https://bz.apache.org/bugzilla/show_bug.cgi?id=58125
Bug ID: 58125
Summary: java.lang.ClassCircularityError can occur if Tomcat is
run with a Java Security Manager
Product: Tomcat 8
Version: 8.0.24
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: richard.ev...@blueallegro.net
Tomcat 8.0.24, Java 1.8u45.
Run Tomcat is run with a Java security manager, and a ppolicy file containing a
grant to a principal class, as in:
grant principal javax.management.remote.JMXPrincipal "jmx" {
permission java.security.AllPermission;
};
On a thread with an implied Subject containing at least one Principal, perform
an action which requires a Java permission check. The Java Policy file
implementation will attempt to load the principal class from the policy file.
The tomcat WebAppClassLoaderBase.loadClass method will check for a system class
using getResource on the system loader. This will in turn trigger another
permission check which will then attempt to load the principal class again,
triggering the ClassCircularityError.
Here's a stack trace extract showing the error:
Class.forName(String, boolean, ClassLoader) line: 348
PolicyFile.addPermissions(Permissions, CodeSource, Principal[],
PolicyFile$PolicyEntry) line: 1357
PolicyFile.getPermissions(Permissions, CodeSource, Principal[]) line: 1228
PolicyFile.getPermissions(Permissions, ProtectionDomain) line: 1191
PolicyFile.getPermissions(ProtectionDomain) line: 1132
PolicyFile.implies(ProtectionDomain, Permission) line: 1086
ProtectionDomain.implies(Permission) line: 272
AccessControlContext.checkPermission(Permission) line: 435
AccessController.checkPermission(Permission) line: 884
SecurityManager.checkPermission(Permission) line: 549
URLClassPath.check(URL) line: 607
URLClassPath$JarLoader.checkResource(String, boolean, JarEntry) line: 924
URLClassPath$JarLoader.getResource(String, boolean) line: 1007
URLClassPath.getResource(String, boolean) line: 212
URLClassPath.getResource(String) line: 265
ClassLoader.getBootstrapResource(String) line: 1261
Launcher$ExtClassLoader(ClassLoader).getResource(String) line: 1090
WebappClassLoader(WebappClassLoaderBase).loadClass(String, boolean) line: 1230
WebappClassLoader(WebappClassLoaderBase).loadClass(String) line: 1164
Class.forName0(String, boolean, ClassLoader, Class) line: not available
[native method]
Class.forName(String, boolean, ClassLoader) line: 348
PolicyFile.addPermissions(Permissions, CodeSource, Principal[],
PolicyFile$PolicyEntry) line: 1357
PolicyFile.getPermissions(Permissions, CodeSource, Principal[]) line: 1228
PolicyFile.getPermissions(Permissions, ProtectionDomain) line: 1191
PolicyFile.getPermissions(ProtectionDomain) line: 1132
PolicyFile.implies(ProtectionDomain, Permission) line: 1086
ProtectionDomain.implies(Permission) line: 272
AccessControlContext.checkPermission(Permission) line: 435
AccessController.checkPermission(Permission) line: 884
SecurityManager.checkPermission(Permission) line: 549
SecurityManager.checkRead(String) line: 888
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org