You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Georgi Kostadinov <ge...@avue.bc.ca> on 2001/06/19 05:24:48 UTC
cocoon2 weblogic (5.1 sp6) class loader security problem
Hello folks,
System:
--------
Cocoon: v2.0
JDK: Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C),
Java HotSpot(TM) Client VM (build 1.3.0-C, mixed mode)
OS: NT4 SP5
Servlet: v2.2
AppServer: Weblogic 5.1 SP6
Symptoms:
-----------
I've updated our application from Cocoon 1.7.4 to Cocoon2. After I
figured out what libraries I need on the Weblogic's classpath, I managed
to envoke the MyServlet (MyServlet extends CocoonServlet). The technique
I am using is the one I used with the Cocoon v1.7.4: extend Cocoon
servlet and wrap the HttpServletRequest in MyRequest to provide the XML
content. I changed the line <map:generators default="request"> in
sitemap.xmap to specify the location of the source. Configuration files
seem to be read correctly and the file
<myWebAppContext>/WEB-INF/_tmp_war/org/apache/cocoon/www/sitemap_xmap.java
is generated (but there is no class file generated)!
I looked at the cocoon.log file and looks like a class loader security
problem: the \WEB-INF\_tmp_war gets locked! Is there any workaround this
problem? Any help is much appreciated!
cocoon.log file generated:
---------------------------
DEBUG 62 [cocoon ] (ExecuteThread-11): Using configuration file:
/cocoon.xconf
INFO 62 [cocoon ] (ExecuteThread-11): Reloading from:
file:D:/Programs/cocoon-1.8.2/samples/cocoon.xconf
DEBUG 93 [cocoon ] (ExecuteThread-11): New Cocoon object.
DEBUG 93 [cocoon ] (ExecuteThread-11): Using parser:
org.apache.cocoon.components.parser.JaxpParser
DEBUG 109 [cocoon ] (ExecuteThread-11): Creating Repository with
this directory: D:\programs\cocoon-1.8.2\samples\WEB-INF\_tmp_war
DEBUG 109 [cocoon ] (ExecuteThread-11): Classpath =
D:\Programs\cocoon-1.8.2\samples\WEB-INF\classes;D:\Programs\cocoon-1.8.2\samples\WEB-INF\lib\javac.jar;D:\avue\lib\servlet.jar;D:\avue\lib\jaxp.jar;D:\avue\lib\xerces.jar;D:\avue\lib\xalan.jar;D:\avue\lib\cocoon.jar;D:\avue\lib\avalonapi.jar;D:\avue\lib\logkit.jar;D:\avue\lib\maybeupload.jar;D:\avue\lib\jakarta-regexp-1.2.jar;D:\avue\lib\jstyle.jar;D:\avue\lib\javac.jar;D:\weblogic\lib\weblogic510sp6boot.jar;D:\weblogic\classes\boot;
DEBUG 109 [cocoon ] (ExecuteThread-11): Work directory =
D:\Programs\cocoon-1.8.2\samples\WEB-INF\_tmp_war
DEBUG 125 [cocoon ] (Thread-0): ComponentFactory creating new
instance of org.apache.cocoon.components.parser.JaxpParser.
DEBUG 140 [cocoon ] (Thread-0): ComponentFactory creating new
instance of org.apache.cocoon.components.parser.JaxpParser.
DEBUG 140 [cocoon ] (Thread-0): ComponentFactory creating new
instance of org.apache.cocoon.components.parser.JaxpParser.
DEBUG 140 [cocoon ] (Thread-0): ComponentFactory creating new
instance of org.apache.cocoon.components.parser.JaxpParser.
DEBUG 390 [cocoon ] (ExecuteThread-11): Root configuration: cocoon
DEBUG 390 [cocoon ] (ExecuteThread-11): Configuration version: 2.0
DEBUG 390 [cocoon ] (ExecuteThread-11): Setting up components...
