Please note that this is not a bug in _any_ case but might also be an _explicitly_ thrown Exception in Tomcats WebAppClassLoader!
What happens: The Servlet specification says that a servlet container must not allow web applications to overwrite 'system classes'. Please check the according comment in tomcats WebAppClassLoader. http://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java where you will find the following: // (0.2) Try loading the class with the system class loader, to prevent // the webapp from overriding J2SE classes Please make sure that your workaround doesn't open this security hole. LieGrue, strub ----- Original Message ----- > From: Romain Manni-Bucau <[email protected]> > To: [email protected] > Cc: > Sent: Sunday, July 1, 2012 7:42 PM > Subject: Re: Fwd: svn commit: r1355952 - in > /openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina: > LazyStopWebappClassLoader.java TomEEClassLoaderHelper.java > TomEEWebappLoader.java > > it could be but Tomcat cannot be extended in a simple way to do it > (typically it needs to redefine a WebappClassLoader. A note on it is JSF > API contains implementation (i know it sounds stupid and it is probably but > that's the fact today) so it should be provided with the implementation. > > Regarding hibernate i hope so but still didnt take time to check (if you > can test it from a snapshot you'll save me some time ;)). However that's > clearly the goal. > > - Romain > > > 2012/7/1 Enrico Olivelli <[email protected]> > >> So with this modification I will be able to deploy my hibernate >> implementation in the webapp without the need for the sysadmin to add >> hibernate to tomee/lib ? >> >> Another thing....I see that Tomcat "discards" forbidden JARS from > the >> webapp classloader, for example if you include servlet-api.jar in your >> webapp then Tomcat does not add it to the webapp classloader. >> Yesterday we said that I had not to include jpa API jas in my webapp, >> would it be useful to skip every API jars from beeing loaded from the >> webapp classloader ? >> >> >> Enrico >> >> >> >> >> Il 01/07/2012 18:57, Romain Manni-Bucau ha scritto: >> >> Hi, >>> >>> added org.apache.tomee.catalina.**TomEEClassLoaderHelper#** >>> tomEEWebappIntegrationLibrarie**s, >>> the goal is to be able to enrich the webappclassloader with some of our >>> jars. >>> >>> The idea was to be able to let the users provide implementation in the >>> webapp without having to know too much about us. Typically our JPA and > JSF >>> integrations are good examples. >>> >>> For JPA (the simpler ;)) and hibernate today the JtaPlatform (or > manager >>> lookup) needs to be added in the webapp since our class is not laodable >>> from common classloader. >>> >>> With this enrichment the webapp get automatically this jar and it works >>> fine. It still work if hibernate is in common lib since we still > provide >>> it. >>> >>> I think it'll help us too to be able to support a bit more mojarra > as JSF >>> implementation. >>> >>> /me hopes it doesn't break something i didn't think of >>> >>> - Romain >>> >>> >>> ---------- Forwarded message ---------- >>> From: <[email protected]> >>> Date: 2012/7/1 >>> Subject: svn commit: r1355952 - in >>> /openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina: >>> LazyStopWebappClassLoader.java TomEEClassLoaderHelper.java >>> TomEEWebappLoader.java >>> To: [email protected] >>> >>> >>> Author: rmannibucau >>> Date: Sun Jul 1 16:53:09 2012 >>> New Revision: 1355952 >>> >>> URL: > http://svn.apache.org/viewvc?