2012-05-18 23:41:43.072
org.apache.log4j.Logger error: Failed to start managers. java.security.AccessControlException: access denied (javax.security.auth.AuthPermission modifyPrincipals) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:355) at java.security.AccessController.checkPermission(AccessController.java:567) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:56) at javax.security.auth.Subject$SecureSet.add(Subject.java:1076) at java.util.Collections$SynchronizedCollection.add(Collections.java:1634) at org.apache.wiki.WikiSession.invalidate(WikiSession.java:615) at org.apache.wiki.WikiSession.guestSession(WikiSession.java:775) at org.apache.wiki.WikiSession.staticGuestSession(WikiSession.java:805) at org.apache.wiki.WikiSession.getWikiSession(WikiSession.java:744)
I also realized the in the development mode I added the following parameter to "Run" configuration : -D--enable_all_permissions=true just turning the security off. But of course it is out of my control in the production mode.
It seems that although javax.security.auth is listed on the Google App Engine list of supported packages it does not work and there is no way to overcome it.
So after spending some time I'm again at the very beginning with JSPWiki security. I see two options available : create security mechanism on my own or reuse some existing security framework (like Spring security).