You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Peter Lavin <la...@cs.tcd.ie> on 2013/01/21 12:30:47 UTC
Loading a DeSerialized Class to WebabbClassLoader Question
Dear List,
My web application needs to deserialize both classes and objects which
are sent to it.
I'm using Base64 serialization, and when I transport full <name>.class
file to a service, I can deserialize it with no problem using
ObjectInputStream.readObject(). I also need to transport instances of
certain classes to the application but without having the benefit of
having the class loaded in the WebappClassLoader. Not surprisingly,
deserializing an instance of a class fails for ClassNotFoundException.
My question: When I need to transport an instance of a class, I can
easily also transport the full class. This full class can be
instantiated if required. How could I load this class to the
WebappClassLoader and have it available there for when I need to call
ois.readObject()? I want to load the (full) class to the WebClassLoader
to over come the ClassNotFoundException.
Env:
Tomcat 7.0.14
OSCentOS release 5.8 (Final)
java version 1.6.0 22
OpenJDK Runtime Environment (IcedTea6 1.10.10)
(rhel-1.28.1.10.10.el5 8-x86 64)
OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)
Any help appreciated,
regards,
Peter Lavin
--
with best regards,
Peter Lavin,
PhD Candidate,
CAG - Computer Architecture & Grid Research Group,
Lloyd Institute, 005,
Trinity College Dublin, Ireland.
+353 1 8961536
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Mark Thomas <ma...@apache.org>.
On 22/01/2013 14:49, Christopher Schultz wrote:
> Mark,
>
> On 1/21/13 3:35 PM, Mark Thomas wrote:
>> On 21/01/2013 20:30, Konstantin Kolinko wrote:
>>> The same as with any other ClassLoader: use the bytes and call
>>> ClassLoader.defineClass(..), then ClassLoader.resolveClass(..).
>
>> No can do.
>
>> That method is not public.
>
> OP could subclass WebappClassLoader and give access to it, then set
> that as the loader for the webapp, right?
Yes. You can't do that directly on the Context. You'd need to specify a
Loader (the standard implementation should be OK) and set the loadClass
attribute.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 1/21/13 3:35 PM, Mark Thomas wrote:
> On 21/01/2013 20:30, Konstantin Kolinko wrote:
>> 2013/1/21 Peter Lavin <la...@cs.tcd.ie>:
>>>
>>> Dear List,
>>>
>>> My web application needs to deserialize both classes and
>>> objects which are sent to it.
>>>
>>> I'm using Base64 serialization, and when I transport full
>>> <name>.class file to a service, I can deserialize it with no
>>> problem using ObjectInputStream.readObject(). I also need to
>>> transport instances of certain classes to the application but
>>> without having the benefit of having the class loaded in the
>>> WebappClassLoader. Not surprisingly, deserializing an instance
>>> of a class fails for ClassNotFoundException.
>>>
>>> My question: When I need to transport an instance of a class, I
>>> can easily also transport the full class. This full class can
>>> be instantiated if required. How could I load this class to the
>>> WebappClassLoader and have it available there for when I need
>>> to call ois.readObject()? I want to load the (full) class to
>>> the WebClassLoader to over come the ClassNotFoundException.
>>>
>>
>> The same as with any other ClassLoader: use the bytes and call
>> ClassLoader.defineClass(..), then ClassLoader.resolveClass(..).
>
> No can do.
>
> That method is not public.
OP could subclass WebappClassLoader and give access to it, then set
that as the loader for the webapp, right?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEAREIAAYFAlD+pwQACgkQ9CaO5/Lv0PDFvgCgll4QihNGLfT3AWQRxxTj45e0
k7MAn0z0bFMBOpqYrMvmnNKv5R4qIVos
=GBGX
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Mark Thomas <ma...@apache.org>.
On 21/01/2013 20:30, Konstantin Kolinko wrote:
> 2013/1/21 Peter Lavin <la...@cs.tcd.ie>:
>>
>> Dear List,
>>
>> My web application needs to deserialize both classes and objects which are
>> sent to it.
>>
>> I'm using Base64 serialization, and when I transport full <name>.class file
>> to a service, I can deserialize it with no problem using
>> ObjectInputStream.readObject(). I also need to transport instances of
>> certain classes to the application but without having the benefit of having
>> the class loaded in the WebappClassLoader. Not surprisingly, deserializing
>> an instance of a class fails for ClassNotFoundException.
