You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chinoy Gupta <cg...@adobe.com> on 2016/10/03 03:57:58 UTC
RE: Unable to access Global JNDI Resource
Also if I comment the following lines, from ResourceLinkFactory.java and rebuild tomcat, it starts working:
if (!validateGlobalResourceAccess(globalName)) {
return null;
}
Clearly it was introduced to make sure that only authorized apps can access that resource. My question is how can I make sure that my application is authorized?
Regards,
Chinoy
-----Original Message-----
From: Chinoy Gupta [mailto:cgupta@adobe.com]
Sent: Friday, September 30, 2016 9:54 PM
To: Tomcat Users List <us...@tomcat.apache.org>
Subject: Re: Unable to access Global JNDI Resource
But the same thing is working in 8.0.36.
Regards,
Chinoy
On Fri, Sep 30, 2016 at 9:33 PM +0530, "Christopher Schultz" <ch...@christopherschultz.net>> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Chinoy,
On 9/30/16 8:34 AM, Chinoy Gupta wrote:
> Hi Mark,
>
> The following is added in server.xml:
>
> <GlobalNamingResources> <!-- Editable user database that can also be
> used by UserDatabaseRealm to authenticate users --> <Resource
> name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase" description="User database
> that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
>
> <Environment name="my/secret/password" value="JohnDoe"
> type="java.lang.String"/> </GlobalNamingResources>
>
> And the following is added in context.xml:
>
> <Environment name="my/local/test" value="local test"
> type="java.lang.String" override="false"/> <ResourceLink
> name="my/secret/password" global="my/secret/password"
> type="java.lang.String" />
>
> If I try to get "my/local/test", it works and I get "local test".
> But if I try to get " my/secret/password", it returns NULL.
You aren't mapping it correctly.
Please have another look at the documentation for <ResourceLink>.
- -chris
> -----Original Message----- From: Mark Thomas [mailto:markt@apache.org]
> Sent: Friday, September 30, 2016 6:00 PM
> To: Tomcat Users List <us...@tomcat.apache.org> Subject: Re: Unable to
> access Global JNDI Resource
>
> On 30/09/2016 13:20, Chinoy Gupta wrote:
>> Hi Mark,
>>
>> This is my stacktrace:
>>
>> ResourceLinkFactory.validateGlobalResourceAccess(String) line:
>> 109 ResourceLinkFactory.getObjectInstance(Object, Name, Context,
>> Hashtable<?,?>) line: 142 NamingManager.getObjectInstance(Object,
>> Name, Context, Hashtable<?,?>) line: 321 NamingContext.lookup(Name,
>> boolean) line: 847
>> NamingContext.lookup(Name) line: 158 NamingContext.lookup(Name,
>> boolean) line: 835 NamingContext.lookup(Name) line: 158
>> NamingContext.lookup(Name, boolean) line: 835
>> NamingContext.lookup(String) line: 172
>>
>> validateGlobalResourceAccess function returns false and then
>> getObjectInstance returns NULL.
>
> You haven't defined a ResourceLink.
>
> Mark
>
>>
>> Regards, Chinoy
>>
>>
>> -----Original Message----- From: Mark Thomas
>> [mailto:markt@apache.org] Sent: Friday, September 30, 2016 5:28 PM
>> To: Tomcat Users List <us...@tomcat.apache.org> Subject: Re:
>> Unable to access Global JNDI Resource
>>
>> On 30/09/2016 12:50, Chinoy Gupta wrote:
>>> I am getting NULL instead of the resource's value. I debugged the
>>> tomcat code and figured out that in ResourceLinkFactory.java, before
>>> fetching the resource there is a validation based on current
>>> classloader. That validation fails and tomcat returns NULL.
>>
>> The above statement is not correct. If the class loader based
>> validation fails, Tomcat throws an exception. It does not return
>> null.
>>
>> Mark
>>
>>>
>>> -----Original Message----- From: Mark Thomas
>>> [mailto:markt@apache.org] Sent: Friday, September 30, 2016 4:11 PM
>>> To: Tomcat Users List <us...@tomcat.apache.org> Subject: Re:
>>> Unable to access Global JNDI Resource
>>>
>>> On 30/09/2016 11:30, Chinoy Gupta wrote:
>>>> Hi,
>>>>
>>>> I have a web application which runs on tomcat. In server.xml, I
>>>> provide some resources under "<GlobalNamingResources> section" and
>>>> then provide a ResourceLink to the same in context.xml. And then I
>>>> fetch that resource in my application. This was working properly
>>>> earlier but started breaking with 8.0.37.
>>>
>>> Define breaking. Ideally with a stack trace.
>>>
>>> Mark
>>>
>>>
>>>> I think the reason is the extra validation check introduced in
>>>> ResourceLinkFactory class. My application has its own classloader
>>>> and when I try to fetch the JNDI resource, the Thread's classloader
>>>> is my custom one rather than the default one. Because of that
>>>> validation fails and tomcat returns NULL. Is there a way to fix
>>>> this through configuration or any other means?
>>>>
>>>> Regards, Chinoy
>>>>
>>>>
>>>
>>>
>>> --------------------------------------------------------------------
- -
>>>
>>>
>>
>>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>> --------------------------------------------------------------------
- -
>>>
>>>
>>
>>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJX7oyjAAoJEBzwKT+lPKRYvLIQAITdoyz75Ya4wCnFf4byQiwB
tMasVsy+/f6umihE4V4LHzX3CjBM6Fd4EJJGS6IRjEm3Oo+WMgkkBNL18boVgy7r
ExliobjLIVC8b1wXV+gcznFDyZ54efSYF/0bDtsk6ZZ/hqoUflbcLcHmPRRXwFaZ
Hlv+EFnwZCcPKH0p8AFqPO5mvGrMxkjbnRulKbWdy8WlIFbRYwmv8ATXQjLyDs/4
7sYDt1TtJhTP7Yi+P1YyJ/VRTdqucARBf3Ua4oHSoPfYZYtX2/Vh4g+EHhhoSJTv
8A1M3455kDGrrjfHeNXsT4/x5hfrDaNWHKlhgpTSGuYO0sIJfmQDpLLj5nTSt8f+
hQbGAKKV3I9ZCsgWqCe+BP9XPONdzspx9DB+MB+eP06QSEUbwlp9Yelw3jcs9OIF
0lMU4kJOjrcQEcYRPh8ntFSy+OHvctBMFgahwUrrt5ePhAv2oBgMkQtfa3UbeyDx
BU9tw8oyC4/hWwp7vu0h12i1y51nE2CV4NFACsZFcbJ1sBrOPALPezlm10Mr1faU
mD5ndLQpmA/xIk1NmcxoRjm7narVMeazlYCRRdWEXezC0iVnv1Mi6yTOkzO6JLGO
0j48YRMeoPPDiuPnvNbAgbSy1MkaLr4st5RxxaNkarl3N1s0b3QH1mvvELy8J9mT
JvE0N58WDsxFcH7v+6m/
=LHQb
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org