[Bug 58124] New: Summary

2015-07-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=58124

Bug ID: 58124
   Summary: Summary
   Product: Taglibs
   Version: nightly
  Hardware: PC
Status: NEW
  Severity: blocker
  Priority: P2
 Component: Application Taglib
  Assignee: dev@tomcat.apache.org
  Reporter: hsienuni...@gmail.com

Summary

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 58124] Summary

2015-07-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=58124

Chuck Caldarale  changed:

   What|Removed |Added

 OS||All
 Resolution|--- |INVALID
 Status|NEW |RESOLVED

--- Comment #1 from Chuck Caldarale  ---
Bugzilla is not a playground.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 58125] New: java.lang.ClassCircularityError can occur if Tomcat is run with a Java Security Manager

2015-07-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=58125

Bug ID: 58125
   Summary: java.lang.ClassCircularityError can occur if Tomcat is
run with a Java Security Manager
   Product: Tomcat 8
   Version: 8.0.24
  Hardware: PC
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: richard.ev...@blueallegro.net

Tomcat 8.0.24, Java 1.8u45.

Run Tomcat is run with a Java security manager, and a ppolicy file containing a
grant to a principal class, as in:

grant principal javax.management.remote.JMXPrincipal "jmx" {
permission java.security.AllPermission;

};

On a thread with an implied Subject containing at least one Principal, perform
an action which requires a Java permission check.  The Java Policy file
implementation will attempt to load the principal class from the policy file. 
The tomcat WebAppClassLoaderBase.loadClass method will check for a system class
using getResource on the system loader.  This will in turn trigger another
permission check which will then attempt to load the principal class again,
triggering the ClassCircularityError.  

Here's a stack trace extract showing the error:

Class.forName(String, boolean, ClassLoader) line: 348
PolicyFile.addPermissions(Permissions, CodeSource, Principal[],
PolicyFile$PolicyEntry) line: 1357
PolicyFile.getPermissions(Permissions, CodeSource, Principal[]) line: 1228
PolicyFile.getPermissions(Permissions, ProtectionDomain) line: 1191
PolicyFile.getPermissions(ProtectionDomain) line: 1132
PolicyFile.implies(ProtectionDomain, Permission) line: 1086
ProtectionDomain.implies(Permission) line: 272
AccessControlContext.checkPermission(Permission) line: 435
AccessController.checkPermission(Permission) line: 884
SecurityManager.checkPermission(Permission) line: 549
URLClassPath.check(URL) line: 607
URLClassPath$JarLoader.checkResource(String, boolean, JarEntry) line: 924
URLClassPath$JarLoader.getResource(String, boolean) line: 1007
URLClassPath.getResource(String, boolean) line: 212
URLClassPath.getResource(String) line: 265
ClassLoader.getBootstrapResource(String) line: 1261
Launcher$ExtClassLoader(ClassLoader).getResource(String) line: 1090
WebappClassLoader(WebappClassLoaderBase).loadClass(String, boolean) line: 1230  
WebappClassLoader(WebappClassLoaderBase).loadClass(String) line: 1164
Class.forName0(String, boolean, ClassLoader, Class) line: not available
[native method]
Class.forName(String, boolean, ClassLoader) line: 348
PolicyFile.addPermissions(Permissions, CodeSource, Principal[],
PolicyFile$PolicyEntry) line: 1357
PolicyFile.getPermissions(Permissions, CodeSource, Principal[]) line: 1228
PolicyFile.getPermissions(Permissions, ProtectionDomain) line: 1191
PolicyFile.getPermissions(ProtectionDomain) line: 1132
PolicyFile.implies(ProtectionDomain, Permission) line: 1086
ProtectionDomain.implies(Permission) line: 272
AccessControlContext.checkPermission(Permission) line: 435
AccessController.checkPermission(Permission) line: 884
SecurityManager.checkPermission(Permission) line: 549
SecurityManager.checkRead(String) line: 888

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 58125] java.lang.ClassCircularityError can occur if Tomcat is run with a Java Security Manager

2015-07-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=58125

--- Comment #1 from Richard Evans  ---
Created attachment 32897
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=32897&action=edit
Hand crafted test case which provokes similar error

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 58125] java.lang.ClassCircularityError can occur if Tomcat is run with a Java Security Manager

2015-07-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=58125

--- Comment #2 from Richard Evans  ---
Created attachment 32898
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=32898&action=edit
Java policy file for use with test

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 58125] java.lang.ClassCircularityError can occur if Tomcat is run with a Java Security Manager

2015-07-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=58125

--- Comment #3 from Richard Evans  ---
Run test with:

$ java -Djava.security.manager -Djava.security.policy==all.policy 
rde.tests.security.perm

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org