>>
>> My question: When I need to transport an instance of a class, I can easily
>> also transport the full class. This full class can be instantiated if
>> required. How could I load this class to the WebappClassLoader and have it
>> available there for when I need to call ois.readObject()? I want to load the
>> (full) class to the WebClassLoader to over come the ClassNotFoundException.
>>
>
> The same as with any other ClassLoader:
> use the bytes and call ClassLoader.defineClass(..), then
> ClassLoader.resolveClass(..).
No can do.
That method is not public.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Peter Lavin <la...@cs.tcd.ie>.
Hi again Chris, comments below
On 01/24/2013 07:05 PM, Christopher Schultz wrote:
> What if you try this:
>
> ClassLoader contextClassLoader =
> Thread.currentThread().getContextClassLoader();
>
> FileClassLoader cl = new FileClassLoader(contextClassLoader);
>
> Class<?> spClass = cl.arrayToClass(null, byArray, True);
>
> Thread.currentThread().setContextClassLoader(cl);
>
> Tomcat changes the context ClassLoader all the time, and you'll want
> your ClassLoaders to remember previously-loaded classes, so this isn't
> a great solution in general.
>
> That's why I suggested that you use a "loader" configured in
> context.xml: that will let you define your own ClassLoader where you
> can call arrayToClass at any point and not have to set the context
> ClassLoader all the time.
>
> If you've got something working and you're happy, then there's nothing
> left to do. If it were me, I'd use a custom Loader for my webapp and
> use Java's ObjectInputStream.
This failed in much the same way as before. Like you say :-) what I have
is working and will suffice for the time being, thanks for your help. I
will look in to using context.xml later maybe.
regards
Peter
--
with best regards,
Peter Lavin,
PhD Candidate,
CAG - Computer Architecture & Grid Research Group,
Lloyd Institute, 005,
Trinity College Dublin, Ireland.
+353 1 8961536
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Peter,
On 1/24/13 1:01 PM, Peter Lavin wrote:
> ClassLoader contextClassLoader =
> Thread.currentThread().getContextClassLoader();
>
> // this line was missing in earlier note //this calls the class
> below FileClassLoader cl = new
> FileClassLoader(contextClassLoader);
>
> Class<?> spClass = cl.arrayToClass(null, byArray, True);
What if you try this:
ClassLoader contextClassLoader =
Thread.currentThread().getContextClassLoader();
FileClassLoader cl = new FileClassLoader(contextClassLoader);
Class<?> spClass = cl.arrayToClass(null, byArray, True);
Thread.currentThread().setContextClassLoader(cl);
Tomcat changes the context ClassLoader all the time, and you'll want
your ClassLoaders to remember previously-loaded classes, so this isn't
a great solution in general.
That's why I suggested that you use a "loader" configured in
context.xml: that will let you define your own ClassLoader where you
can call arrayToClass at any point and not have to set the context
ClassLoader all the time.
If you've got something working and you're happy, then there's nothing
left to do. If it were me, I'd use a custom Loader for my webapp and
use Java's ObjectInputStream.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEAREIAAYFAlEBhhUACgkQ9CaO5/Lv0PCIkwCfc0MmIyzRqKPuFeY0legimEEG
bA0AoLN//xy4svN8r7TsfqYtrVdaV7+t
=FDOH
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Peter Lavin <la...@cs.tcd.ie>.
hi Chris, some more details, I'd left out a line in my code snippet this
morning,
On 01/24/2013 05:33 PM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>
> Peter,
>
> On 1/24/13 4:27 AM, Peter Lavin wrote:
>
> After calling:
>
>> ClassLoader contextClassLoader =
>> Thread.currentThread().getContextClassLoader(); Class<?> spClass
>> = cl.arrayToClass(null, byArray, True);
> You are fetching the current context ClassLoader and then using "cl"
> to define your Class. Where do you instantiate your FileClassLoader?
> Do you ever set it as the context ClassLoader? If not, it's never
> going to work.
// I left out a line of code this morning when writing this, this is the
sequence of the code...
