[Bug 53366] Running with SecurityManager: protected/index.jsp returns blank page when it is the first page accessed
https://issues.apache.org/bugzilla/show_bug.cgi?id=53366 --- Comment #2 from Konstantin Kolinko knst.koli...@gmail.com --- I improved logging in r1346885 Stacktrace: [[[ 06-Jun-2012 17:28:01.640 SEVERE [http-bio-8080-exec-1] org.apache.catalina.core.ApplicationContext.log jsp: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.tomcat.util.http.parser) java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.tomcat.util.http.parser) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:298) at java.lang.ClassLoader.loadClass(ClassLoader.java:295) at java.lang.ClassLoader.loadClass(ClassLoader.java:247) at org.apache.catalina.connector.Response.setContentType(Response.java:708) at org.apache.jsp.jsp.security.protected_.login_jsp._jspService(login_jsp.java:52) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:166) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:299) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:670) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:382) at org.apache.catalina.core.ApplicationDispatcher.access$000(ApplicationDispatcher.java:67) at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:102) at org.apache.catalina.core.ApplicationDispatcher$PrivilegedForward.run(ApplicationDispatcher.java:89) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301) at org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:390) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:546) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:146) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:74) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:911) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:90) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:995) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:573) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:145) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:311) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at
[Bug 53366] Running with SecurityManager: protected/index.jsp returns blank page when it is the first page accessed
https://issues.apache.org/bugzilla/show_bug.cgi?id=53366 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from Mark Thomas ma...@apache.org --- Fixed in trunk and 7.0.x and will be included in 7.0.28 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 53366] Running with SecurityManager: protected/index.jsp returns blank page when it is the first page accessed
https://issues.apache.org/bugzilla/show_bug.cgi?id=53366 --- Comment #1 from Konstantin Kolinko knst.koli...@gmail.com --- I turned on fine logging for coyote, catalina and tomcat. There are no stacktraces being printed. The first notable difference between failed run with -security and successful run without -security is that in the failed run I see FINE: loadClass(javax.servlet.jsp.SkipPageException, false) while on successful run I see no such class being loaded. The second is that on successful run I see debug messages from org.apache.tomcat.util.buf.UEncoder while on failed one I do not see them. Looking into generated Java code, login_jsp.java, I see the following block: [[[ try { response.setContentType(text/html); pageContext = _jspxFactory.getPageContext(this, request, response, null, true, 8192, true); _jspx_page_context = pageContext; application = pageContext.getServletContext(); config = pageContext.getServletConfig(); session = pageContext.getSession(); out = pageContext.getOut(); _jspx_out = out; out.write(\r\n); out.write(html\r\n); out.write(head\r\n); out.write(titleLogin Page for Examples/title\r\n); out.write(body bgcolor=\white\\r\n); out.write(form method=\POST\ action='); out.print( response.encodeURL(j_security_check) ); (...) } catch (java.lang.Throwable t) { if (!(t instanceof javax.servlet.jsp.SkipPageException)){ out = _jspx_out; if (out != null out.getBufferSize() != 0) try { out.clearBuffer(); } catch (java.io.IOException e) {} if (_jspx_page_context != null) _jspx_page_context.handlePageException(t); } } finally { _jspxFactory.releasePageContext(_jspx_page_context); } ]]] So, two conclusions: 1. The failure occurs above response.encodeURL(j_security_check) call. 2. I suspect that _jspx_page_context is null. In that case the Throwable in the catch block is silently swallowed. This effect reminds me bug 48097, https://issues.apache.org/bugzilla/show_bug.cgi?id=48097#c7 I think if (_jspx_page_context is null) we could write something to debug logging, as these issues keep occurring and seeing a stacktrace should help. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org