You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Stephen More <st...@gmail.com> on 2008/06/18 15:00:11 UTC
JAASRealm problem moving from 5.5.23 -> 5.5.26
I have been using 5.5.23 with a JAASRealm for some time now.
In trying to upgrade to 5.5.26 I am now seeing a new log entry in catalina.out
Jun 18, 2008 8:40:09 AM org.apache.catalina.realm.JAASRealm parseClassNames
Just after that I am seeing a SEVERE message that it can not find my
classes where I extend javax.security.Principal. These classes can be
found in the deployed war file.
Other people are seeing similar issues:
http://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/200804.mbox/%3C4811DCC8.4040602@gmail.com%3E
Is this a bug, or am I now required to move this jar out of the war
and into a shared classpath ?
-Thanks
Steve More
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: JAASRealm problem moving from 5.5.23 -> 5.5.26
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Stephen More [mailto:stephen.more@gmail.com]
> Subject: Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
>
> 5.5.26 seems to work fine when useContextClassloader=true
> 5.5.23 no longer works if useContextClassloader=true
(I assume useContextClassloader is really useContextClassLoader in the above.)
The 5.5.23 code that checked useContextClassLoader had the test backwards; it was fixed with this:
https://issues.apache.org/bugzilla/show_bug.cgi?id=44084
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
Posted by Stephen More <st...@gmail.com>.
>> <Context path="/ams" reloadable="true" >
>
> Take out the path attribute; it's not allowed unless the <Context> element is in server.xml (where it should never be, these days). It should be ignored, but...
Done.
>> <Realm className="org.apache.catalina.realm.JAASRealm"
> ...
>> useContextClassLoader="false" />
>
> Just for grins, what happens if you set useContextClassloader to "true"? This should allow the
> LoginModule and Principal classes to be part of the webapp.
5.5.26 seems to work fine when useContextClassloader=true
5.5.23 no longer works if useContextClassloader=true
StackTrace from 5.5.23:
javax.security.auth.login.LoginException: unable to find LoginModule
class: com.acme.MyLoginModule
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:366)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:619)
-Steve
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: JAASRealm problem moving from 5.5.23 -> 5.5.26
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Stephen More [mailto:stephen.more@gmail.com]
> Subject: Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
>
> <Context path="/ams" reloadable="true" >
Take out the path attribute; it's not allowed unless the <Context> element is in server.xml (where it should never be, these days). It should be ignored, but...
> <Realm className="org.apache.catalina.realm.JAASRealm"
...
> useContextClassLoader="false" />
Just for grins, what happens if you set useContextClassloader to "true"? This should allow the LoginModule and Principal classes to be part of the webapp.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
Posted by Stephen More <st...@gmail.com>.
On Wed, Jun 18, 2008 at 2:10 PM, Caldarale, Charles R
> Just to verify, your <Realm> declaration is within the webapp's <Context>, correct?
> Could you post the <Context> element for the webapp? I'd like to see if there's anything odd in it.
My <Realm> declaration is stored in META-INF/context.xml of the war.
<Context path="/ams" reloadable="true" >
<Manager pathname=""/>
<ResourceLink global="jdbc/amsDBPool" name="jdbc/amsDBPool"
type="javax.sql.DataSource"/>
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="MyRealm"
userClassNames="com.acme.MyUser"
roleClassNames="com.acme.MyUserRole"
debug="99"
useContextClassLoader="false" />
</Context>
>> java.lang.ClassNotFoundException: com.acme.MyUser
>
> So you're the one that sells all that stuff to Wile E Coyote?
Beep Beep !
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: JAASRealm problem moving from 5.5.23 -> 5.5.26
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Stephen More [mailto:stephen.more@gmail.com]
> Subject: Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
>
> The binary download does not output a stack trace for the error. I
> added the stack trace to the src and recompiled. Here it is:
Thanks. This will take a little while to reproduce.
Just to verify, your <Realm> declaration is within the webapp's <Context>, correct? Could you post the <Context> element for the webapp? I'd like to see if there's anything odd in it.
