DO NOT REPLY [Bug 17523] - Servlet can't getSession
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17523. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17523 Servlet can't getSession [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2004-01-30 15:06 --- Thanks to Glenn Nielsen's update to org.apache.catalina.startup.SecurityClassLoad, this bug is fixed in Tomcat 4.1.28 and later. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 17523] - Servlet can't getSession
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17523. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17523 Servlet can't getSession --- Additional Comments From [EMAIL PROTECTED] 2003-12-28 08:31 --- I hit this problem too. After several hours, I realized that a workaround is to include the following in catalina.policy: // needed to overcome Tomcat bug with Coyote // http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17523 // org.apache.coyote.tomcat4.CoyoteRequest.PrivilegedGetSession Grant { permission java.lang.RuntimePermission defineClassInPackage.org.apache.coyote.tomcat4; permission java.lang.RuntimePermission defineClassInPackage.org.apache.coyote.tomcat4.*; } Hope this helps anyone else who hits this frustrating issue. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 17523] - Servlet can't getSession
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17523. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17523 Servlet can't getSession --- Additional Comments From [EMAIL PROTECTED] 2003-03-24 20:38 --- This is definitely a security-related bug. I verified this to be a problem even on Tomcat 4.1.24. The key to this is that CoyoteRequest$PrivilegedGetSession likely needs to be preloaded by the Tomcat [non-webapp] classloader. At runtime, your servlet calls getSession, and CoyoteRequest attempts to load PrivilegedGetSession w/o enough permissions. The predecessor to CoyoteRequest had the same issue so its implementation of PrivilegedGetSession got preloaded during server initialization. This bug gets masked when you access the admin webapp (for example) before accessing your untrusted servlet since the admin webapp has more runtime security permissions than your untrusted servlet. java.lang.NoClassDefFoundError: org/apache/coyote/tomcat4/CoyoteRequest$PrivilegedGetSession at org.apache.coyote.tomcat4.CoyoteRequest.getSession (CoyoteRequest.java:1728) at org.apache.coyote.tomcat4.CoyoteRequestFacade.getSession (CoyoteRequestFacade.java:365) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]