You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2010/03/19 20:07:30 UTC
Trouble with SecurityManager: can't load org.apache.commons.logging.impl.Log4JLogger
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
I'm trying to run Tomcat with a SecurityManager and I'm having a few
problems.
Debian Linux
Tomcat 6.0.26
Sun Java 1.6.0_12 Server VM
I'm using CATALINA_BASE to run Tomcat from a different place than
CATALINA_HOME. I've been doing this for years, so I think I have a
handle on that part. ;)
I'm using ant scripts to start Tomcat, but ultimately they call
catalina.sh with the following environment:
[echo] JAVA_HOME is /usr
[echo] JAVA_OPTS is -Xmx64M
[echo] CATALINA_HOME is /usr/local/apache-tomcat-6.0.26
[echo] CATALINA_BASE is /home/cschultz/.webapps/diagnosis/8215
[echo] CATALINA_OPTS is
- -Djava.library.path=/usr/local/apache-tomcat-6.0.26/server/lib
[echo] security-option is -security
That last message means that we're calling catalina.sh like this:
CATALINA_HOME/bin/catalina.sh start -security
With no CATALINA_BASE/conf/catalina.policy file, I get this error:
Exception in thread "main" java.lang.ExceptionInInitializerError
at
org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
at
org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
Caused by: java.security.AccessControlException: access denied
(java.util.PropertyPermission java.util.logging.config.class read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at
java.security.AccessController.checkPermission(AccessController.java:546)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:652)
at
org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
... 4 more
Could not find the main class: org.apache.catalina.startup.Bootstrap.
Program will exit.
If I copy the stock catalina.policy file from CATALINA_HOME/conf to
CATALINA_BASE/conf, I get further (see below). Would it be possible to
have catalina.sh detect the location of catalina.policy from
CATALINA_BASE (preferred) or CATALINA_HOME (fallback)? Perhaps it's
silly to use a system-wide catalina.policy file, but it's a bit
confusing to see that the Bootstrap class isn't found when you try to
start up Tomcat with a security manager and don't know that copying
catalina.policy is a prerequisite.
The Security Manager HOWTO does specifically say that
CATALINA_BASE/conf/catalina.policy contains the policy, but it might be
nice to check in catalina.sh to see if such a policy exists when invoked
with "-security". I'd be happy to write a patch that provides this check.
Anyhow, when the Security Manager is enabled, I get this exception
during startup (apologies for the lengthy stack trace):
SEVERE: Error configuring application listener of class
org.childhealthcare.diagnosis.servlet.CommonsLoggingListener
java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: org.apache.commons.logging.LogConfigurationException:
User-specified log class 'org.apache.commons.logging.impl.Log4JLogger'
cannot be found or is not useable.
at
org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:874)
at
org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:604)
at
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:336)
at
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:310)
at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:685)
at
org.childhealthcare.diagnosis.servlet.CommonsLoggingListener.<clinit>(CommonsLoggingListener.java:19)
... 33 more
Mar 19, 2010 2:43:11 PM org.apache.catalina.core.StandardContext
listenerStart
SEVERE: Error configuring application listener of class
org.childhealthcare.diagnosis.servlet.ContextParamListener
java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: org.apache.commons.logging.LogConfigurationException:
User-specified log class 'org.apache.commons.logging.impl.Log4JLogger'
cannot be found or is not useable.
at
org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:874)
at
org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:604)
at
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:336)
at
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:310)
at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:685)
at
org.childhealthcare.diagnosis.servlet.ContextParamListener.<clinit>(ContextParamListener.java:24)
... 33 more
Mar 19, 2010 2:43:11 PM org.apache.catalina.core.StandardContext
listenerStart
SEVERE: Error configuring application listener of class
org.childhealthcare.diagnosis.servlet.InitListener
java.lang.NoClassDefFoundError: Could not initialize class
org.apache.log4j.LogManager
at org.apache.log4j.Logger.getLogger(Logger.java:118)
at
org.childhealthcare.diagnosis.servlet.InitListener.<init>(InitListener.java:40)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Mar 19, 2010 2:43:11 PM org.apache.catalina.core.StandardContext
listenerStart
SEVERE: Error configuring application listener of class
org.childhealthcare.diagnosis.servlet.SessionAttributeListener
java.lang.NoClassDefFoundError: Could not initialize class
org.apache.log4j.LogManager
at org.apache.log4j.Logger.getLogger(Logger.java:118)
at
org.childhealthcare.diagnosis.servlet.SessionAttributeListener.<clinit>(SessionAttributeListener.java:20)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
=============== END OF STARTUP LOG ============
Tomcat then realizes that something is wrong and decides to stop itself
due to "previous errors" and shuts things down. It fails trying to
de-register the JDBC driver with this exception:
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at
java.security.AccessController.checkPermission(AccessController.java:546)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.Class.getClassLoader(Class.java:594)
at
org.apache.catalina.loader.JdbcLeakPrevention.clearJdbcDriverRegistrations(JdbcLeakPrevention.java:49)
... 35 more
So, it looks like there are actually two startup exceptions:
1. org.apache.commons.logging.LogConfigurationException: User-specified
log class 'org.apache.commons.logging.impl.Log4JLogger' cannot be found
or is not useable.
and
2. java.lang.NoClassDefFoundError: Could not initialize class
org.apache.log4j.LogManager
Both exceptions occur during execution of my own code. Here is the full
class for CommonsLoggingListener.java:
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* A listener to initialize commons-logging.