**rev=1355952&view=rev<http://svn.apache.org/viewvc?rev=1355952&view=rev> >>> Log: >>> TOMEE-261 enriching webapp classloaders with jpa integration and jsf > jars >>> >>> Added: >>> >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**TomEEClassLoaderHelper.java >>> Modified: >>> >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**LazyStopWebappClassLoader.java >>> >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**TomEEWebappLoader.java >>> >>> Modified: >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**LazyStopWebappClassLoader.java >>> URL: >>> http://svn.apache.org/viewvc/**openejb/trunk/openejb/tomee/** >>> tomee-catalina/src/main/java/**org/apache/tomee/catalina/** >>> LazyStopWebappClassLoader.**java?rev=1355952&r1=1355951&** >>> > r2=1355952&view=diff<http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/LazyStopWebappClassLoader.java?rev=1355952&r1=1355951&r2=1355952&view=diff> >>> ==============================**==============================** >>> ================== >>> --- >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**LazyStopWebappClassLoader.java >>> (original) >>> +++ >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**LazyStopWebappClassLoader.java >>> Sun Jul 1 16:53:09 2012 >>> @@ -20,6 +20,8 @@ import org.apache.catalina.**LifecycleExce >>> import org.apache.catalina.loader.**WebappClassLoader; >>> import org.apache.openejb.loader.**SystemInstance; >>> >>> +import java.net.URL; >>> + >>> public class LazyStopWebappClassLoader extends WebappClassLoader { >>> public static final String TOMEE_WEBAPP_FIRST = >>> "tomee.webapp-first"; >>> >>> @@ -59,4 +61,17 @@ public class LazyStopWebappClassLoader e >>> public boolean isRestarting() { >>> return restarting; >>> } >>> + >>> + // embeddeding implementation of sthg (JPA, JSF) can lead to >>> classloading issues if we don't enrich the webapp >>> + // with our integration jars >>> + // typically the class will try to be loaded by the common >>> classloader >>> + // but the interface implemented or the parent class >>> + // will be in the webapp >>> + @Override >>> + public void start() throws LifecycleException { >>> + for (URL url : >>> TomEEClassLoaderHelper.**tomEEWebappIntegrationLibrarie**s()) { >>> + addURL(url); >>> + } >>> + super.start(); >>> + } >>> } >>> >>> Added: >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**TomEEClassLoaderHelper.java >>> URL: >>> http://svn.apache.org/viewvc/**openejb/trunk/openejb/tomee/** >>> tomee-catalina/src/main/java/**org/apache/tomee/catalina/** >>> > TomEEClassLoaderHelper.java?**rev=1355952&view=auto<http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEEClassLoaderHelper.java?rev=1355952&view=auto> >>> ==============================**==============================** >>> ================== >>> --- >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**TomEEClassLoaderHelper.java >>> (added) >>> +++ >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**TomEEClassLoaderHelper.java >>> Sun Jul 1 16:53:09 2012 >>> @@ -0,0 +1,66 @@ >>> +package org.apache.tomee.catalina; >>> + >>> +import org.apache.openejb.OpenEJB; >>> +import org.apache.openejb.loader.**SystemInstance; >>> + >>> +import java.net.URL; >>> +import java.util.ArrayList; >>> +import java.util.Arrays; >>> +import java.util.Collection; >>> + >>> +public final class TomEEClassLoaderHelper { >>> + public static final String > TOMEE_WEBAPP_CLASSLOADER_**ENRICHMENT_SKIP >>> = >>> "tomee.webapp.classloader.**enrichment.skip"; >>> + public static final String TOMEE_WEBAPP_CLASSLOADER_**ENRICHMENT = >>> "tomee.webapp.classloader.**enrichment"; >>> + >>> + private static final String[] DEFAULT_JAR_TO_ADD_CLASS_**HELPERS = >>> new >>> String[] { >>> + // openejb-jsf and openwebbeans-jsf to be able to embedded >>> the >>> jsf impl keeping CDI features >>> + > "org.apache.openejb.jsf.**CustomApplicationFactory", >>> + > "org.apache.webbeans.jsf.**OwbApplicationFactory", >>> + >>> + // JPA integration: mainly JTA integration >>> + > "org.apache.openejb.jpa.