https://bz.apache.org/bugzilla/show_bug.cgi?id=58585
Bug ID: 58585
Summary: Tomcat 9.0.0-dev (@r1712593) AccessControlException on
first access via HTTPS
Product: Tomcat 9
Version: unspecified
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: knst.koli...@gmail.com
Encountered while testing Tomcat-Native 1.2.1 release candidate with current
Tomcat 9 trunk (at revision 1712593)
For some reason this issue does not happen with http://localhost:8080/, but it
does happen with https://localhost:8443/
I am on Windows 7 using Java 8u66 32-bit
Steps to reproduce:
1. Copy tcnative-1.dll into ${catalina.home}/bin
2. Copy the following files from source directory
test\org\apache\tomcat\util\net\ into ${catalina.home}/conf:
localhost-cert.pem
localhost-key.pem
3. In conf/server.xml configure the following connector
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig honorCipherOrder="false" >
<Certificate certificateKeyFile="conf/localhost-key.pem"
certificateFile="conf/localhost-cert.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
(It is the same as commented example, but certificateKeyFile and
certificateFile are updated to match file names, s/-rsa-/-/ )
4. Set JAVA_HOME and start Tomcat with SecurityManager enabled.
cd bin
catalina.bat start -security
5. Access https://localhost:8443/
I am using Firefox 41.0.2
The page fails with error 500 during execution of JSP page.
java.security.AccessControlException: access denied
("java.lang.RuntimePermission"
"accessClassInPackage.org.apache.tomcat.util.buf")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:311)
at java.lang.ClassLoader.loadClass(ClassLoader.java:411)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at
org.apache.catalina.connector.OutputBuffer.setConverter(OutputBuffer.java:561)
at
org.apache.catalina.connector.OutputBuffer.checkConverter(OutputBuffer.java:546)
at org.apache.catalina.connector.Response.getWriter(Response.java:598)
at
org.apache.catalina.connector.ResponseFacade.getWriter(ResponseFacade.java:211)
at org.apache.jasper.runtime.JspWriterImpl.initOut(JspWriterImpl.java:115)
at
org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:108)
at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:326)
at java.io.Writer.write(Writer.java:157)
at org.apache.jsp.index_jsp._jspService(index_jsp.java:322)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:438)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:385)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:329)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
If I refresh the page, it shows up successfully.
If I restart Tomcat, the first access to https://localhost:8443/ fails as well,
so JSP compilation does not affect it.
If the first access is via https://localhost:8080/, it shows up successfully.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
