You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by Oleg V Alexeev <go...@penza.net> on 2001/06/25 20:15:33 UTC
Struts in Tomcat 4.0
Hello struts-dev,
Has anyone answer to question about struts using in Tomcat 4.0
environment? Now I try to deploy my struts development application
to the Tomcat 4.0. After call to any URL in application I have
exception in screen -
java.lang.SecurityException: sealing violation
at java.net.URLClassLoader.defineClass(URLClassLoader.java:234)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at org.apache.catalina.loader.StandardClassLoader.findClass(StandardClassLoader.java:670)
at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:1088)
at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:987)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
at org.apache.jasper.compiler.TldLocationsCache.processWebDotXml(TldLocationsCache.java:164)
at org.apache.jasper.compiler.TldLocationsCache.(TldLocationsCache.java:138)
at org.apache.jasper.EmbededServletOptions.(EmbededServletOptions.java:324)
I think that it is security problem, but all my catalina.policy file
modifications does not any effect. What is a problem?
I use jdbc2_0-stdext.jar, rowset.jar and JDBC driver (DB2 app driver
- local JNI call to the thick client) as additional libs. All this
stuff is placed to the extensions directory - JAVA_HOME/jre/lib/ext
Tomcat 3.2.2 work fine with it, but Tomcat 4.0 throws sealing
exception.
--
Best regards,
Oleg mailto:gonza@penza.net
Re: Re[2]: Struts in Tomcat 4.0
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Tue, 26 Jun 2001, Oleg V Alexeev wrote:
> Hello Craig,
>
> Thank you, now all is ok. But one problem. If I set -security option
> to start Catalina then I view exception 'ClassNotFound' at struts
> datasource init moment. Remove -security option - works fine.
>
> Jar with JDBC driver is in JAVA_HOME/jre/lib/ext directory. This
> driver uses JNI to connect to the database. May be problem disappeared
> here?
>
In theory, JAR files that are placed into $JAVA_HOME/jre/lib/ext are
supposted to receive all security manager permissions. But that hasn't
always appeared to happen in my case. But it's hard to debug without a
stack trace.
One thing to try would be placing the JDBC driver inside your /WEB-INF/lib
directory instead. Of course, if you do this you will also need to edit
the catalina.policy file to give this JAR file the permissions it needs to
load a JNI-accessed library.
Craig
> Monday, June 25, 2001, 10:47:07 PM, you wrote:
>
> CRM> The standard version of the JAXP parser has sealed JAR files, which cause
> CRM> no end to problems. Thus, Tomcat 4 ships with modified versions of these
> CRM> JAR files that are not sealed.
>
> CRM> See the detailed instructions at the bottom of the Tomcat 4 release notes
> CRM> for the optionsl you have in exposing an XML parser to your web
> CRM> applications.
>
> CRM> Craig
>
>
> CRM> On Mon, 25 Jun 2001, Oleg V Alexeev wrote:
>
> >> Hello struts-dev,
> >>
> >> Has anyone answer to question about struts using in Tomcat 4.0
> >> environment? Now I try to deploy my struts development application
> >> to the Tomcat 4.0. After call to any URL in application I have
> >> exception in screen -
> >>
> >> java.lang.SecurityException: sealing violation
> >> at java.net.URLClassLoader.defineClass(URLClassLoader.java:234)
> >> at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
> >> at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
> >> at java.security.AccessController.doPrivileged(Native Method)
> >> at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
> >> at org.apache.catalina.loader.StandardClassLoader.findClass(StandardClassLoader.java:670)
> >> at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:1088)
> >> at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:987)
> >> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
> >> at org.apache.jasper.compiler.TldLocationsCache.processWebDotXml(TldLocationsCache.java:164)
> >> at org.apache.jasper.compiler.TldLocationsCache.(TldLocationsCache.java:138)
> >> at org.apache.jasper.EmbededServletOptions.(EmbededServletOptions.java:324)
> >>
> >> I think that it is security problem, but all my catalina.policy file
> >> modifications does not any effect. What is a problem?
> >> I use jdbc2_0-stdext.jar, rowset.jar and JDBC driver (DB2 app driver
> >> - local JNI call to the thick client) as additional libs. All this
> >> stuff is placed to the extensions directory - JAVA_HOME/jre/lib/ext
> >>
> >> Tomcat 3.2.2 work fine with it, but Tomcat 4.0 throws sealing
> >> exception.
