Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-37697

SecurityException thrown while trying to expand a zip file as a website

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.9.0
    • Fix Version/s: 2.9.0
    • Component/s: Lessons
    • Labels:
      None
    • Environment:
      Demo version of Sakai 2.9 rc02
    • Previous Issue Keys:
      LSNBLDR-130

      Description

      Try and load in a website as a zip file and the following stack trace is thrown. Zip file included.

      2012-10-19 15:58:55,222 INFO http-bio-8080-exec-6 org.sakaiproject.lessonbuildertool.tool.beans.SimplePageBean - Failed to delete expanded collection
      2012-10-19 15:58:55,242 ERROR http-bio-8080-exec-6 org.sakaiproject.content.impl.BaseContentService - Zip file for resource (/group/9437dff2-8856-4c22-952b-fa27d8b4c013/Lessons/bigempty-1.zip) would be too large after unzip so it cannot be expanded, totalSize(1073741824) exceeds the resource quota
      2012-10-19 15:58:55,242 ERROR http-bio-8080-exec-6 org.sakaiproject.lessonbuildertool.tool.beans.SimplePageBean - SecurityException thrown by expandZippedResource method lookup
      java.lang.reflect.InvocationTargetException
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:601)
      at org.sakaiproject.lessonbuildertool.tool.beans.SimplePageBean.expandZippedResource(SimplePageBean.java:5300)
      at org.sakaiproject.lessonbuildertool.tool.beans.SimplePageBean.addMultimedia(SimplePageBean.java:4500)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:601)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:23)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:17)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:77)
      at uk.org.ponder.reflect.ReflectiveCache.invokeMethod(ReflectiveCache.java:141)
      at uk.org.ponder.mapping.support.DARApplier.invokeBeanMethod(DARApplier.java:179)
      at uk.org.ponder.rsf.state.support.RSVCApplier.invokeAction(RSVCApplier.java:218)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler$1.run(RSFActionHandler.java:189)
      at uk.org.ponder.util.CollectingRunnableInvoker$1.run(CollectingRunnableInvoker.java:25)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper.invokeRunnable(BasicScopedAlterationWrapper.java:59)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$FastClassByCGLIB$$84f89202.invoke(<generated>)
      at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
      at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:628)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$EnhancerByCGLIB$$100f0a2f.invokeRunnable(<generated>)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$FastClassByCGLIB$$84f89202.invoke(<generated>)
      at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
      at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:628)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$EnhancerByCGLIB$$100f0a2f.invokeRunnable(<generated>)
      at uk.org.ponder.util.CollectingRunnableInvoker$1.run(CollectingRunnableInvoker.java:29)
      at uk.org.ponder.util.CollectingRunnableInvoker.invokeWrappers(CollectingRunnableInvoker.java:22)
      at uk.org.ponder.util.CollectingRunnableInvoker.invokeRunnable(CollectingRunnableInvoker.java:14)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler.handle(RSFActionHandler.java:165)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler$$FastClassByCGLIB$$e3b6899d.invoke(<generated>)
      at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
      at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:628)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler$$EnhancerByCGLIB$$a3edfaa8.handle(<generated>)
      at uk.org.ponder.rsf.processor.support.RootHandlerBeanBase.handlePost(RootHandlerBeanBase.java:125)
      at uk.org.ponder.rsf.processor.support.RootHandlerBeanBase.handle(RootHandlerBeanBase.java:82)
      at sun.reflect.GeneratedMethodAccessor717.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:601)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:23)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:17)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:77)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.createBean(RSACBeanLocatorImpl.java:553)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.access$000(RSACBeanLocatorImpl.java:75)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl$1.run(RSACBeanLocatorImpl.java:449)
      at uk.org.ponder.rsac.RSACErrorBridge.invokeRunnable(RSACErrorBridge.java:38)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.createBean(RSACBeanLocatorImpl.java:447)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.getLocalBean(RSACBeanLocatorImpl.java:348)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.getBean(RSACBeanLocatorImpl.java:379)
      at uk.org.ponder.rsac.support.PerRequestInfo$1.locateBean(PerRequestInfo.java:49)
      at uk.ac.cam.caret.sakai.rsf.servlet.ReasonableSakaiServlet.service(ReasonableSakaiServlet.java:65)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:634)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
      at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:471)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:369)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329)
      at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:511)
      at org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1470)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doTool(ToolHandler.java:213)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doGet(ToolHandler.java:96)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doPost(ToolHandler.java:73)
      at org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1260)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:695)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:185)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:269)
      at org.apache.coyotet cannot be expanded, totalSize(1073741824) exceeds the resource quota
      2012-10-19 15:58:55,242 ERROR http-bio-8080-exec-6 org.sakaiproject.lessonbuildertool.tool.beans.SimplePageBean - SecurityException thrown by expandZippedResource method lookup
      java.lang.reflect.InvocationTargetException
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:601)