ClassLoader contextClassLoader =
Thread.currentThread().getContextClassLoader();
// this line was missing in earlier note
//this calls the class below
FileClassLoader cl = new FileClassLoader(contextClassLoader);
Class<?> spClass = cl.arrayToClass(null, byArray, True);
// my custom class loader code...
public class FileClassLoader extends java.lang.ClassLoader {
public FileClassLoader(ClassLoader contextClassLoader) {
super(contextClassLoader);
}
public synchronized Class<?> arrayToClass(String name, byte[] ct,
boolean resolve) {
Class<?> c = defineClass(name, ct, 0, ct.length);
try {
this.loadClass(c.getName(), resolve);
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
return c;
}
}
>
> What do you get back? Does the Class have the right name, etc?
Yes, this loads the class ok, with the correct name.
> I think you can do this without the CustomObjectInputStream class
> (as long as you don't need to run under a SecurityManager).
Ok, that's interesting, I won't be using SecuritManager as this is
research software,
regards
Peter
>
> - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17
> (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG
> with Thunderbird - http://www.enigmail.net/
>
> iEYEAREIAAYFAlEBcF0ACgkQ9CaO5/Lv0PDENgCghLaRu7LdIfbIrzR3Ubi8n3TX
> HLsAmgJPcEpMkW+knGuVxeh7WsnZyKhW =+pi2 -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
with best regards,
Peter Lavin,
PhD Candidate,
CAG - Computer Architecture & Grid Research Group,
Lloyd Institute, 005,
Trinity College Dublin, Ireland.
+353 1 8961536
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Peter,
On 1/24/13 4:27 AM, Peter Lavin wrote:
> java.lang.ClassNotFoundException:
> common.core.providers.HelloWorldSP at
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1676)
>
>
at
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1521)
>
>
at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:264) at
> java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:621)
> at
> java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1592)
>
>
at
> java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1513)
>
>
at
> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1749)
>
>
at
> java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1346)
> at
> java.io.ObjectInputStream.readObject(ObjectInputStream.java:368)
> at
> common.utilities.SerializationUtilities.Base64StringToObject(SerializationUtilities.java:165)
That
>
sure looks like it's using the WebappClassLoader to try to load
the class.
After calling:
> ClassLoader contextClassLoader =
> Thread.currentThread().getContextClassLoader(); Class<?> spClass =
> cl.arrayToClass(null, byArray, True);
What do you get back? Does the Class have the right name, etc?
You are fetching the current context ClassLoader and then using "cl"
to define your Class. Where do you instantiate your FileClassLoader?
Do you ever set it as the context ClassLoader? If not, it's never
going to work.
I think you can do this without the CustomObjectInputStream class (as
long as you don't need to run under a SecurityManager).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEAREIAAYFAlEBcF0ACgkQ9CaO5/Lv0PDENgCghLaRu7LdIfbIrzR3Ubi8n3TX
HLsAmgJPcEpMkW+knGuVxeh7WsnZyKhW
=+pi2
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Peter Lavin <la...@cs.tcd.ie>.
Hi again Christopher,
thanks for your note and interest, some more details
inline...
On 01/23/2013 07:39 PM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> ObjectInputStream should be using the "context class loader" of the
> thread which should be the WebappClassLoader.
>
> Can you show us your code (the part that actually loads the bytes
> into the ClassLoader to define the class)?
The byte[] arrives at the service as a Base64 string. Base64 to byte[]
is trivial and has been ruled out as a problem. The class type is loaded
using a custom ClassLoader (code as follows)
public class FileClassLoader extends java.lang.ClassLoader {
public FileClassLoader(ClassLoader contextClassLoader) {
super(contextClassLoader);
}
public synchronized Class<?> arrayToClass(String name, byte[] ct,
boolean resolve) {
Class<?> c = defineClass(name, ct, 0, ct.length);
try {
this.loadClass(c.getName(), resolve);
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
return c;
}
}
This is called by...
ClassLoader contextClassLoader =
Thread.currentThread().getContextClassLoader();
Class<?> spClass = cl.arrayToClass(null, byArray, True);
> Also, where does the de-serialization occur? I suspect in the
> webapp, but you haven't described everything in detail (and the
> details count).
The problem is (was) deserializing an instance of such an object. Code
uses is as follows...
public Object Base64StringToObject(String str) {
Object outObj = null;
if (str != null) {
try {
ByteArrayInputStream bais = null;
bais = new ByteArrayInputStream(Base64.decode(str));
ObjectInputStream ois = new ObjectInputStream(bais);
outObj = ois.readObject();
} catch (IOException e) {
e.printStackTrace();
return null;
} catch (ClassNotFoundException e) {
e.printStackTrace();
return null;
}
}
return outObj;
}
called by...