> >>
> >> --
> >> Best regards,
> >> Oleg mailto:gonza@penza.net
> >>
> >>
> >>
>
>
>
> --
> Best regards,
> Oleg mailto:gonza@penza.net
>
>
>
Re[2]: Struts in Tomcat 4.0
Posted by Oleg V Alexeev <go...@penza.net>.
Hello Craig,
Thank you, now all is ok. But one problem. If I set -security option
to start Catalina then I view exception 'ClassNotFound' at struts
datasource init moment. Remove -security option - works fine.
Jar with JDBC driver is in JAVA_HOME/jre/lib/ext directory. This
driver uses JNI to connect to the database. May be problem disappeared
here?
Monday, June 25, 2001, 10:47:07 PM, you wrote:
CRM> The standard version of the JAXP parser has sealed JAR files, which cause
CRM> no end to problems. Thus, Tomcat 4 ships with modified versions of these
CRM> JAR files that are not sealed.
CRM> See the detailed instructions at the bottom of the Tomcat 4 release notes
CRM> for the optionsl you have in exposing an XML parser to your web
CRM> applications.
CRM> Craig
CRM> On Mon, 25 Jun 2001, Oleg V Alexeev wrote:
>> Hello struts-dev,
>>
>> Has anyone answer to question about struts using in Tomcat 4.0
>> environment? Now I try to deploy my struts development application
>> to the Tomcat 4.0. After call to any URL in application I have
>> exception in screen -
>>
>> java.lang.SecurityException: sealing violation
>> at java.net.URLClassLoader.defineClass(URLClassLoader.java:234)
>> at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
>> at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
>> at org.apache.catalina.loader.StandardClassLoader.findClass(StandardClassLoader.java:670)
>> at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:1088)
>> at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:987)
>> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
>> at org.apache.jasper.compiler.TldLocationsCache.processWebDotXml(TldLocationsCache.java:164)
>> at org.apache.jasper.compiler.TldLocationsCache.(TldLocationsCache.java:138)
>> at org.apache.jasper.EmbededServletOptions.(EmbededServletOptions.java:324)
>>
>> I think that it is security problem, but all my catalina.policy file
>> modifications does not any effect. What is a problem?
>> I use jdbc2_0-stdext.jar, rowset.jar and JDBC driver (DB2 app driver
>> - local JNI call to the thick client) as additional libs. All this
>> stuff is placed to the extensions directory - JAVA_HOME/jre/lib/ext
>>
>> Tomcat 3.2.2 work fine with it, but Tomcat 4.0 throws sealing
>> exception.
>>
>> --
>> Best regards,
>> Oleg mailto:gonza@penza.net
>>
>>
>>
--
Best regards,
Oleg mailto:gonza@penza.net
Re: Struts in Tomcat 4.0
Posted by "Craig R. McClanahan" <cr...@apache.org>.
The standard version of the JAXP parser has sealed JAR files, which cause
no end to problems. Thus, Tomcat 4 ships with modified versions of these
JAR files that are not sealed.
See the detailed instructions at the bottom of the Tomcat 4 release notes
for the optionsl you have in exposing an XML parser to your web
applications.
Craig
On Mon, 25 Jun 2001, Oleg V Alexeev wrote:
> Hello struts-dev,
>
> Has anyone answer to question about struts using in Tomcat 4.0
> environment? Now I try to deploy my struts development application
> to the Tomcat 4.0. After call to any URL in application I have
> exception in screen -
>
> java.lang.SecurityException: sealing violation
> at java.net.URLClassLoader.defineClass(URLClassLoader.java:234)
> at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
> at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
> at org.apache.catalina.loader.StandardClassLoader.findClass(StandardClassLoader.java:670)
> at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:1088)
> at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:987)
> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:313)
> at org.apache.jasper.compiler.TldLocationsCache.processWebDotXml(TldLocationsCache.java:164)
> at org.apache.jasper.compiler.TldLocationsCache.(TldLocationsCache.java:138)
> at org.apache.jasper.EmbededServletOptions.(EmbededServletOptions.java:324)
>
> I think that it is security problem, but all my catalina.policy file
> modifications does not any effect. What is a problem?
> I use jdbc2_0-stdext.jar, rowset.jar and JDBC driver (DB2 app driver
> - local JNI call to the thick client) as additional libs. All this
> stuff is placed to the extensions directory - JAVA_HOME/jre/lib/ext
>
> Tomcat 3.2.2 work fine with it, but Tomcat 4.0 throws sealing
> exception.
>
> --
> Best regards,
> Oleg mailto:gonza@penza.net
>
>
>