      at org.sakaiproject.lessonbuildertool.tool.beans.SimplePageBean.expandZippedResource(SimplePageBean.java:5300)
      at org.sakaiproject.lessonbuildertool.tool.beans.SimplePageBean.addMultimedia(SimplePageBean.java:4500)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:601)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:23)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:17)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:77)
      at uk.org.ponder.reflect.ReflectiveCache.invokeMethod(ReflectiveCache.java:141)
      at uk.org.ponder.mapping.support.DARApplier.invokeBeanMethod(DARApplier.java:179)
      at uk.org.ponder.rsf.state.support.RSVCApplier.invokeAction(RSVCApplier.java:218)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler$1.run(RSFActionHandler.java:189)
      at uk.org.ponder.util.CollectingRunnableInvoker$1.run(CollectingRunnableInvoker.java:25)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper.invokeRunnable(BasicScopedAlterationWrapper.java:59)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$FastClassByCGLIB$$84f89202.invoke(<generated>)
      at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
      at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:628)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$EnhancerByCGLIB$$100f0a2f.invokeRunnable(<generated>)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$FastClassByCGLIB$$84f89202.invoke(<generated>)
      at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
      at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:628)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$EnhancerByCGLIB$$100f0a2f.invokeRunnable(<generated>)
      at uk.org.ponder.util.CollectingRunnableInvoker$1.run(CollectingRunnableInvoker.java:29)
      at uk.org.ponder.util.CollectingRunnableInvoker.invokeWrappers(CollectingRunnableInvoker.java:22)
      at uk.org.ponder.util.CollectingRunnableInvoker.invokeRunnable(CollectingRunnableInvoker.java:14)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler.handle(RSFActionHandler.java:165)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler$$FastClassByCGLIB$$e3b6899d.invoke(<generated>)
      at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
      at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:628)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler$$EnhancerByCGLIB$$a3edfaa8.handle(<generated>)
      at uk.org.ponder.rsf.processor.support.RootHandlerBeanBase.handlePost(RootHandlerBeanBase.java:125)
      at uk.org.ponder.rsf.processor.support.RootHandlerBeanBase.handle(RootHandlerBeanBase.java:82)
      at sun.reflect.GeneratedMethodAccessor717.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:601)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:23)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:17)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:77)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.createBean(RSACBeanLocatorImpl.java:553)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.access$000(RSACBeanLocatorImpl.java:75)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl$1.run(RSACBeanLocatorImpl.java:449)
      at uk.org.ponder.rsac.RSACErrorBridge.invokeRunnable(RSACErrorBridge.java:38)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.createBean(RSACBeanLocatorImpl.java:447)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.getLocalBean(RSACBeanLocatorImpl.java:348)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.getBean(RSACBeanLocatorImpl.java:379)
      at uk.org.ponder.rsac.support.PerRequestInfo$1.locateBean(PerRequestInfo.java:49)
      at uk.ac.cam.caret.sakai.rsf.servlet.ReasonableSakaiServlet.service(ReasonableSakaiServlet.java:65)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:634)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
      at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:471)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:369)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329)
      at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:511)
      at org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1470)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doTool(ToolHandler.java:213)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doGet(ToolHandler.java:96)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doPost(ToolHandler.java:73)
      at org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1260)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:695)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:185)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:269)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
      at java.lang.Thread.run(Thread.java:722)
      Caused by: org.sakaiproject.exception.OverQuotaException ref: /content/group/9437dff2-8856-4c22-952b-fa27d8b4c013/Lessons/bigempty-1.zip
      at org.sakaiproject.content.impl.BaseContentService.expandZippedResource(BaseContentService.java:13399)
      ... 89 more
      2012-10-19 15:58:55,245 WARN http-bio-8080-exec-6 org.sakaiproject.util.ResourceLoader - bundle 'messages' missing key: 'simplepage.website.cantexpand' from: org.sakaiproject.lessonbuildertool.util.ResourceLoaderMessageSource.resolveCodeWithoutArguments(ResourceLoaderMessageSource.java:57)
      .AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
      at java.lang.Thread.run(Thread.java:722)
      Caused by: org.sakaiproject.exception.OverQuotaException ref: /content/group/9437dff2-8856-4c22-952b-fa27d8b4c013/Lessons/bigempty-1.zip
      at org.sakaiproject.content.impl.BaseContentService.expandZippedResource(BaseContentService.java:13399)
      ... 89 more
      2012-10-19 15:58:55,245 WARN http-bio-8080-exec-6 org.sakaiproject.util.ResourceLoader - bundle 'messages' missing key: 'simplepage.website.cantexpand' from: org.sakaiproject.lessonbuildertool.util.ResourceLoaderMessageSource.resolveCodeWithoutArguments(ResourceLoaderMessageSource.java:57)

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  Assignee:
                  hedrick Charles Hedrick
                  Reporter:
                  a.m.berg@uva.nl Alan Berg
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration