You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2015/11/04 18:52:20 UTC
[Bug 58585] New: Tomcat 9.0.0-dev (@r1712593) AccessControlException
on first access via HTTPS
https://bz.apache.org/bugzilla/show_bug.cgi?id=58585
Bug ID: 58585
Summary: Tomcat 9.0.0-dev (@r1712593) AccessControlException on
first access via HTTPS
Product: Tomcat 9
Version: unspecified
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: knst.kolinko@gmail.com
Encountered while testing Tomcat-Native 1.2.1 release candidate with current
Tomcat 9 trunk (at revision 1712593)
For some reason this issue does not happen with http://localhost:8080/, but it
does happen with https://localhost:8443/
I am on Windows 7 using Java 8u66 32-bit
Steps to reproduce:
1. Copy tcnative-1.dll into ${catalina.home}/bin
2. Copy the following files from source directory
test\org\apache\tomcat\util\net\ into ${catalina.home}/conf:
localhost-cert.pem
localhost-key.pem
3. In conf/server.xml configure the following connector
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig honorCipherOrder="false" >
<Certificate certificateKeyFile="conf/localhost-key.pem"
certificateFile="conf/localhost-cert.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
(It is the same as commented example, but certificateKeyFile and
certificateFile are updated to match file names, s/-rsa-/-/ )
4. Set JAVA_HOME and start Tomcat with SecurityManager enabled.
cd bin
catalina.bat start -security
5. Access https://localhost:8443/
I am using Firefox 41.0.2
The page fails with error 500 during execution of JSP page.
java.security.AccessControlException: access denied
("java.lang.RuntimePermission"
"accessClassInPackage.org.apache.tomcat.util.buf")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:311)
at java.lang.ClassLoader.loadClass(ClassLoader.java:411)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at
org.apache.catalina.connector.OutputBuffer.setConverter(OutputBuffer.java:561)
at
org.apache.catalina.connector.OutputBuffer.checkConverter(OutputBuffer.java:546)
at org.apache.catalina.connector.Response.getWriter(Response.java:598)
at
org.apache.catalina.connector.ResponseFacade.getWriter(ResponseFacade.java:211)
at org.apache.jasper.runtime.JspWriterImpl.initOut(JspWriterImpl.java:115)
at
org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:108)
at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:326)
at java.io.Writer.write(Writer.java:157)
at org.apache.jsp.index_jsp._jspService(index_jsp.java:322)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
If I refresh the page, it shows up successfully.
If I restart Tomcat, the first access to https://localhost:8443/ fails as well,
so JSP compilation does not affect it.
If the first access is via https://localhost:8080/, it shows up successfully.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58585] Tomcat 9.0.0-dev (@r1712593) AccessControlException on
first access via HTTPS
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58585
--- Comment #2 from Konstantin Kolinko <kn...@gmail.com> ---
Created attachment 33257
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33257&action=edit
localhost.2015-11-04.log with full stacktrace for Comment 0
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58585] Tomcat 9.0.0-dev (@r1712593) AccessControlException on
first access via HTTPS
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58585
Konstantin Kolinko <kn...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Konstantin Kolinko <kn...@gmail.com> ---
Further testing, with HTTP,
The following page (A Servlet 4.0 push example) fails as well
http://localhost:8080/examples/servlets/serverpush/simpleimage
java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "accessClassInPackage.org.apache.catalina.core")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:311)
at java.lang.ClassLoader.loadClass(ClassLoader.java:411)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at org.apache.catalina.connector.Request.getPushBuilder(Request.java:1832)
at
org.apache.catalina.connector.RequestFacade.getPushBuilder(RequestFacade.java:1125)
at http2.SimpleImagePush.doGet(SimpleImagePush.java:36)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58585] Tomcat 9.0.0-dev (@r1712593) AccessControlException on
first access via HTTPS
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58585
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Mark Thomas <ma...@apache.org> ---
Thanks. Fixed, along with a couple of others thsat emerged once these were
fixed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 58585] Tomcat 9.0.0-dev (@r1712593) AccessControlException on
first access via HTTPS
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58585
--- Comment #3 from Konstantin Kolinko <kn...@gmail.com> ---
Created attachment 33258
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33258&action=edit
localhost.2015-11-04.log with full stacktrace for Comment 1
For issue in Comment 1 refreshing the page does not help, access is still
denied.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org