DO NOT REPLY [Bug 49178] Running tomcat/6.0.26 with security manager generates ORACLE jdbc error

bugzilla Mon, 26 Apr 2010 10:55:01 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=49178


--- Comment #3 from Suresh T <tipirn...@yahoo.com> 2010-04-26 13:54:32 EDT ---
(In reply to comment #1)
> That looks rather odd. Could you please provide:
> - the full security failure from the logs that prompted you to make this 
> change
> - the exact entry you added to the policy file
> 
> Thanks.

hi Mark
   When I run the Tomcat with -security option and if the following policy 

grant codeBase "file:\${catalina.base}\lib\-" {
  permission java.security.AllPermission;
};

  is not entered in the log, I see the following error come up in the stdout

access: access denied (java.io.FilePermission
\C:\javaaps\apache-tomcat-6.0.26\a
pache-tomcat-6.0.26\lib\ojdbc6.jar read)
java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1206)
        at
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:313)
        at
java.security.AccessController.checkPermission(AccessController.java:
546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at sun.misc.URLClassPath.check(URLClassPath.java:408)
        at sun.misc.URLClassPath.checkURL(URLClassPath.java:388)
        at java.net.URLClassLoader.findResource(URLClassLoader.java:366)
        at java.lang.ClassLoader.getResource(ClassLoader.java:977)
        at java.lang.Class.getResource(Class.java:2074)
        at oracle.sql.ConverterArchive.readObj(ConverterArchive.java:398)
        at
oracle.sql.converter.CharacterConverterJDBC.getInstance(CharacterConv
erterJDBC.java:143)
        at
oracle.sql.converter.CharacterConverterFactoryJDBC.make(CharacterConv
erterFactoryJDBC.java:45)
        at
oracle.sql.CharacterSetWithConverter.getInstance(CharacterSetWithConv
erter.java:95)
        at
oracle.sql.CharacterSetFactoryThin.make(CharacterSetFactoryThin.java:
126)
        at oracle.sql.CharacterSet.make(CharacterSet.java:448)
        at oracle.jdbc.driver.DBConversion.init(DBConversion.java:150)
        at oracle.jdbc.driver.DBConversion.<init>(DBConversion.java:111)
        at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1007)
        at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:292)
        at
oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:
508)
        at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:203)
        at
oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtensio
n.java:33)
        at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:510)
        at
oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSou
rce.java:275)
        at
oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java
:206)
        at edu.utmb.CPC.data.DAOUtil.getConnection(Unknown Source)
        at edu.utmb.CPC.logging.LogDAO.createLog(Unknown Source)
        at edu.utmb.CPC.logging.DBLogger.db(Unknown Source)
        at org.apache.jsp.CPC.Default_jsp._jspService(Default_jsp.java:90)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
.java:377)
        at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:3
13)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269
)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
        at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:3
01)
        at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.
java:162)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:283)
        at
org.apache.catalina.core.ApplicationFilterChain.access$000(Applicatio
nFilterChain.java:56)
        at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilt
erChain.java:189)
        at java.security.AccessController.doPrivileged(Native Method)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:185)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:233)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:191)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:465)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:127)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:102)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:109)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:298)
        at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:852)
        at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ss(Http11Protocol.java:588)
        at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:48
9)
        at java.lang.Thread.run(Thread.java:619)



Apr 26, 2010 12:46:35 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet jsp threw exception
java.lang.ArrayIndexOutOfBoundsException: -1
    at
oracle.jdbc.driver.T4CTTIoauthenticate.setSessionFields(T4CTTIoauthenticate.java:942)
    at
oracle.jdbc.driver.T4CTTIoauthenticate.<init>(T4CTTIoauthenticate.java:221)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:358)
    at
oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:508)
    at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:203)
    at
oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:510)
    at
oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:275)
    at
oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:206)
    at edu.utmb.CPC.data.DAOUtil.getConnection(Unknown Source)
    at edu.utmb.CPC.logging.LogDAO.createLog(Unknown Source)
    at edu.utmb.CPC.logging.DBLogger.db(Unknown Source)
    at org.apache.jsp.CPC.Default_jsp._jspService(Default_jsp.java:90)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
    at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
    at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
    at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
    at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
    at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
    at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
    at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
    at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Thread.java:619)


However, once I added the policy and restarted the error went away.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 49178] Running tomcat/6.0.26 with security manager generates ORACLE jdbc error

Reply via email to