Object spB64Inst = su.Base64StringToObject(base64codeStrInstance);
>> In my service, I've loaded a full class definition and created an
>> instance of it. At this point it (afaik) must be in the cache of
>> the WebappClassLoader. However, when an ObjectInputStream is
>> called to... ois.readObject() on a byte[] of an instance of that
>> same class, it fail for ClassNotFoundException.
>
> Hmm. Can you post the full stack trace of that CNFE?
Although the class (spClass) is now loaded in my custom class loader,
this fails, the CFNE is pasted at the very bottom of this note (for ease
of reading).
What works...
Using the code form this page...
http://www.jarvana.com/jarvana/view/org/apache/tomcat/tomcat-catalina/7.0.4/tomcat-catalina-7.0.4-sources.jar!/org/apache/catalina/util/CustomObjectInputStream.java?format=ok
And described here...
http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/util/CustomObjectInputStream.html
I implemented this in my application (i.e. not imported from a jar) and
use it like this (unchanged except for the package declaration)...
public Object Base64StringToObjectCustomOis(String str, ClassLoader cl) {
Object outObj = null;
if (str != null) {
try {
ByteArrayInputStream bais = null;
bais = new ByteArrayInputStream(Base64.decode(str));
CustomObjectInputStream cois = new CustomObjectInputStream(bais, cl);
///// next line is the main difference...
outObj = cois.readObject();
} catch (IOException e) {
e.printStackTrace();
return null;
} catch (ClassNotFoundException e) {
e.printStackTrace();
return null;
}
}
return outObj;
}
And called like this... (cl same object as before)
Object spB64Inst =
su.Base64StringToObjectCustomOis(base64codeStrInstance,cl);
I've read (can't recall where) that the standard ObjectInputStream uses
a class loader of the JVM which may not have visiblilty on the
WebappClassLoader due to the delegation model used by Tomcat. All the
CustomObjectInputStream appears to do is to override one of the methods
of OIS and pass a class loader, but in this case passes 'my'
WebappClassLoader.
When I used this code, the problem went away.
FYI, (for reading the stacktrace), The class spClass is the type
definition for HelloWorldSP.java. The class in the application which is
running when this error happens is called FetchProfAbilities.java.
The object su in the above code refers to an instance of
SerializationUtilities (where the de/serialization takes place).
Please shout with any more questions. I appear to have overcome the
problem, but for my thesis, I would like to 'nail down' the root cause
of the problem (for academic reasons).
thanks again and best regards,
Peter
>
>> A Tomcat solution is identified here...
>> http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/util/CustomObjectInputStream.html
>
>>
> I'm
>>
> surprised that class needs to exist... I would have expected OIS to
> use the context class loader. I'll have to check on that.
>
>> Which is in $CATILANA_HOME/lib/catalina.jar.
>>
>> Has anyone use this? do I need to add this jar implement this, and
>> include it in my war file?
>
> You should be able to use that class directly from within
> CATALINA_HOME/lib
>
> - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17
> (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG
> with Thunderbird - http://www.enigmail.net/
>
> iEYEAREIAAYFAlEAPHcACgkQ9CaO5/Lv0PBzPgCbBrCdn8wrD/6YYPoYNpoht6s8
> 8vsAnifcwJCpAtLsZqc3SfncDY9QdF2k =wIKl -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
with best regards,
Peter Lavin,
PhD Candidate,
CAG - Computer Architecture & Grid Research Group,
Lloyd Institute, 005,
Trinity College Dublin, Ireland.
