You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chinoy Gupta <cg...@adobe.com> on 2016/10/03 03:57:58 UTC

RE: Unable to access Global JNDI Resource

Also if I comment the following lines, from ResourceLinkFactory.java and rebuild tomcat, it starts working:
	
           if (!validateGlobalResourceAccess(globalName)) {
                return null;
            }

Clearly it was introduced to make sure that only authorized apps can access that resource. My question is how can I make sure that my application is authorized?

Regards,
Chinoy

-----Original Message-----
From: Chinoy Gupta [mailto:cgupta@adobe.com] 
Sent: Friday, September 30, 2016 9:54 PM
To: Tomcat Users List <us...@tomcat.apache.org>
Subject: Re: Unable to access Global JNDI Resource

But the same thing is working in 8.0.36.

Regards,
Chinoy



On Fri, Sep 30, 2016 at 9:33 PM +0530, "Christopher Schultz" <ch...@christopherschultz.net>> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chinoy,

On 9/30/16 8:34 AM, Chinoy Gupta wrote:
> Hi Mark,
>
> The following is added in server.xml:
>
> <GlobalNamingResources> <!-- Editable user database that can also be 
> used by UserDatabaseRealm to authenticate users --> <Resource 
> name="UserDatabase" auth="Container"
> type="org.apache.catalina.UserDatabase" description="User database 
> that can be updated and saved"
> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> pathname="conf/tomcat-users.xml" />
>
> <Environment name="my/secret/password" value="JohnDoe"
> type="java.lang.String"/> </GlobalNamingResources>
>
> And the following is added in context.xml:
>
> <Environment name="my/local/test" value="local test"
> type="java.lang.String" override="false"/> <ResourceLink 
> name="my/secret/password" global="my/secret/password"
> type="java.lang.String" />
>
> If I try to get "my/local/test", it works and I get "local test".
> But if I try to get " my/secret/password", it returns NULL.

You aren't mapping it correctly.

Please have another look at the documentation for <ResourceLink>.

- -chris

> -----Original Message----- From: Mark Thomas [mailto:markt@apache.org] 
> Sent: Friday, September 30, 2016 6:00 PM
> To: Tomcat Users List <us...@tomcat.apache.org> Subject: Re: Unable to 
> access Global JNDI Resource
>
> On 30/09/2016 13:20, Chinoy Gupta wrote:
>> Hi Mark,
>>
>> This is my stacktrace:
>>
>> ResourceLinkFactory.validateGlobalResourceAccess(String) line:
>> 109 ResourceLinkFactory.getObjectInstance(Object, Name, Context,
>> Hashtable<?,?>) line: 142 NamingManager.getObjectInstance(Object,
>> Name, Context, Hashtable<?,?>) line: 321 NamingContext.lookup(Name, 
>> boolean) line: 847
>> NamingContext.lookup(Name) line: 158 NamingContext.lookup(Name,
>> boolean) line: 835 NamingContext.lookup(Name) line: 158 
>> NamingContext.lookup(Name, boolean) line: 835
>> NamingContext.lookup(String) line: 172
>>
>> validateGlobalResourceAccess function returns false and then 
>> getObjectInstance returns NULL.
>
> You haven't defined a ResourceLink.
>
> Mark
>
>>
>> Regards, Chinoy
>>
>>
>> -----Original Message----- From: Mark Thomas 
>> [mailto:markt@apache.org] Sent: Friday, September 30, 2016 5:28 PM 
>> To: Tomcat Users List <us...@tomcat.apache.org> Subject: Re:
>> Unable to access Global JNDI Resource
>>
>> On 30/09/2016 12:50, Chinoy Gupta wrote:
>>> I am getting NULL instead of the resource's value. I debugged the 
>>> tomcat code and figured out that in ResourceLinkFactory.java, before 
>>> fetching the resource there is a validation based on current 
>>> classloader. That validation fails and tomcat returns NULL.
>>
>> The above statement is not correct. If the class loader based 
>> validation fails, Tomcat throws an exception. It does not return 
>> null.
>>
>> Mark
>>
>>>
>>> -----Original Message----- From: Mark Thomas 
>>> [mailto:markt@apache.org] Sent: Friday, September 30, 2016 4:11 PM 
>>> To: Tomcat Users List <us...@tomcat.apache.org> Subject: Re:
>>> Unable to access Global JNDI Resource
>>>
>>> On 30/09/2016 11:30, Chinoy Gupta wrote:
>>>> Hi,
>>>>
>>>> I have a web application which runs on tomcat. In server.xml, I 
>>>> provide some resources under "<GlobalNamingResources> section" and 
>>>> then provide a ResourceLink to the same in context.xml. And then I 
>>>> fetch that resource in my application. This was working properly 
>>>> earlier but started breaking with 8.0.37.
>>>
>>> Define breaking. Ideally with a stack trace.
>>>
>>> Mark
>>>
>>>
>>>> I think the reason is the extra validation check introduced in 
>>>> ResourceLinkFactory class. My application has its own classloader 
>>>> and when I try to fetch the JNDI resource, the Thread's classloader 
>>>> is my custom one rather than the default one. Because of that 
>>>> validation fails and tomcat returns NULL. Is there a way to fix 
>>>> this through configuration or any other means?
>>>>
>>>> Regards, Chinoy
>>>>
>>>>
>>>
>>>
>>> --------------------------------------------------------------------
- -
>>>
>>>
>>
>>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>> --------------------------------------------------------------------
- -
>>>
>>>
>>
>>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX7oyjAAoJEBzwKT+lPKRYvLIQAITdoyz75Ya4wCnFf4byQiwB
tMasVsy+/f6umihE4V4LHzX3CjBM6Fd4EJJGS6IRjEm3Oo+WMgkkBNL18boVgy7r
ExliobjLIVC8b1wXV+gcznFDyZ54efSYF/0bDtsk6ZZ/hqoUflbcLcHmPRRXwFaZ
Hlv+EFnwZCcPKH0p8AFqPO5mvGrMxkjbnRulKbWdy8WlIFbRYwmv8ATXQjLyDs/4
7sYDt1TtJhTP7Yi+P1YyJ/VRTdqucARBf3Ua4oHSoPfYZYtX2/Vh4g+EHhhoSJTv
8A1M3455kDGrrjfHeNXsT4/x5hfrDaNWHKlhgpTSGuYO0sIJfmQDpLLj5nTSt8f+
hQbGAKKV3I9ZCsgWqCe+BP9XPONdzspx9DB+MB+eP06QSEUbwlp9Yelw3jcs9OIF
0lMU4kJOjrcQEcYRPh8ntFSy+OHvctBMFgahwUrrt5ePhAv2oBgMkQtfa3UbeyDx
BU9tw8oyC4/hWwp7vu0h12i1y51nE2CV4NFACsZFcbJ1sBrOPALPezlm10Mr1faU
mD5ndLQpmA/xIk1NmcxoRjm7narVMeazlYCRRdWEXezC0iVnv1Mi6yTOkzO6JLGO
0j48YRMeoPPDiuPnvNbAgbSy1MkaLr4st5RxxaNkarl3N1s0b3QH1mvvELy8J9mT
JvE0N58WDsxFcH7v+6m/
=LHQb
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org