*
* @author Chris Schultz
* @version $Revision: 1.1 $ $Date: 2008-05-27 21:12:21 $
*/
public class CommonsLoggingListener
implements ServletContextListener
{
private static final Log log =
LogFactory.getLog(CommonsLoggingListener.class);
public void contextInitialized(ServletContextEvent e)
{
log.info("Initializing commons-logging");
}
/**
* Releases Loggers bound to the current ClassLoader.
*
* See
http://www.nabble.com/Undeploying-problem-with-Tomcat-5.5-and-Log4J-to8142921.html#a8149142
*/
public void contextDestroyed(ServletContextEvent e)
{
log.info("Cleaning logs bound to webapp ClassLoader");
LogFactory.release(Thread.currentThread().getContextClassLoader());
}
}
In the InitListener.java class, I basically just try to create a log4j
logger like this:
Logger.getLogger(className)
In both of these situations, Tomcat ought to be able to load the classes
required.
The only changes to the main Tomcat installation are that I copied my
JDBC driver .jar file into CATALINA_HOME/lib. log4j.jar exists only in
WEB-INF/lib/log4j-1.2.15.jar.
The commons-logging library exists only in
WEB-INF/lib/commons-logging-1.1.1.jar
I have no logging.properties in CATALINA_BASE/conf
It almost seems like the wrong ClassLoader is being used to run my
context listeners.
Am I missing something, here?
Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkujy3EACgkQ9CaO5/Lv0PAc0wCfZUO/38cd9A0U3HpunNSTnMu7
qx4AnjitZb4/6bzBB7KIR1lNWTvCwtes
=tmvN
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Trouble with SecurityManager: can't load org.apache.commons.logging.impl.Log4JLogger
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck,
On 3/22/2010 2:05 PM, Christopher Schultz wrote:
> Since the code is mine, I can easily instrument it and see what thread's
> context class loader is at the time.
I added this code to my InitListener class:
{
System.err.println("InitListener.<init> ClassLoader="
+
Thread.currentThread().getContextClassLoader());
}
// The following line used to be the first line inside the {} for
// the class
private Logger logger = Logger.getLogger(this.getClass());
...and it produced this output:
InitListener.<init> ClassLoader=WebappClassLoader
delegate: false
repositories:
/WEB-INF/classes/
- ----------> Parent Classloader:
org.apache.catalina.loader.StandardClassLoader@10a2d64
So, it looks like the ContextClassLoader is correct: the webapp's
ClassLoader is being used, not the container's or anything like that. Hmm.
I set -Djava.security.debug=access and here's what I can see:
(During loading of JAR files, etc.)
access: access allowed (java.io.FilePermission
/.../WEB-INF/lib/commons-logging-1.1.1.jar read)
access: access denied (java.util.PropertyPermission
org.apache.commons.logging.diagnostics.dest read)
access: access denied (java.util.PropertyPermission
org.apache.commons.logging.LogFactory.HashtableImpl read)
...
access: access allowed (java.io.FilePermission
/.../WEB-INF/classes/commons-logging.properties read)
access: access denied (java.util.PropertyPermission
org.apache.commons.logging.LogFactory read)
So, it looks like commons-logging.properties is allowed to be read, but
another property read is denied.
...
access: access denied (java.util.PropertyPermission
org.apache.commons.logging.Log.allowFlawedContext read)
access: access denied (java.util.PropertyPermission
org.apache.commons.logging.Log.allowFlawedDiscovery read)
access: access denied (java.util.PropertyPermission
org.apache.commons.logging.Log.allowFlawedHierarchy read)
...
/8215/webapps/cschultz-chadis/WEB-INF/lib/log4j-1.2.15.jar read)
access: access denied (java.util.PropertyPermission
log4j.defaultInitOverride read)
So, it looks like log4j is trying to read some property, so presumably
log4j is being correctly loaded, so it should be available for logging.
...
access: access denied (java.util.PropertyPermission log4j.debug read)
access: access denied (java.util.PropertyPermission log4j.configDebug read)
access: access denied (java.util.PropertyPermission log4j.configuration
read)
access: access denied (java.util.PropertyPermission
log4j.configuratorClass read)
...
access: access denied (java.util.PropertyPermission log4j.ignoreTCL read)
...
access: access denied (java.lang.RuntimePermission
defineClassInPackage.java.lang)
I'll have to look for the details of above.