DEBUG 406 [cocoon ] (ExecuteThread-11): Adding component
(org.apache.cocoon.components.parser.Parser =
org.apache.cocoon.components.parser.JaxpParser)
DEBUG 406 [cocoon ] (ExecuteThread-11): Adding component
(org.apache.cocoon.components.language.generator.ProgramGenerator =
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl)
DEBUG 406 [cocoon ] (ExecuteThread-11): Adding component
(org.apache.cocoon.components.url.URLFactory =
org.apache.cocoon.components.url.URLFactoryImpl)
DEBUG 406 [cocoon ] (ExecuteThread-11): Adding component
(org.apache.cocoon.components.saxconnector.SAXConnector =
org.apache.cocoon.components.saxconnector.NullSAXConnector)
DEBUG 422 [cocoon ] (ExecuteThread-11): Adding component
(org.apache.avalon.util.datasource.DataSourceComponentSelector =
org.apache.cocoon.components.CocoonComponentSelector)
DEBUG 422 [cocoon ] (ExecuteThread-11): Adding component
(org.apache.avalon.util.pool.PoolController =
org.apache.cocoon.components.ComponentPoolController)
DEBUG 422 [cocoon ] (ExecuteThread-11): Adding component
(org.apache.cocoon.components.language.programming.ProgrammingLanguageSelector
= org.apache.cocoon.components.CocoonComponentSelector)
DEBUG 422 [cocoon ] (ExecuteThread-11): Adding component
(org.apache.cocoon.components.language.markup.MarkupLanguageSelector =
org.apache.cocoon.components.CocoonComponentSelector)
DEBUG 422 [cocoon ] (ExecuteThread-11): Adding component
(org.apache.cocoon.components.store.Store =
org.apache.cocoon.components.store.MemoryStore)
DEBUG 422 [cocoon ] (ExecuteThread-11): Adding component
(org.apache.cocoon.components.classloader.ClassLoaderManager =
org.apache.cocoon.components.classloader.ClassLoaderManagerImpl)
DEBUG 422 [cocoon ] (ExecuteThread-11): Setting up the sitemap.
DEBUG 422 [cocoon ] (ExecuteThread-11): Sitemap location =
sitemap.xmap
DEBUG 703 [cocoon ] (ExecuteThread-11): ComponentFactory creating
new instance of org.apache.cocoon.components.url.URLFactoryImpl.
DEBUG 703 [cocoon ] (ExecuteThread-11): Getting the URLFactories
DEBUG 703 [cocoon ] (ExecuteThread-11): for protocol:
resource org.apache.cocoon.components.url.ResourceURLFactory
DEBUG 718 [cocoon ] (ExecuteThread-11): for protocol: context
org.apache.cocoon.components.url.ContextURLFactory
DEBUG 718 [cocoon ] (ExecuteThread-11): Beginning sitemap
regeneration
DEBUG 718 [cocoon ] (ExecuteThread-11): Making URL from
file:/D:/Programs/cocoon-1.8.2/samples/sitemap.xmap
DEBUG 718 [cocoon ] (Thread-1): ComponentFactory creating new
instance of
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.
DEBUG 718 [cocoon ] (Thread-1): Could not find ComponentHandler,
attempting to create one for role:
org.apache.cocoon.components.language.generator.ServerPagesSelector
DEBUG 718 [cocoon ] (Thread-1): ComponentFactory creating new
instance of
org.apache.cocoon.components.language.generator.GeneratorSelector.
DEBUG 718 [cocoon ] (Thread-1): ComponentFactory creating new
instance of org.apache.cocoon.components.classloader.ClassLoaderManagerImpl.
DEBUG 718 [cocoon ] (Thread-1): CocoonComponentSelector setting
up with root element:
DEBUG 718 [cocoon ] (Thread-1): ComponentFactory creating new
instance of org.apache.cocoon.components.CocoonComponentSelector.
DEBUG 718 [cocoon ] (Thread-1): CocoonComponentSelector setting
up with root element: markup-languages
DEBUG 734 [cocoon ] (Thread-1): Adding
org.apache.cocoon.components.language.markup.xsp.XSPMarkupLanguage for xsp
DEBUG 734 [cocoon ] (Thread-1): Adding
org.apache.cocoon.components.language.markup.sitemap.SitemapMarkupLanguage
for sitemap
DEBUG 734 [cocoon ] (Thread-1): ComponentFactory creating new
instance of org.apache.cocoon.components.CocoonComponentSelector.
DEBUG 734 [cocoon ] (Thread-1): CocoonComponentSelector setting
up with root element: programming-languages
DEBUG 750 [cocoon ] (Thread-1): ComponentFactory creating new
instance of
org.apache.cocoon.components.language.programming.java.JavaLanguage.