+353 1 8961536
CNFE...
java.lang.ClassNotFoundException: common.core.providers.HelloWorldSP
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1676)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1521)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at
java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:621)
at
java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1592)
at
java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1513)
at
java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1749)
at
java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1346)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:368)
at
common.utilities.SerializationUtilities.Base64StringToObject(SerializationUtilities.java:165)
at
common.core.providers.FetchProfAbilitiesSP.ProcB64AddSimpleAct(FetchProfAbilitiesSP.java:786)
at
common.core.providers.FetchProfAbilitiesSP.processUrl(FetchProfAbilitiesSP.java:272)
at
common.core.providers.FetchProfAbilitiesSP.process(FetchProfAbilitiesSP.java:122)
at common.core.ResourceManager.process(ResourceManager.java:172)
at common.agents.SocialGridAgent.process(SocialGridAgent.java:110)
at
org.sga.basicagent.AgentServiceImpl.process(AgentServiceImpl.java:45)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:173)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:89)
at
org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:61)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:75)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at
org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:118)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:208)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:205)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:113)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:184)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:163)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:317)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:204)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:182)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:311)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Peter,
On 1/22/13 2:16 PM, Peter Lavin wrote:
> I've spent some time on this today and have found (at least I think
> so) that my problem in deserializing an instance of an object is
> related to the ClassLoader that the class ObjectInputStream uses.
> It appears that it does not use the WebappClassLoader of the
> service in question, but instead defaults to a ClassLoader higher
> up the tree (which does not have visibility on the cache of the
> WebappClassLoader).
ObjectInputStream should be using the "context class loader" of the
thread which should be the WebappClassLoader.
Can you show us your code (the part that actually loads the bytes into
the ClassLoader to define the class)?
Also, where does the de-serialization occur? I suspect in the webapp,
but you haven't described everything in detail (and the details count).
> In my service, I've loaded a full class definition and created an
> instance of it. At this point it (afaik) must be in the cache of
> the WebappClassLoader. However, when an ObjectInputStream is called
> to... ois.readObject() on a byte[] of an instance of that same
> class, it fail for ClassNotFoundException.
Hmm. Can you post the full stack trace of that CNFE?
> A Tomcat solution is identified here...
> http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/util/CustomObjectInputStream.html
I'm
>
surprised that class needs to exist... I would have expected OIS
to use the context class loader. I'll have to check on that.
> Which is in $CATILANA_HOME/lib/catalina.jar.
>
> Has anyone use this? do I need to add this jar implement this, and
> include it in my war file?
You should be able to use that class directly from within
CATALINA_HOME/lib
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEAREIAAYFAlEAPHcACgkQ9CaO5/Lv0PBzPgCbBrCdn8wrD/6YYPoYNpoht6s8
8vsAnifcwJCpAtLsZqc3SfncDY9QdF2k
=wIKl
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Peterm,,
On 1/23/13 9:29 AM, Peter Lavin wrote:
> My application was using ObjectInputStream (OIS) to convert a
> serialized instance of an object. OIS uses a different class
> loader, one which does not have visibility of the classes loaded in
> the WebappClassLoader. This was giving a ClassNotFoundException.
>
> Then I found CustomObjectInputStream. Initially, I tried to import
> this from catalina.jar but this caused several errors on deploying
> the war, mainly related to XML parsers (??).
>
> I then got the source for CustomObjectInputStream and added it to
> my web-app (about 100 lines of code). This yielded a solution, full
> credit to... Craig R. McClanahan and Bip Thelin for writing this
> :-)
>
> Thanks to those who replied to my earlier question.
I should have read this first. Odd that OIS doesn't use the
ContextClassLoader...
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEAREIAAYFAlEAPKkACgkQ9CaO5/Lv0PBGGQCgsvilfSlKlnCjNYMIkR6keoi8
uLEAoLFJTHCG4lgIhPmJc5VFu1ruJaCt
=aYfv
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Peter Lavin <la...@cs.tcd.ie>.
Solution and root of problem:
My application was using ObjectInputStream (OIS) to convert a serialized
instance of an object. OIS uses a different class loader, one which does
not have visibility of the classes loaded in the WebappClassLoader. This
was giving a ClassNotFoundException.
Then I found CustomObjectInputStream. Initially, I tried to import this
from catalina.jar but this caused several errors on deploying the war,
mainly related to XML parsers (??).
I then got the source for CustomObjectInputStream and added it to my
web-app (about 100 lines of code). This yielded a solution, full credit
to... Craig R. McClanahan and Bip Thelin for writing this :-)
Thanks to those who replied to my earlier question.
regards,
Peter
On 01/22/2013 07:16 PM, Peter Lavin wrote:
>
> Hi again,
>
> I've spent some time on this today and have found (at least I think so)
> that my problem in deserializing an instance of an object is related to
> the ClassLoader that the class ObjectInputStream uses. It appears that
> it does not use the WebappClassLoader of the service in question, but
> instead defaults to a ClassLoader higher up the tree (which does not
> have visibility on the cache of the WebappClassLoader).
