https://issues.apache.org/bugzilla/show_bug.cgi?id=48097
--- Comment #6 from Konstantin Kolinko <knst.koli...@gmail.com> 2009-11-01
22:15:14 UTC ---
Thank you for the recipe, I was able to reproduce the issue.
The issue is observable both in 6.0.20 and in current 6.0.x sources, and I was
able to do some debugging.
~ What is essential: ~
1). I updated my JDK to 6u16. I was using 6u15 previously.
I have not verified yet that it indeed works OK with 6u15, but it might be it.
2). It is essential to run with SecurityManager enabled.
The permissions are essential. If you add
grant {
permission java.security.AllPermission;
}
all starts working again.
3). I removed all applications from the webapps folder, except the ROOT
application that was replaced with the one from attachment 24452.
4). You need to precompile the JSP page. That is, start Tomcat, access the
page, shutdown Tomcat, and start it for the second time.
5). Access http://localhost:8080/
6). The stacktrace as in Comment #2 is observed.
~ Debugging showed the following: ~
The following line in WebappClassLoader#findResourceInternal(String) resulted
in AccessControlException:
2070: entry = new ResourceEntry();
The exception was caught by the caller (WebappClassLoader#findClass(String))
and wrapped into ClassNotFoundException.
The ClassNotFoundException was caught by the caller
(WebappClassLoader#loadClass(String,boolean)) and ignored. That is why we do
not see it in the logs.
The patch in attachment 24456 makes WebappClassLoader#findClass(String) to log
the AccessControlException when it is encountered.
The exception text and stacktrace are the following:
02.11.2009 7:53:51 org.apache.catalina.loader.WebappClassLoader findClass
SEVERE: findClassInternal(net.freeutils.web.SessionBean) failed
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.loader)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
at
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:2070)
at
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1851)
at
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:887)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1352)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1231)
at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:128)
at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:66)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
at org.apache.jsp.index_jsp._jspService(index_jsp.java:64)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:334)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:259)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:294)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:478)
at java.lang.Thread.run(Unknown Source)
~ Notes: ~
1. The
java.security.AccessControlException that I cited above is printed into
catalina.<date>.log
2. At the same time,
02.11.2009 8:51:54 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet jsp threw exception
java.lang.ClassNotFoundException: net.freeutils.web.SessionBean
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1385)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1231)
at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:128)
at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:66)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
at org.apache.jsp.index_jsp._jspService(index_jsp.java:64)
is printed into different log file, localhost.<date>.log
3. java.lang.NoClassDefFoundError: net/freeutils/web/SessionBean
org.apache.jsp.index_jsp._jspService(index_jsp.java:64)
that is displayed on the error 500 page is not printed into the logs.
Though the ClassNotFoundException is also printed on the error 500 page as the
root cause of that NoClassDefFoundError.
4. While debugging I also observed different behaviour: The request to
http://localhost:8080/ resulted in blank page (response with content length of
0) being returned by the server.
Note, that the classes layout and the policy file were different while I was
debugging.
The following additional steps allowed me to reproduce this error in that
setup:
1) I deployed an additional empty web application, where I copied index.html
from our examples app.
2) The first access to http://localhost:8080/ resulted in empty page, but if
after that I accessed the second webapp, and, after some delay (about 5-10
seconds), used Ctrl+F5 to refresh http://localhost:8080/ in my Firefox, the
error showed itself.
5. The blank response suggests that there is some other place in the code,
where AccessControlException is ignored. Nothing is written into the logs when
the blank response is shown. I do not know where it occurs.
6. The fix to this issue would be to either add some permissions to the policy,
or to preload some classes, as we do. I do not know what is the root cause of
it yet, though.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