DEBUG 750 [cocoon ] (Thread-1): Looking up
org.apache.cocoon.components.classloader.ClassLoaderManager
DEBUG 750 [cocoon ] (Thread-1): Setting the parameters
DEBUG 750 [cocoon ] (Thread-1): Adding
org.apache.cocoon.components.language.programming.java.JavaLanguage for java
DEBUG 765 [cocoon ] (Thread-1): The instance was not accessible,
creating it now.
DEBUG 765 [cocoon ] (Thread-1): ComponentFactory creating new
instance of
org.apache.cocoon.components.language.markup.sitemap.SitemapMarkupLanguage.
DEBUG 1718 [cocoon ] (Thread-1): Making URL from
jar:file:/D:/avue/lib/cocoon.jar!/org/apache/cocoon/components/language/markup/sitemap/java/sitemap.xsl
DEBUG 1718 [cocoon ] (Thread-1): Logicsheet
Used:jar:file:/D:/avue/lib/cocoon.jar!/org/apache/cocoon/components/language/markup/sitemap/java/sitemap.xsl
WARN 4109 [cocoon ] (Thread-1): Could not load class for program
'org\apache\cocoon\www\sitemap_xmap'
java.security.AccessControlException: access denied
(java.io.FilePermission
\D:\Programs\cocoon-1.8.2\samples\WEB-INF\_tmp_war\- read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.net.URLClassLoader$5.run(URLClassLoader.java:463)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.getPermissions(URLClassLoader.java:461)
at
java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader.java:162)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at
org.apache.cocoon.components.classloader.ClassLoaderManagerImpl.loadClass(ClassLoaderManagerImpl.java:58)
at
org.apache.cocoon.components.language.programming.java.JavaLanguage.loadProgram(JavaLanguage.java:121)
at
org.apache.cocoon.components.language.programming.CompiledProgrammingLanguage.load(CompiledProgrammingLanguage.java:119)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.generateResource(ProgramGeneratorImpl.java:245)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.load(ProgramGeneratorImpl.java:163)
at org.apache.cocoon.sitemap.Handler.run(Handler.java:173)
at java.lang.Thread.run(Thread.java:484)
DEBUG 4109 [cocoon ] (Thread-1): Language Exception
org.apache.cocoon.components.language.LanguageException: Could not load
class for program 'org\apache\cocoon\www\sitemap_xmap' due to a
java.security.AccessControlException: access denied
(java.io.FilePermission
\D:\Programs\cocoon-1.8.2\samples\WEB-INF\_tmp_war\- read)
at
org.apache.cocoon.components.language.programming.java.JavaLanguage.loadProgram(JavaLanguage.java:124)
at
org.apache.cocoon.components.language.programming.CompiledProgrammingLanguage.load(CompiledProgrammingLanguage.java:119)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.generateResource(ProgramGeneratorImpl.java:245)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.load(ProgramGeneratorImpl.java:163)
at org.apache.cocoon.sitemap.Handler.run(Handler.java:173)
at java.lang.Thread.run(Thread.java:484)
DEBUG 4109 [cocoon ] (Thread-1): ComponentFactory decommissioning
instance of
org.apache.cocoon.components.language.markup.sitemap.SitemapMarkupLanguage.
DEBUG 4109 [cocoon ] (Thread-1): Can't load ServerPage
org.apache.avalon.ComponentManagerException: Could not add component for
class: org.apache.cocoon.www.sitemap_xmap
at
org.apache.cocoon.components.language.generator.GeneratorSelector.addGenerator(GeneratorSelector.java:61)
at
org.apache.cocoon.components.language.generator.GeneratorSelector.select(GeneratorSelector.java:50)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.select(ProgramGeneratorImpl.java:263)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.load(ProgramGeneratorImpl.java:172)
at org.apache.cocoon.sitemap.Handler.run(Handler.java:173)
at java.lang.Thread.run(Thread.java:484)
DEBUG 4109 [cocoon ] (Thread-1): ComponentFactory creating new
instance of
org.apache.cocoon.components.language.markup.sitemap.SitemapMarkupLanguage.
