You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by "lionel gomez (JIRA)" <ta...@jakarta.apache.org> on 2006/11/14 03:22:39 UTC
[jira] Commented: (TAPESTRY-964) Tapestry web app (including
workbench example) fails in Tomcat with security manager enabled
[ http://issues.apache.org/jira/browse/TAPESTRY-964?page=comments#action_12449540 ]
lionel gomez commented on TAPESTRY-964:
---------------------------------------
Alternate fix in bug TAPESTRY-1148
> Tapestry web app (including workbench example) fails in Tomcat with security manager enabled
> --------------------------------------------------------------------------------------------
>
> Key: TAPESTRY-964
> URL: http://issues.apache.org/jira/browse/TAPESTRY-964
> Project: Tapestry
> Issue Type: Bug
> Components: Framework
> Affects Versions: 4.0.2
> Environment: Linux (2.6 kernel), Tomcat 5.0.28, Sun Java SDK 1.5.0_02, Tapestry 4.0.2
> Reporter: Paul Homes
> Attachments: ClassPool.java.patch
>
>
> Web apps that use Tapestry 4.0 in Tomcat with the security manager enabled fail with a "java.lang.NoClassDefFoundError: org.apache.hivemind.ServiceImplementationFactory" exception.
> To simplify testing I only have the Tapestry 4.0.2 example workbench web app deployed in a new Tomcat 5.0.28 install. The workbench example works fine when Tomcat is started without the security manager, but when the security manager is enabled you can see the following stack trace:
> 2006-05-25 17:32:57 StandardContext[/workbench]Servlet /workbench threw load() exception javax.servlet.ServletException: org.apache.hivemind.ServiceImplementationFactory
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:286)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:110)
> at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1024)
> at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:862)
> at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4013)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4357)
> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
> at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
> at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:805)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595)
> at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:277)
> at org.apache.catalina.core.StandardHost.install(StandardHost.java:832)
> at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:625)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:431)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983)
> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349)
> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
> at org.apache.catalina.core.StandardService.start(StandardService.java:480)
> at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
> ----- Root Cause -----
> java.lang.NoClassDefFoundError: org.apache.hivemind.ServiceImplementationFactory
> at org.apache.hivemind.impl.InvokeFactoryServiceConstructor.class$(InvokeFactoryServiceConstructor.java:83)
> at org.apache.hivemind.impl.InvokeFactoryServiceConstructor.setupFactoryAndParameters(InvokeFactoryServiceConstructor.java:82)
> at org.apache.hivemind.impl.InvokeFactoryServiceConstructor.constructCoreServiceImplementation(InvokeFactoryServiceConstructor.java:55)
> at org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructCoreServiceImplementation(AbstractServiceModelImpl.java:108)
> at org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructNewServiceImplementation(AbstractServiceModelImpl.java:158)
> at org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructServiceImplementation(AbstractServiceModelImpl.java:140)
> at org.apache.hivemind.impl.servicemodel.SingletonServiceModel.getActualServiceImplementation(SingletonServiceModel.java:69)
> at $Runnable_10b6a75df19._service($Runnable_10b6a75df19.java)
> at $Runnable_10b6a75df19.run($Runnable_10b6a75df19.java)
> at $Runnable_10b6a75df18.run($Runnable_10b6a75df18.java)
> at org.apache.hivemind.impl.RegistryInfrastructureImpl.startup(RegistryInfrastructureImpl.java:436)
> at org.apache.hivemind.impl.RegistryBuilder.constructRegistry(RegistryBuilder.java:154)
> at org.apache.tapestry.ApplicationServlet.constructRegistry(ApplicationServlet.java:253)
> at org.apache.tapestry.ApplicationServlet.init(ApplicationServlet.java:194)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:268)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:110)
> at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1024)
> at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:862)
> at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4013)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4357)
> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
> at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