...
access: access denied (java.io.FilePermission /.../logs/log4j.log write)
Uhh... well, that certainly looks like something I might have control
over :)
I'll fix that permission and try again.
(Tomcat attempts to de-register JDBC Driver)
access: access denied (java.lang.RuntimePermission getClassLoader)
access: access allowed (java.util.PropertyPermission line.separator read)
Mar 22, 2010 2:14:16 PM org.apache.catalina.loader.WebappClassLoader
clearReferencesJdbc
WARNING: JDBC driver de-registration failed
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at
java.security.AccessController.checkPermission(AccessController.java:546)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.Class.getClassLoader(Class.java:594)
at
org.apache.catalina.loader.JdbcLeakPrevention.clearJdbcDriverRegistrations(JdbcLeakPrevention.java:49)
Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkunudUACgkQ9CaO5/Lv0PDTmwCfddj+YYJLfIhMmNpVODC0Hyl2
yiUAnRnMRqF0QydA/t+PeqC46BRDx4d4
=1uhA
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Trouble with SecurityManager: can't load org.apache.commons.logging.impl.Log4JLogger
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck,
Thanks for the response.
On 3/19/2010 6:38 PM, Caldarale, Charles R wrote:
> I'd be somewhat reluctant to see that behavior changed at this stage
> of the game. I'd prefer to have an additional environment variable
> that allows specifying where the policy file is rather than requiring
> it to be in $CATALINA_BASE/conf/catalina.policy.
Fair enough: I was just surprised to see that Tomcat easily allows you
to get yourself into an impossible situation.
>> In the InitListener.java class, I basically just try to create a log4j
>> logger like this:
>>
>> Logger.getLogger(className)
>>
>> In both of these situations, Tomcat ought to be able to load the
>> classes required.
>
> It may be that the real exception is getting eaten somewhere
> (possibly inside the JRE), and all you're left with is something a
> bit too generic to describe the actual problem. Perhaps either the
> static initializer or a constructor is failing due to read access
> being inhibited.
>
> Might want to try adding something like this to the catalina.policy
> file:
>
> grant codeBase "file:${catalina.base}/webapps/[appName]/WEB-INF/lib/-" {
> permission java.io.FilePermission \
> "${catalina.base}/webapps/[appName]/WEB-INF/classes/logging.properties", "read";
> };
Unfortunately, I don't have a WEB-INF/classes/logging.properties file,
though it's non-existence might still cause an access violation if the
code is trying to read it.
I think the LogManager has probably already read my file (it's
WEB-INF/classes/commons-logging.properties), since the entirety of the
file is this:
org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
The above reference to Log4JLogger is likely to be the source of the
problem, so I suspect the file has already been read.
Since the code is mine, I can easily instrument it and see what thread's
context class loader is at the time.
Any other suggestions?
Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkunsXgACgkQ9CaO5/Lv0PAz8wCbBpiRZWBHbLvnjnIAeD/tUcRt
4WcAoJYBnoJBacyZ+5zBrxKgdbFIqWGt
=FiHC
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Trouble with SecurityManager: can't load
org.apache.commons.logging.impl.Log4JLogger
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Subject: Trouble with SecurityManager: can't load
> org.apache.commons.logging.impl.Log4JLogger
>
> With no CATALINA_BASE/conf/catalina.policy file, I get this error:
>
> Caused by: java.security.AccessControlException: access denied
Expected.
> If I copy the stock catalina.policy file from CATALINA_HOME/conf to
> CATALINA_BASE/conf, I get further (see below). Would it be possible to
> have catalina.sh detect the location of catalina.policy from
> CATALINA_BASE (preferred) or CATALINA_HOME (fallback)?
Well, the way it's working is what's documented in RUNNING.txt:
"When you use $CATALINA_BASE, Tomcat will calculate all relative references for files in the following directories based on the value of $CATALINA_BASE instead of $CATALINA_HOME:
"* conf - Server configuration files (including server.xml)"
I'd be somewhat reluctant to see that behavior changed at this stage of the game. I'd prefer to have an additional environment variable that allows specifying where the policy file is rather than requiring it to be in $CATALINA_BASE/conf/catalina.policy.
You could set -Djava.security.manager and -Djava.security.policy=<myFile> in CATALINA_OPTS and *not* use the -security option.
> In the InitListener.java class, I basically just try to create a log4j
> logger like this:
>
> Logger.getLogger(className)
>
> In both of these situations, Tomcat ought to be able to load the
> classes required.
It may be that the real exception is getting eaten somewhere (possibly inside the JRE), and all you're left with is something a bit too generic to describe the actual problem. Perhaps either the static initializer or a constructor is failing due to read access being inhibited.
Might want to try adding something like this to the catalina.policy file:
grant codeBase "file:${catalina.base}/webapps/[appName]/WEB-INF/lib/-" {
permission java.io.FilePermission "${catalina.base}/webapps/[appName]/WEB-INF/classes/logging.properties", "read";
};
(Grasping at straws, again.)
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.