DEBUG 4359 [cocoon ] (Thread-1): Making URL from
jar:file:/D:/avue/lib/cocoon.jar!/org/apache/cocoon/components/language/markup/sitemap/java/sitemap.xsl
DEBUG 4359 [cocoon ] (Thread-1): Logicsheet
Used:jar:file:/D:/avue/lib/cocoon.jar!/org/apache/cocoon/components/language/markup/sitemap/java/sitemap.xsl
WARN 6109 [cocoon ] (Thread-1): Could not load class for program
'org\apache\cocoon\www\sitemap_xmap'
java.security.AccessControlException: access denied
(java.io.FilePermission
\D:\Programs\cocoon-1.8.2\samples\WEB-INF\_tmp_war\- read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.net.URLClassLoader$5.run(URLClassLoader.java:463)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.getPermissions(URLClassLoader.java:461)
at
java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader.java:162)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:297)
at java.lang.ClassLoader.loadClass(ClassLoader.java:253)
at
org.apache.cocoon.components.classloader.ClassLoaderManagerImpl.loadClass(ClassLoaderManagerImpl.java:58)
at
org.apache.cocoon.components.language.programming.java.JavaLanguage.loadProgram(JavaLanguage.java:121)
at
org.apache.cocoon.components.language.programming.CompiledProgrammingLanguage.load(CompiledProgrammingLanguage.java:119)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.generateResource(ProgramGeneratorImpl.java:245)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.load(ProgramGeneratorImpl.java:210)
at org.apache.cocoon.sitemap.Handler.run(Handler.java:173)
at java.lang.Thread.run(Thread.java:484)
DEBUG 6109 [cocoon ] (Thread-1): Language Exception
org.apache.cocoon.components.language.LanguageException: Could not load
class for program 'org\apache\cocoon\www\sitemap_xmap' due to a
java.security.AccessControlException: access denied
(java.io.FilePermission
\D:\Programs\cocoon-1.8.2\samples\WEB-INF\_tmp_war\- read)
at
org.apache.cocoon.components.language.programming.java.JavaLanguage.loadProgram(JavaLanguage.java:124)
at
org.apache.cocoon.components.language.programming.CompiledProgrammingLanguage.load(CompiledProgrammingLanguage.java:119)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.generateResource(ProgramGeneratorImpl.java:245)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.load(ProgramGeneratorImpl.java:210)
at org.apache.cocoon.sitemap.Handler.run(Handler.java:173)
at java.lang.Thread.run(Thread.java:484)
DEBUG 6109 [cocoon ] (Thread-1): ComponentFactory decommissioning
instance of
org.apache.cocoon.components.language.markup.sitemap.SitemapMarkupLanguage.
ERROR 6109 [cocoon ] (Thread-1): Error compiling sitemap
org.apache.avalon.ComponentManagerException: Could not add component for
class: org.apache.cocoon.www.sitemap_xmap
at
org.apache.cocoon.components.language.generator.GeneratorSelector.addGenerator(GeneratorSelector.java:61)
at
org.apache.cocoon.components.language.generator.GeneratorSelector.select(GeneratorSelector.java:50)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.select(ProgramGeneratorImpl.java:263)
at
org.apache.cocoon.components.language.generator.ProgramGeneratorImpl.load(ProgramGeneratorImpl.java:219)
at org.apache.cocoon.sitemap.Handler.run(Handler.java:173)
at java.lang.Thread.run(Thread.java:484)
DEBUG 6109 [cocoon ] (ExecuteThread-11): Changing Cocoon
context(sitemap.xmap) to prefix()
DEBUG 6109 [cocoon ] (ExecuteThread-11): from
context(file:/D:/Programs/cocoon-1.8.2/samples/) and prefix()
DEBUG 6109 [cocoon ] (ExecuteThread-11): at URI
DEBUG 6109 [cocoon ] (ExecuteThread-11): New context is
file:/D:/Programs/cocoon-1.8.2/samples/
ERROR 6140 [cocoon ] (ExecuteThread-11): Problem with servlet
org.apache.cocoon.ProcessingException: The sitemap handler's sitemap is
not available.
at org.apache.cocoon.sitemap.Manager.invoke(Manager.java:106)
at org.apache.cocoon.Cocoon.process(Cocoon.java:218)
at
org.apache.cocoon.servlet.CocoonServlet.service(CocoonServlet.java:417)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:123)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:761)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImpl.java:708)
at
weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContextManager.java:252)
at
weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:346)
at weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:246)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:135)
INFO 6187 [cocoon ] (ExecuteThread-11): '' Processed by Apache
Cocoon 2.0a4 in 5.75 seconds.
================================================================
Regards,
Georgi
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>
Re: cocoon2 weblogic (5.1 sp6) class loader security problem
Posted by Donald Ball <ba...@webslingerZ.com>.
just a quick thought - you might try extending the ParanoidCocoonServlet
instead. it does some classloading stuff differently.
- donald
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>