> at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:805)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595)
> at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:277)
> at org.apache.catalina.core.StandardHost.install(StandardHost.java:832)
> at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:625)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:431)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983)
> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349)
> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
> at org.apache.catalina.core.StandardService.start(StandardService.java:480)
> at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
> The catalina.policy file in use is the standard Tomcat one with the following appended to grant all permissions to the Tapestry workbench example:
> grant codeBase "file:${catalina.home}/webapps/workbench/-" {
> permission java.security.AllPermission;
> };
> Tomcat has been started like so:
> catalina.sh start -security
> Not sure if this helps much, but I enabled some java security debugging with:
> export CATALINA_OPTS=-Djava.security.debug=access:failure
> catalina.sh start -security
> ... that generates:
> access: access allowed (java.io.FilePermission /usr/local/jakarta-tomcat-5.0.28/webapps/workbench/WEB-INF/classes/org/apache/hivemind/impl/servicemodel/SingletonInnerProxy.class read)
> access: access allowed (java.io.FilePermission /usr/local/jakarta-tomcat-5.0.28/webapps/workbench/WEB-INF/lib/hivemind-1.1.1.jar read)
> access: access allowed (java.io.FilePermission /usr/local/jakarta-tomcat-5.0.28/webapps/workbench/WEB-INF/lib/hivemind-1.1.1.jar read)
> access: access allowed (java.io.FilePermission /usr/local/jakarta-tomcat-5.0.28/webapps/workbench/WEB-INF/lib/hivemind-1.1.1.jar read)
> access: access allowed (java.lang.RuntimePermission accessDeclaredMembers)
> access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks)
> access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks)
> access: access allowed (java.lang.reflect.ReflectPermission suppressAccessChecks)
> access: access denied (java.io.FilePermission /usr/local/jakarta-tomcat-5.0.28/webapps/workbench/WEB-INF/classes/org/apache/hivemind/ServiceImplementationFactory.class read)
> java.lang.Exception: Stack trace
> at java.lang.Thread.dumpStack(Thread.java:1158)
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:253)
> at java.security.AccessController.checkPermission(AccessController.java:427)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
> at java.io.File.exists(File.java:700)
> at org.apache.naming.resources.FileDirContext.file(FileDirContext.java:826)
> at org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:208)
> at org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:287)
> at org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1707)
> at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1575)
> at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:860)
> at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1307)
> at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1189)
> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:164)
> at org.apache.hivemind.impl.InvokeFactoryServiceConstructor.class$(InvokeFactoryServiceConstructor.java:83)
> at org.apache.hivemind.impl.InvokeFactoryServiceConstructor.setupFactoryAndParameters(InvokeFactoryServiceConstructor.java:82)
> at org.apache.hivemind.impl.InvokeFactoryServiceConstructor.constructCoreServiceImplementation(InvokeFactoryServiceConstructor.java:55)
> at org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructCoreServiceImplementation(AbstractServiceModelImpl.java:108)
> at org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructNewServiceImplementation(AbstractServiceModelImpl.java:158)
> at org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructServiceImplementation(AbstractServiceModelImpl.java:140)
> at org.apache.hivemind.impl.servicemodel.SingletonServiceModel.getActualServiceImplementation(SingletonServiceModel.java:69)
> at $Runnable_10b6b1bdd89._service($Runnable_10b6b1bdd89.java)
> at $Runnable_10b6b1bdd89.run($Runnable_10b6b1bdd89.java)
> at $Runnable_10b6b1bdd88.run($Runnable_10b6b1bdd88.java)
> at org.apache.hivemind.impl.RegistryInfrastructureImpl.startup(RegistryInfrastructureImpl.java:436)
> at org.apache.hivemind.impl.RegistryBuilder.constructRegistry(RegistryBuilder.java:154)
> at org.apache.tapestry.ApplicationServlet.constructRegistry(ApplicationServlet.java:253)
> at org.apache.tapestry.ApplicationServlet.init(ApplicationServlet.java:194)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:268)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
> at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:110)
> at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1024)
