getProxy(ComponentProxyFactory.java:56)
    at coldfusion.runtime.CFPage.CreateObject(CFPage.java:4781)
    at coldfusion.runtime.CFPage.CreateObject(CFPage.java:4795)
    at cfApplication2ecfm1979253838.runPage(F:\MySites\Site1\Application.cfm:16)
    at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231)
    at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416)
    at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
    at coldfusion.filter.CfincludeFilter.include(CfincludeFilter.java:33)
    at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:261)
    at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
    at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
    at coldfusion.filter.PathFilter.invoke(PathFilter.java:87)
    at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
    at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
    at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
    at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
    at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
    at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
    at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:53)
    at coldfusion.CfmServlet.service(CfmServlet.java:200)
    at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
    at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
    at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
    at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
    at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
    at jrun.servlet.FilterChain.service(FilterChain.java:101)
    at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
    at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
    at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
    at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
    at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
    at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
    at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded