You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by Raj Kumar <ko...@intalio.com> on 2001/09/27 00:23:32 UTC
Sealing violations with tomcat
hi,
I am getting the following error while starting tomcat.
Catalina.start: java.lang.SecurityException: sealing violation
java.lang.SecurityException: sealing violation
at java.net.URLClassLoader.defineClass(URLClassLoader.java:234)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at
org.apache.catalina.loader.StandardClassLoader.findClass(StandardClassLoader
.java:670)
at
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader
.java:1088)
at
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader
.java:987)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:486)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at
org.apache.catalina.loader.StandardClassLoader.findClass(StandardClassLoader
.java:670)
at
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader
.java:1088)
at
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader
.java:987)
at
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader
.java:1108)
at
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader
.java:987)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:120)
at
org.apache.catalina.util.xml.ObjectCreate.start(XmlMapper.java:616)
at
org.apache.catalina.util.xml.XmlMapper.matchStart(XmlMapper.java:412)
at
org.apache.catalina.util.xml.XmlMapper.startElement(XmlMapper.java:91)
at
org.xml.sax.helpers.XMLReaderAdapter.startElement(XMLReaderAdapter.java:329)
at
org.apache.xerces.parsers.SAXParser.startElement(SAXParser.java:1376)
at
org.apache.xerces.validators.common.XMLValidator.callStartElement(XMLValidat
or.java:1197)
at
org.apache.xerces.framework.XMLDocumentScanner.scanElement(XMLDocumentScanne
r.java:1862)
at
org.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.dispatch(XM
LDocumentScanner.java:1238)
at
org.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentScanner.
java:381)
at org.apache.xerces.framework.XMLParser.parse(XMLParser.java:1035)
at
org.xml.sax.helpers.XMLReaderAdapter.parse(XMLReaderAdapter.java:223)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:345)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:290)
at
org.apache.catalina.util.xml.XmlMapper.readXml(XmlMapper.java:228)
at org.apache.catalina.startup.Catalina.start(Catalina.java:687)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:657)
at org.apache.catalina.startup.Catalina.process(Catalina.java:178)
at java.lang.reflect.Method.invoke(Native Method)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:202)
can anybody help me fix this problem
thanks,
rajkumar
-----Original Message-----
From: Remy Maucherat [mailto:rmaucher1@home.com]
Sent: Wednesday, September 26, 2001 2:31 PM
To: slide-dev@jakarta.apache.org
Subject: Re: Inconsistencies in Webdav Access Control
> Raj Kumar wrote:
>
> > hi dirk,
> > I found the following inconsistencies in the implementation of the
webdav
> > Access Control Protocol.
> >
> > 1) Both "current-user-privilege-set" and "acl" properties on some
resources
> > returns the privilege DAV:all but the specification says that only
> > non-abstract privileges from the DAV:supported-privilege-set property
should
> > be returned(Section 5.3 last para).Hence the DAV:all privilege should
never
> > be returned for both acl and current-user-privilege set properties since
> > DAV:all is returned as an abstract privilege in the
supported-privilege-set
> > property.
> > 2)The acl method on resources must only contain non-abstract elements
> > specified in the DAV:supported-privilege-set of that resource.But the
acl
> > method is currently allowing setting of the privileges which are not
even
> > there in the supported-privilege-set property of the resource like
> > "read-revision-content", "read-revision-metadata", "grant-permission"
and
> > non-abstract privileges like DAV:all etc.
> > (Section 5.4.2)
> > 3) The propfind method implementation for a request on a resource for
the
> > "acl" property is inconsistent with the ACl method implementation .
For
> > example in the propfind implementation a principal is considered to have
> > "read" privilege only if
> > he has "readObject","readRevisionMetadata" ,"readRevisionContent"
privileges
> > used in slide.
> > boolean canRead = readObject && readRevisionMetadata &&
> > readRevisionContent;
> >
> > But the acl method implementation for "read" privilege request for a
> > principal grants "readObject","readRevisionMetadata",
> > "readRevisionContent" and also "readLocks" .Similarily for the "write"
> > privilege the principal is granted 8 privileges in slide in the acl
method
> > implementation but the propfind method request for the "acl" property
> > returns "write" only if the principal has ten slide privileges.
> > boolean canWrite = createObject && removeObject && lockObject
> > && readLocks && createRevisionMetadata
> > && modifyRevisionMetadata && removeRevisionMetadata
> > && createRevisionContent && modifyRevisionContent
> > && removeRevisionContent;
> >
> > thanks,
> > rajkumar
>
> I'll make DAV:all not-abstract (to support "grant all to user")
> and put a restriction on the use of the other privileges.
> Item 3, I have to look at the code but for the moment I don't have the
time,
> maybe next week.
Ok, I'll take care of that one then.
Remy
RE: Sealing violations with tomcat
Posted by Raj Kumar <ko...@intalio.com>.
hi remy,
I just tried changing the sealed attribute in the manifest file but i am
having the same problem .
I also tried with the latest xerces.jar(xerces 2 beta 2).If it is indeed
problem with the class loading which tomcat jar would i need to update to
fix the problem.
thanks
rajkumar
-----Original Message-----
From: Remy Maucherat [mailto:remm@apache.org]
Sent: Thursday, September 27, 2001 10:57 AM
To: slide-dev@jakarta.apache.org
Subject: Re: Sealing violations with tomcat
> hi remy,
> I tried by replacing jaxp and crimson jars with xerces.jar and it
throws
> the same error.
> I do not think the error has anything to do with slide.
> The error message is
> ERROR reading .\conf\server.xml
> At Line 26 /Server/Service/Engine/ name=Catalina
> defaultHost=localhost debug=0
>
> followed by the stack trace . Has tomcat ever being tested with xerces
> before?
If you don't have jaxp.jar or crimson.jar anywhere in your common/lib
folder, then if you put the Xerces JAR in common/lib, it should work (at
least it does for me). I tried with Xerces 2 (I don't think there are any
packaging differences from a JAXP point of view).
Also, we made a number of CL related fixes since 4.0 final. There were
problems in some relatively rare situations, caused by some bugs with the CL
loading order. That fix may help you (it will be in the 4.0.1 maitenance
release, which should be out soon).
Remy
RE: Sealing violations with tomcat
Posted by Raj Kumar <ko...@intalio.com>.
hi remy,
I tried using jaxp and crimson jars instead of the xerces jar but i am
still getting the same exception.
I also tried other combinations like using the catalina.jar and the
bootstrap.jar from the latest 4.0 tomcat release
as well as the nightly builds of tomcat.Is there anything else i can try
to fix this problem.
thanks,
rajkumar.
-----Original Message-----
From: Remy Maucherat [mailto:remm@apache.org]
Sent: Thursday, September 27, 2001 10:57 AM
To: slide-dev@jakarta.apache.org
Subject: Re: Sealing violations with tomcat
> hi remy,
> I tried by replacing jaxp and crimson jars with xerces.jar and it
throws
> the same error.
> I do not think the error has anything to do with slide.
> The error message is
> ERROR reading .\conf\server.xml
> At Line 26 /Server/Service/Engine/ name=Catalina
> defaultHost=localhost debug=0
>
> followed by the stack trace . Has tomcat ever being tested with xerces
> before?
If you don't have jaxp.jar or crimson.jar anywhere in your common/lib
folder, then if you put the Xerces JAR in common/lib, it should work (at
least it does for me). I tried with Xerces 2 (I don't think there are any
packaging differences from a JAXP point of view).
Also, we made a number of CL related fixes since 4.0 final. There were
problems in some relatively rare situations, caused by some bugs with the CL
loading order. That fix may help you (it will be in the 4.0.1 maitenance
release, which should be out soon).
Remy
Re: Sealing violations with tomcat
Posted by Remy Maucherat <re...@apache.org>.
> hi remy,
> I tried by replacing jaxp and crimson jars with xerces.jar and it
throws
> the same error.
> I do not think the error has anything to do with slide.
> The error message is
> ERROR reading .\conf\server.xml
> At Line 26 /Server/Service/Engine/ name=Catalina
> defaultHost=localhost debug=0
>
> followed by the stack trace . Has tomcat ever being tested with xerces
> before?
If you don't have jaxp.jar or crimson.jar anywhere in your common/lib
folder, then if you put the Xerces JAR in common/lib, it should work (at
least it does for me). I tried with Xerces 2 (I don't think there are any
packaging differences from a JAXP point of view).