> at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:862)
> at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4013)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4357)
> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
> at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
> at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:805)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595)
> at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:277)
> at org.apache.catalina.core.StandardHost.install(StandardHost.java:832)
> at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:625)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:431)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983)
> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349)
> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
> at org.apache.catalina.core.StandardService.start(StandardService.java:480)
> at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
> access: access allowed (java.security.SecurityPermission getPolicy)
> access: domain that failed ProtectionDomain (null <no signer certificates>)
> org.apache.hivemind.service.impl.ClassFactoryClassLoader@df83e5
> <no principals>
> java.security.Permissions@1474e45 (
> (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime)
> (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime.*)
> (java.lang.RuntimePermission getAttribute)
> (java.util.PropertyPermission java.version read)
> (java.util.PropertyPermission java.home read)
> (java.util.PropertyPermission java.vm.name read)
> (java.util.PropertyPermission java.vm.vendor read)
> (java.util.PropertyPermission javax.sql.* read)
> (java.util.PropertyPermission os.name read)
> (java.util.PropertyPermission java.vendor.url read)
> (java.util.PropertyPermission java.vm.specification.vendor read)
> (java.util.PropertyPermission java.specification.vendor read)
> (java.util.PropertyPermission os.version read)
> (java.util.PropertyPermission java.specification.name read)
> (java.util.PropertyPermission java.class.version read)
> (java.util.PropertyPermission file.separator read)
> (java.util.PropertyPermission java.vm.version read)
> (java.util.PropertyPermission os.arch read)
> (java.util.PropertyPermission java.naming.* read)
> (java.util.PropertyPermission jaxp.debug read)
> (java.util.PropertyPermission java.vm.specification.name read)
> (java.util.PropertyPermission java.vm.specification.version read)
> (java.util.PropertyPermission java.specification.version read)
> (java.util.PropertyPermission java.vendor read)
> (java.util.PropertyPermission path.separator read)
> (java.util.PropertyPermission line.separator read)
> )
> There is a similar problem with security manager enabled Tomcat 4.1.31, Java SDK 1.4.2_10 on Windows XP where the class loading problem shows up this time as:
>
> javax.servlet.ServletException: Unable to initialize application servlet: Unable to construct service hivemind.Startup: Error at jar:file:/C:/jakarta-tomcat-4.1.31/webapps/futrix5dev/WEB-INF/lib/hivemind-1.1.jar!/META-INF/hivemodule.xml, line 599, column 43: Unable to process attribute autowire-services (of element construct): Unable to construct configuration hivemind.Translators: Error at jar:file:/C:/jakarta-tomcat-4.1.31/webapps/futrix5dev/WEB-INF/lib/hivemind-1.1.jar!/META-INF/hivemodule.xml, line 555, column 62: Unable to process attribute service-id (of element translator): Unable to lookup java.lang.Class: java.lang.Class
> at org.apache.tapestry.ApplicationServlet.init(ApplicationServlet.java:206)
> at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:888)
> .....
> Caused by: org.apache.hivemind.ApplicationRuntimeException: Unable to lookup java.lang.Class: java.lang.Class
> at org.apache.hivemind.service.impl.CtClassSource.getCtClass(CtClassSource.java:56)
> at org.apache.hivemind.service.impl.AbstractFab.convertClass(AbstractFab.java:83)
> at org.apache.hivemind.service.impl.AbstractFab.convertClasses(AbstractFab.java:66)
> at org.apache.hivemind.service.impl.ClassFabImpl.addMethod(ClassFabImpl.java:280)
> at org.apache.hivemind.impl.ProxyBuilder.addServiceMethods(ProxyBuilder.java:139)
> at org.apache.hivemind.impl.servicemodel.SingletonServiceModel.createSingletonProxyClass(SingletonServiceModel.java:183)
> at org.apache.hivemind.impl.servicemodel.SingletonServiceModel.createSingletonProxy(SingletonServiceModel.java:103)
> ... 73 more
> Caused by: javassist.NotFoundException: java.lang.Class
> at javassist.ClassPool.get(ClassPool.java:301)
> at org.apache.hivemind.service.impl.CtClassSource.getCtClass(CtClassSource.java:52)
> ... 79 more
> The only existing JIRA issue I can find which sounds similar is TAPESTRY-150 but that is with Tapestry 3.0
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org