**integration.MakeTxLookup" >>> + }; >>> + private static final String[] JAR_TO_ADD_CLASS_HELPERS; >>> + >>> + static { >>> + final Collection<String> classes = new > ArrayList<String>(); >>> + if >>> (!SystemInstance.get().**getOptions().get(TOMEE_WEBAPP_** >>> CLASSLOADER_ENRICHMENT_SKIP, >>> false)) { >>> + >>> classes.addAll(Arrays.asList(**DEFAULT_JAR_TO_ADD_CLASS_**HELPERS)); >>> + >>> + final String additionalEnrichments = >>> SystemInstance.get().**getOptions().get(TOMEE_WEBAPP_** >>> CLASSLOADER_ENRICHMENT, >>> ""); >>> + if (additionalEnrichments != null && >>> !additionalEnrichments.**isEmpty()) { >>> + for (String name : > additionalEnrichments.split(",**")) { >>> + classes.add(name.trim()); >>> + } >>> + } >>> + } >>> + JAR_TO_ADD_CLASS_HELPERS = classes.toArray(new >>> String[classes.size()]); >>> + } >>> + >>> + private TomEEClassLoaderHelper() { >>> + // no-op >>> + } >>> + >>> + public static URL[] tomEEWebappIntegrationLibrarie**s() { >>> + final ClassLoader cl = >>> TomEEClassLoaderHelper.class.**getClassLoader(); // reference >>> classloader = >>> standardclassloader >>> + final Collection<URL> urls = new ArrayList<URL>(); >>> + for (String name : JAR_TO_ADD_CLASS_HELPERS) { >>> + try { >>> + final Class<?> clazz = cl.loadClass(name); >>> + if >>> (!clazz.getClassLoader().**equals(OpenEJB.class.**getClassLoader())) { > // >>> already provided? >>> + continue; >>> + } >>> + >>> + final URL url = >>> clazz.getProtectionDomain().**getCodeSource().getLocation(); >>> + if (url == null) { >>> + continue; >>> + } >>> + >>> + urls.add(url); >>> + } catch (Exception e) { >>> + // ignore >>> + } >>> + } >>> + return urls.toArray(new URL[urls.size()]); >>> + } >>> +} >>> >>> Modified: >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**TomEEWebappLoader.java >>> URL: >>> http://svn.apache.org/viewvc/**openejb/trunk/openejb/tomee/** >>> tomee-catalina/src/main/java/**org/apache/tomee/catalina/** >>> > TomEEWebappLoader.java?rev=**1355952&r1=1355951&r2=1355952&**view=diff<http://svn.apache.org/viewvc/openejb/trunk/openejb/tomee/tomee-catalina/src/main/java/org/apache/tomee/catalina/TomEEWebappLoader.java?rev=1355952&r1=1355951&r2=1355952&view=diff> >>> ==============================**==============================** >>> ================== >>> --- >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**TomEEWebappLoader.java >>> (original) >>> +++ >>> openejb/trunk/openejb/tomee/**tomee-catalina/src/main/java/** >>> org/apache/tomee/catalina/**TomEEWebappLoader.java >>> Sun Jul 1 16:53:09 2012 >>> @@ -126,12 +126,24 @@ public class TomEEWebappLoader extends W >>> private final HashMap<Class, Object> components = new >>> HashMap<Class, Object>(); >>> >>> public TomEEClassLoader(final String appId, final ClassLoader >>> appCl, final WebappClassLoader webappCl) { >>> - super(webappCl.getURLs(), webappCl); // in fact this >>> classloader = webappclassloader since we add nothing to this >>> + super(enrichedUrls(webappCl.**getURLs()), webappCl); // in >>> fact >>> this classloader = webappclassloader since we add nothing to this >>> this.appPath = appId; >>> this.app = appCl; // only used to manage resources since >>> webapp.getParent() should be app >>> this.webapp = webappCl; >>> } >>> >>> + private static URL[] enrichedUrls(final URL[] urLs) { >>> + final URL[] additional = >>> TomEEClassLoaderHelper.**tomEEWebappIntegrationLibrarie**s(); >>> + final URL[] urls = new URL[urLs.length + > additional.length]; >>> + for (int i = 0; i < urLs.length; i++) { >>> + urls[i] = urLs[i]; >>> + } >>> + for (int i = 0; i < additional.length; i++) { >>> + urls[urLs.length + i] = additional[i]; >>> + } >>> + return urls; >>> + } >>> + >>> public <T> T getComponent(final Class<T> type) { >>> return (T) components.get(type); >>> } >>> >>> >> >> >