>
> In my service, I've loaded a full class definition and created an
> instance of it. At this point it (afaik) must be in the cache of the
> WebappClassLoader. However, when an ObjectInputStream is called to...
> ois.readObject() on a byte[] of an instance of that same class, it fail
> for ClassNotFoundException.
>
> A Tomcat solution is identified here...
> http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/util/CustomObjectInputStream.html
>
>
> Which is in $CATILANA_HOME/lib/catalina.jar.
>
> Has anyone use this? do I need to add this jar implement this, and
> include it in my war file?
>
> regards,
> Peter
>
>
>
>
> On 01/21/2013 08:30 PM, Konstantin Kolinko wrote:
>> 2013/1/21 Peter Lavin<la...@cs.tcd.ie>:
>>>
>>> Dear List,
>>>
>>> My web application needs to deserialize both classes and objects
>>> which are
>>> sent to it.
>>>
>>> I'm using Base64 serialization, and when I transport full<name>.class
>>> file
>>> to a service, I can deserialize it with no problem using
>>> ObjectInputStream.readObject(). I also need to transport instances of
>>> certain classes to the application but without having the benefit of
>>> having
>>> the class loaded in the WebappClassLoader. Not surprisingly,
>>> deserializing
>>> an instance of a class fails for ClassNotFoundException.
>>>
>>> My question: When I need to transport an instance of a class, I can
>>> easily
>>> also transport the full class. This full class can be instantiated if
>>> required. How could I load this class to the WebappClassLoader and
>>> have it
>>> available there for when I need to call ois.readObject()? I want to
>>> load the
>>> (full) class to the WebClassLoader to over come the
>>> ClassNotFoundException.
>>>
>>
>> The same as with any other ClassLoader:
>> use the bytes and call ClassLoader.defineClass(..), then
>> ClassLoader.resolveClass(..).
>>
>> There is an example in WebappClassLoader.clearReferencesJdbc() method
>> (though resolveClass() is not called there, I do not know why - maybe
>> it was just forgotten).
>>
>>> Env:
>>> Tomcat 7.0.14
>>
>> Known security issues:
>> http://tomcat.apache.org/security-7.html
>>
>>> OSCentOS release 5.8 (Final)
>>> java version 1.6.0 22
>>> OpenJDK Runtime Environment (IcedTea6 1.10.10)
>>> (rhel-1.28.1.10.10.el5 8-x86 64)
>>> OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
--
with best regards,
Peter Lavin,
PhD Candidate,
CAG - Computer Architecture & Grid Research Group,
Lloyd Institute, 005,
Trinity College Dublin, Ireland.
+353 1 8961536
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Peter Lavin <la...@cs.tcd.ie>.
Hi again,
I've spent some time on this today and have found (at least I think so)
that my problem in deserializing an instance of an object is related to
the ClassLoader that the class ObjectInputStream uses. It appears that
it does not use the WebappClassLoader of the service in question, but
instead defaults to a ClassLoader higher up the tree (which does not
have visibility on the cache of the WebappClassLoader).
In my service, I've loaded a full class definition and created an
instance of it. At this point it (afaik) must be in the cache of the
WebappClassLoader. However, when an ObjectInputStream is called to...
ois.readObject() on a byte[] of an instance of that same class, it fail
for ClassNotFoundException.
A Tomcat solution is identified here...
http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/util/CustomObjectInputStream.html
Which is in $CATILANA_HOME/lib/catalina.jar.
Has anyone use this? do I need to add this jar implement this, and
include it in my war file?
regards,
Peter
On 01/21/2013 08:30 PM, Konstantin Kolinko wrote:
> 2013/1/21 Peter Lavin<la...@cs.tcd.ie>:
>>
>> Dear List,
>>
>> My web application needs to deserialize both classes and objects which are
>> sent to it.
>>
>> I'm using Base64 serialization, and when I transport full<name>.class file
>> to a service, I can deserialize it with no problem using
>> ObjectInputStream.readObject(). I also need to transport instances of
>> certain classes to the application but without having the benefit of having
>> the class loaded in the WebappClassLoader. Not surprisingly, deserializing
>> an instance of a class fails for ClassNotFoundException.