Also, we made a number of CL related fixes since 4.0 final. There were
problems in some relatively rare situations, caused by some bugs with the CL
loading order. That fix may help you (it will be in the 4.0.1 maitenance
release, which should be out soon).
Remy
RE: Sealing violations with tomcat
Posted by Raj Kumar <ko...@intalio.com>.
hi remy,
I tried by replacing jaxp and crimson jars with xerces.jar and it throws
the same error.
I do not think the error has anything to do with slide.
The error message is
ERROR reading .\conf\server.xml
At Line 26 /Server/Service/Engine/ name=Catalina
defaultHost=localhost debug=0
followed by the stack trace . Has tomcat ever being tested with xerces
before?
I am using xerces final.
thanks,
rajkumar
-----Original Message-----
From: Remy Maucherat [mailto:remm@apache.org]
Sent: Wednesday, September 26, 2001 7:01 PM
To: slide-dev@jakarta.apache.org
Subject: Re: Sealing violations with tomcat
> hi remy,
> I am not using crimson.jar,jaxp.jar anywhere. I am only using
xerces(1.4).
> Do i need to have xerces.jar both in common\lib directory and the
> server\server\lib
> directory in order to run tomcat?
No, just replace crimson by Xerces in common/lib.
Are you using 4.0 final ?
If yes, can you at least run it without Slide ?
Remy
RE: Sealing violations with tomcat
Posted by Raj Kumar <ko...@intalio.com>.
hi remy,
I did some debugging and think that the error is probably because of the
sealed attribute of the
manifest file contained in the xerces jar file.Currently in my manifest
file the attribute is missing .
I will add the attribute and see if it works. There is more information
available at the following URL
about sealing jar files at
http://java.sun.com/j2se/1.4/docs/guide/extensions/spec.html#sealing
thanks,
rajkumar
-----Original Message-----
From: Remy Maucherat [mailto:remm@apache.org]
Sent: Wednesday, September 26, 2001 7:01 PM
To: slide-dev@jakarta.apache.org
Subject: Re: Sealing violations with tomcat
> hi remy,
> I am not using crimson.jar,jaxp.jar anywhere. I am only using
xerces(1.4).
> Do i need to have xerces.jar both in common\lib directory and the
> server\server\lib
> directory in order to run tomcat?
No, just replace crimson by Xerces in common/lib.
Are you using 4.0 final ?
If yes, can you at least run it without Slide ?
Remy
Re: Sealing violations with tomcat
Posted by Remy Maucherat <re...@apache.org>.
> hi remy,
> I am not using crimson.jar,jaxp.jar anywhere. I am only using
xerces(1.4).
> Do i need to have xerces.jar both in common\lib directory and the
> server\server\lib
> directory in order to run tomcat?
No, just replace crimson by Xerces in common/lib.
Are you using 4.0 final ?
If yes, can you at least run it without Slide ?
Remy
RE: Sealing violations with tomcat
Posted by Raj Kumar <ko...@intalio.com>.
hi remy,
I am not using crimson.jar,jaxp.jar anywhere. I am only using xerces(1.4).
Do i need to have xerces.jar both in common\lib directory and the
server\server\lib
directory in order to run tomcat?
thanks,
rajkumar
-----Original Message-----
From: Remy Maucherat [mailto:rmaucher1@home.com]
Sent: Wednesday, September 26, 2001 3:39 PM
To: slide-dev@jakarta.apache.org
Subject: Re: Sealing violations with tomcat
> hi,
> I am getting the following error while starting tomcat.
>
> Catalina.start: java.lang.SecurityException: sealing violation
> java.lang.SecurityException: sealing violation
> at java.net.URLClassLoader.defineClass(URLClassLoader.java:234)
> can anybody help me fix this problem
When using Xerces (1.4 or 2.0), you should remove JAXP 1.1 (jaxp.jar +
crimson.jar).
Remy
Re: Sealing violations with tomcat
Posted by Remy Maucherat <rm...@home.com>.
> hi,
> I am getting the following error while starting tomcat.
>
> Catalina.start: java.lang.SecurityException: sealing violation
> java.lang.SecurityException: sealing violation
> at java.net.URLClassLoader.defineClass(URLClassLoader.java:234)
> can anybody help me fix this problem
When using Xerces (1.4 or 2.0), you should remove JAXP 1.1 (jaxp.jar +
crimson.jar).
Remy