> java.lang.ClassNotFoundException: com.acme.MyUser
So you're the one that sells all that stuff to Wile E Coyote?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
Posted by Stephen More <st...@gmail.com>.
>> This setup has worked out of the box on both 5.5.23 and 6.0.16 without
>> any changes to my CLASSPATH environment variable.
>
> Do you have anything in CLASSPATH? You shouldn't.
Nope. CLASSPATH is empty.
>> If I need to run multiple versions of a realm am I now forced
>> to run multiple instances of tomcat ?
>
> Don't know; this would require more research. Do you have a stack trace for the class not found exception?
The binary download does not output a stack trace for the error. I
added the stack trace to the src and recompiled. Here it is:
ERROR main org.apache.catalina.realm.JAASRealm - JAASRealm error:
java.lang.ClassNotFoundException: com.acme.MyUser
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at org.apache.catalina.realm.JAASRealm.parseClassNames(JAASRealm.java:275)
at org.apache.catalina.realm.JAASRealm.start(JAASRealm.java:560)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4126)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
-Steve
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: JAASRealm problem moving from 5.5.23 -> 5.5.26
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Stephen More [mailto:stephen.more@gmail.com]
> Subject: Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
>
> Is "Tomcat's classpath" defined somewhere in the docs ?
It's normally just bin/bootstrap.jar; probably not explicitly defined in the docs, just discernable from the scripts.
> This setup has worked out of the box on both 5.5.23 and 6.0.16 without
> any changes to my CLASSPATH environment variable.
Do you have anything in CLASSPATH? You shouldn't.
> This has been working very well since it allows me to run different
> versions of my Realm inside 1 instance of tomcat.
Yes, I can see the advantages of being able to do so.
> If I need to run multiple versions of a realm am I now forced
> to run multiple instances of tomcat ?
Don't know; this would require more research. Do you have a stack trace for the class not found exception?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: JAASRealm problem moving from 5.5.23 -> 5.5.26
Posted by Stephen More <st...@gmail.com>.
>> Just after that I am seeing a SEVERE message that it can not find my
>> classes where I extend javax.security.Principal. These classes can be
>> found in the deployed war file.
>
> Which is not where they're supposed to be. To quote from the doc: "Place the compiled classes on
> Tomcat's classpath"; note this is not the webapp's classpath. This can be specified in Tomcat's startup
> scripts, or the classes can be put in whatever you have java.endorsed.dirs set to. The principal and role
> classes must not be packaged with the webapp, since the Realm is independent.
Is "Tomcat's classpath" defined somewhere in the docs ? I see a
Classloading section:
http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html but it
does not really talk about "Tomcat's classpath".
> Here's the doc:
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JAASRealm
Can the realm doc get updated to say:
3. Place the compiled classes on Tomcat's classpath ( e.g.
$CATALINA_HOME/commons/endorsed )
> Packaging with the webapp may have erroneously "worked" in the past if you fiddled with the
> CLASSPATH environment variable, which can lead to lots of other nasty issues.
This setup has worked out of the box on both 5.5.23 and 6.0.16 without
any changes to my CLASSPATH environment variable.
This has been working very well since it allows me to run different
versions of my Realm inside 1 instance of tomcat. If I need to run
multiple versions of a realm am I now forced to run multiple instances
of tomcat ?
-Steve More
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: JAASRealm problem moving from 5.5.23 -> 5.5.26
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Stephen More [mailto:stephen.more@gmail.com]
> Subject: JAASRealm problem moving from 5.5.23 -> 5.5.26
>
> Just after that I am seeing a SEVERE message that it can not find my
> classes where I extend javax.security.Principal. These classes can be
> found in the deployed war file.
Which is not where they're supposed to be. To quote from the doc: "Place the compiled classes on Tomcat's classpath"; note this is not the webapp's classpath. This can be specified in Tomcat's startup scripts, or the classes can be put in whatever you have java.endorsed.dirs set to. The principal and role classes must not be packaged with the webapp, since the Realm is independent.
Here's the doc:
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JAASRealm
Packaging with the webapp may have erroneously "worked" in the past if you fiddled with the CLASSPATH environment variable, which can lead to lots of other nasty issues.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org