CSV Lookup Plugin fails to load in DLP and the localhost log shows "access denied"
search cancel

CSV Lookup Plugin fails to load in DLP and the localhost log shows "access denied"


Article ID: 160021


Updated On:


Data Loss Prevention Enforce Data Loss Prevention



CSV lookup fail to load in the Enforce Console Lookup Plugins after configuring the attribute mappings.

In the Tomcat localhost log you see the following information: 

java.security.AccessControlException: access denied (java.io.FilePermission D:\xxxx.csv write)


                at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

                at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

                at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)

                at java.lang.reflect.Constructor.newInstance(Constructor.java:513)

                at com.vontu.enforce.workflow.attributes.csv.CsvLookupFactory.<init>(CsvLookupFactory.java:23)

                at com.vontu.enforce.workflow.attributes.csv.CsvLookupFactoryInitializer.getLookupFactory(CsvLookupFactoryInitializer.java:44)

                at com.vontu.enforce.workflow.attributes.AttributeLookupLoader.createPluginFactory(AttributeLookupLoader.java:107)

                at com.vontu.enforce.workflow.attributes.AttributeLookupLoader.loadFromDatabase(AttributeLookupLoader.java:91)

                at com.vontu.enforce.workflow.attributes.AttributeLookupLoader.getPluginChain(AttributeLookupLoader.java:69)

                at com.vontu.enforce.workflow.attributes.AttributeLookupLoader$$FastClassByCGLIB$$80368f70.invoke(<generated>)

                at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)

                at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:688)

                at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)

                at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)

                at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

                at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:621)

                at com.vontu.enforce.workflow.attributes.AttributeLookupLoader$$EnhancerByCGLIB$$3242ac86.getPluginChain(<generated>)

                at com.vontu.enforce.workflow.attributes.CustomAttributeLookup.doReloadPlugins(CustomAttributeLookup.java:133)

                at com.vontu.enforce.workflow.attributes.CustomAttributeLookup.reloadPlugins(CustomAttributeLookup.java:533)

                at com.vontu.manager.lookupPlugins.PluginReloadService.reloadPlugins(PluginReloadService.java:110)

                at com.vontu.manager.lookupPlugins.PluginReloadService.doReload(PluginReloadService.java:97)

                at com.vontu.manager.lookupPlugins.PluginReloadService$PluginReloadTask.run(PluginReloadService.java:135)

                at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

                at java.lang.Thread.run(Thread.java:662)

Caused by: java.security.AccessControlException: access denied (java.io.FilePermission D:\xxxx.csv write)

                at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)

                at java.security.AccessController.checkPermission(AccessController.java:546)

                at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

                at java.lang.SecurityManager.checkWrite(SecurityManager.java:962)

                at java.io.RandomAccessFile.<init>(RandomAccessFile.java:208)

                at com.vontu.lookup.csv.DerbyDatabaseAdapter.appendNewLineToEOF(DerbyDatabaseAdapter.java:466)

                at com.vontu.lookup.csv.DerbyDatabaseAdapter.populateDatabase(DerbyDatabaseAdapter.java:362)

                at com.vontu.lookup.csv.DatabaseDocManager.populateDBCache(DatabaseDocManager.java:56)

                at com.vontu.lookup.csv.DatabaseDocManager.<init>(DatabaseDocManager.java:28)

                at com.vontu.lookup.csv.CsvLookup.<init>(CsvLookup.java:16)

                ... 25 more

03 Oct 2013 09:48:38,511- Thread: 21 INFO [com.vontu.enforce.workflow.attributes.CustomAttributeLookup] No Custom Attribute Lookup Plug-in was loaded. No Custom Attribute Lookup Plug-in was found.


Assigning the "protect" user system account to the folder where the CSV data file exists does not resolve the issue.



- Verify that the CSV file conforms to the requirements. If more than 10% of the rows in the CSV file violate any of the CSV file requirements, the lookup plug-in does not load.

See “Requirements for creating the CSV file” in the DLP online help center.

- Verify that the delimiter you selected is the one used in the CSV file. Note that the system defaults to comma, whereas the recommendation is pipe.

See “Choosing the CSV file delimiter” in the DLP online help center.

- Verify the attribute mapping. There is no system-provided validation for the attribute map. Make sure that your attribute map adheres to the correct syntax.

         See "Mapping attributes and parameter keys to CSV fields" in the DLP online help center.

Common syntactical errors include:

■ Every entry in the attribute mapping field is case-sensitive.

■ Spaces in attribute and column names must be identified by a backslash.

■ For every attribute=column pair, the data to the right of the equals sign (=) must be a column header name in your CSV file.

Note: The data to the left is your custom attribute that will be visible in your Incident and also in your Custom Attribute tab on "System > Incident Data > Attributes" page in the Enforce UI console.

■ Keys are column header names, not incident attributes.

- Verify that your data contained in the columns does not contain the character used as your delimiter, i.e. if you are using the comma [,] as your delimiter then your column data should not include a comma, use a different delimiter such as the pipe [|] in that case.

- Verify that a backslash is prepended before each instance of a white-space character in a attribute or column name. 

For example attr.Employee\ Email = Emp\ email maps the "Employee Email" custom attribute to the "emp email" column head.

- Verify your key is correct, ensure that your CSV file contains a valid column header name that is mapped to the same type of attribute,

For example attr.sender-email=Email where the column header name is Email, (the column header name in your CSV file does not have to contain the word key to be a key).


- If the plug-in continues to fail to load, or the plug-in fails to return looked up values, check the file enable "Custom Attribute Lookup Logging" for more detailed logging in your Tomcat localhost log

In the Enforce console go to System > Servers > Logs
Click on the Configuration tab
For the Enforce Server click into the "Diagnostic Logging Setting" drop down box and select "Custom Attribute Lookup Logging"
Then click on the "Configure Logs" button.

Localhost log location:



- Additionally, see both the "Testing and troubleshooting the CSV Lookup Plug-In" and the “Troubleshooting lookup plug-ins” in the DLP online help center.


Here are links for the 16.0 version of the DLP online help center pages mentioned above.

Requirements for creating the CSV file

Choosing the CSV file delimiter

Mapping attributes and parameter keys to CSV fields

Testing and troubleshooting the CSV Lookup Plug-In

Troubleshooting lookup plug-ins