CSV Lookup Plugin fails to load in Version 11.6.x - localhost log shows access denied


Article ID: 160021


Updated On:


Data Loss Prevention Enforce


CSV lookup fail to load in the Enforce Console Lookup Plugins after configuring the attribute mappings in version 11.6 and later.

In the Tomcat localhost log you see the the following information: 

java.security.AccessControlException: access denied (java.io.FilePermission D:\xxxx.csv write)


                at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

                at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

                at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)

                at java.lang.reflect.Constructor.newInstance(Constructor.java:513)

                at com.vontu.enforce.workflow.attributes.csv.CsvLookupFactory.<init>(CsvLookupFactory.java:23)

                at com.vontu.enforce.workflow.attributes.csv.CsvLookupFactoryInitializer.getLookupFactory(CsvLookupFactoryInitializer.java:44)

                at com.vontu.enforce.workflow.attributes.AttributeLookupLoader.createPluginFactory(AttributeLookupLoader.java:107)

                at com.vontu.enforce.workflow.attributes.AttributeLookupLoader.loadFromDatabase(AttributeLookupLoader.java:91)

                at com.vontu.enforce.workflow.attributes.AttributeLookupLoader.getPluginChain(AttributeLookupLoader.java:69)

                at com.vontu.enforce.workflow.attributes.AttributeLookupLoader$$FastClassByCGLIB$$80368f70.invoke(<generated>)

                at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)

                at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:688)

                at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)

                at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)

                at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

                at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:621)

                at com.vontu.enforce.workflow.attributes.AttributeLookupLoader$$EnhancerByCGLIB$$3242ac86.getPluginChain(<generated>)

                at com.vontu.enforce.workflow.attributes.CustomAttributeLookup.doReloadPlugins(CustomAttributeLookup.java:133)

                at com.vontu.enforce.workflow.attributes.CustomAttributeLookup.reloadPlugins(CustomAttributeLookup.java:533)

                at com.vontu.manager.lookupPlugins.PluginReloadService.reloadPlugins(PluginReloadService.java:110)

                at com.vontu.manager.lookupPlugins.PluginReloadService.doReload(PluginReloadService.java:97)

                at com.vontu.manager.lookupPlugins.PluginReloadService$PluginReloadTask.run(PluginReloadService.java:135)

                at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

                at java.lang.Thread.run(Thread.java:662)

Caused by: java.security.AccessControlException: access denied (java.io.FilePermission D:\xxxx.csv write)

                at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)

                at java.security.AccessController.checkPermission(AccessController.java:546)

                at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

                at java.lang.SecurityManager.checkWrite(SecurityManager.java:962)

                at java.io.RandomAccessFile.<init>(RandomAccessFile.java:208)

                at com.vontu.lookup.csv.DerbyDatabaseAdapter.appendNewLineToEOF(DerbyDatabaseAdapter.java:466)

                at com.vontu.lookup.csv.DerbyDatabaseAdapter.populateDatabase(DerbyDatabaseAdapter.java:362)

                at com.vontu.lookup.csv.DatabaseDocManager.populateDBCache(DatabaseDocManager.java:56)

                at com.vontu.lookup.csv.DatabaseDocManager.<init>(DatabaseDocManager.java:28)

                at com.vontu.lookup.csv.CsvLookup.<init>(CsvLookup.java:16)

                ... 25 more

03 Oct 2013 09:48:38,511- Thread: 21 INFO [com.vontu.enforce.workflow.attributes.CustomAttributeLookup] No Custom Attribute Lookup Plug-in was loaded. No Custom Attribute Lookup Plug-in was found.

Assigning the protect user system account to the folder where the CSV data file exists does not resolve the issue.


- Verify that the CSV file conforms to the requirements. If more than 10% of the rows in the CSV file violate any of the CSV file requirements, the lookup plug-in does not load.

See “Requirements for creating the CSV file” on page 1001 of your 11.6/Later Admin Guide.

- Verify that the delimiter you selected is the one used in the CSV file. Note that the system defaults to comma, whereas the recommendation is pipe.

See “Choosing the CSV file delimiter” on page 1003 of your 11.6/Later Admin Guide.

- Verify the attribute mapping. There is no system-provided validation for the attribute map. Make sure that your attribute map adheres to the correct syntax.

Common syntactical errors include:

■ Every entry in the attribute mapping field is case sensitive.

■ Spaces in attribute and column names must be identified by a backslash.

■ For every attribute=column pair, the data to the right of the equals sign (=) must be a column header name in your CSV file.

Note: The data to the left is your custom attribute that will be visible in your Incident and also in your Custom Attribute tab on "System > Incident Data > Attributes" page in the Enforce UI console.

■ Keys are column header names, not incident attributes.

- Verify that your data contained in the columns does not contain the character used as your delimiter, i.e. if you are using the comma [,] as your delimiter then your column data should not include a comma, use a different delimiter such as the pipe [|] in that case.

- Verify that a backslash is prepended before each instance of a white-space character in a attribute or column name. 

For example attr.Employee\ Email = Emp\ email maps the "Employee Email" custom attribute to the "emp email" column head.

- Verify your key is correct, ensure that your CSV file contains a valid column header name that is mapped to the same type of attribute,

For example attr.sender-email=Email where the column header name is Email, (the column header name in your CSV file does not have to contain the word key to be a key).

- If the plug-in continues to fail to load, or the plug-in fails to return looked up values, check the file enable "Custom Attribute Lookup Logging" for more detailed logging in your Tomcat localhost log

In the Enforce console go to System > Servers > Logs
Click on the Configuration tab
For the Enforce Server click into the "Diagnostic Logging Setting" drop down box and select "Custom Attribute Lookup Logging"
Then click on the "Configure Logs" button.

Log location:


Where \Vontu or \SymantecDLP is your installation location.

- Additionally see “Troubleshooting lookup plug-ins” on page 996 of your 11.6/later Admin Guide