>>
>> My question: When I need to transport an instance of a class, I can easily
>> also transport the full class. This full class can be instantiated if
>> required. How could I load this class to the WebappClassLoader and have it
>> available there for when I need to call ois.readObject()? I want to load the
>> (full) class to the WebClassLoader to over come the ClassNotFoundException.
>>
>
> The same as with any other ClassLoader:
> use the bytes and call ClassLoader.defineClass(..), then
> ClassLoader.resolveClass(..).
>
> There is an example in WebappClassLoader.clearReferencesJdbc() method
> (though resolveClass() is not called there, I do not know why - maybe
> it was just forgotten).
>
>> Env:
>> Tomcat 7.0.14
>
> Known security issues:
> http://tomcat.apache.org/security-7.html
>
>> OSCentOS release 5.8 (Final)
>> java version 1.6.0 22
>> OpenJDK Runtime Environment (IcedTea6 1.10.10)
>> (rhel-1.28.1.10.10.el5 8-x86 64)
>> OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
with best regards,
Peter Lavin,
PhD Candidate,
CAG - Computer Architecture & Grid Research Group,
Lloyd Institute, 005,
Trinity College Dublin, Ireland.
+353 1 8961536
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Konstantin Kolinko <kn...@gmail.com>.
2013/1/21 Peter Lavin <la...@cs.tcd.ie>:
>
> Dear List,
>
> My web application needs to deserialize both classes and objects which are
> sent to it.
>
> I'm using Base64 serialization, and when I transport full <name>.class file
> to a service, I can deserialize it with no problem using
> ObjectInputStream.readObject(). I also need to transport instances of
> certain classes to the application but without having the benefit of having
> the class loaded in the WebappClassLoader. Not surprisingly, deserializing
> an instance of a class fails for ClassNotFoundException.
>
> My question: When I need to transport an instance of a class, I can easily
> also transport the full class. This full class can be instantiated if
> required. How could I load this class to the WebappClassLoader and have it
> available there for when I need to call ois.readObject()? I want to load the
> (full) class to the WebClassLoader to over come the ClassNotFoundException.
>
The same as with any other ClassLoader:
use the bytes and call ClassLoader.defineClass(..), then
ClassLoader.resolveClass(..).
There is an example in WebappClassLoader.clearReferencesJdbc() method
(though resolveClass() is not called there, I do not know why - maybe
it was just forgotten).
> Env:
> Tomcat 7.0.14
Known security issues:
http://tomcat.apache.org/security-7.html
> OSCentOS release 5.8 (Final)
> java version 1.6.0 22
> OpenJDK Runtime Environment (IcedTea6 1.10.10)
> (rhel-1.28.1.10.10.el5 8-x86 64)
> OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Loading a DeSerialized Class to WebabbClassLoader Question
Posted by Peter Lavin <la...@cs.tcd.ie>.
Hi again, did anyone get a chance to look at this, if you need any
further information, please let me know, any help appreciated.
regards,
Peter
On 01/21/2013 11:30 AM, Peter Lavin wrote:
>
> Dear List,
>
> My web application needs to deserialize both classes and objects which
> are sent to it.
>
> I'm using Base64 serialization, and when I transport full <name>.class
> file to a service, I can deserialize it with no problem using
> ObjectInputStream.readObject(). I also need to transport instances of
> certain classes to the application but without having the benefit of
> having the class loaded in the WebappClassLoader. Not surprisingly,
> deserializing an instance of a class fails for ClassNotFoundException.
>
> My question: When I need to transport an instance of a class, I can
> easily also transport the full class. This full class can be
> instantiated if required. How could I load this class to the
> WebappClassLoader and have it available there for when I need to call
> ois.readObject()? I want to load the (full) class to the WebClassLoader
> to over come the ClassNotFoundException.
>
> Env:
> Tomcat 7.0.14
> OSCentOS release 5.8 (Final)
> java version 1.6.0 22
> OpenJDK Runtime Environment (IcedTea6 1.10.10)
> (rhel-1.28.1.10.10.el5 8-x86 64)
> OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)
>
> Any help appreciated,
> regards,
> Peter Lavin
>
>
>
--
with best regards,
Peter Lavin,
PhD Candidate,
CAG - Computer Architecture & Grid Research Group,
Lloyd Institute, 005,
Trinity College Dublin, Ireland.
+353 1 8961536
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org