Configuration: Solaris 2.6, Java 1.2, Tomcat 3.2.3
I have a question about how the ClassLoader works. I use a Java 1.1 style SecurityManager (doesn't use the .policy). I restrict access to files/directories and log when an unallowed access occurs. Even though I do not have user.dir in my CLASSPATH, Tomcat tries to load classes from there. So, I get exceptions like: Denied access of /usr/local/tomcat/config/mmarx/com/att/hrid/HridServlet.class from com.att.SecurityManager-> com.att.SecurityManager-> java.io.File-> sun.misc.URLClassPath$FileLoader-> sun.misc.URLClassPath-> java.net.URLClassLoader$1-> java.net.URLClassLoader-> java.lang.ClassLoader-> sun.misc.Launcher$AppClassLoader-> java.lang.ClassLoader-> org.apache.tomcat.loader.AdaptiveClassLoader-> org.apache.tomcat.loader.AdaptiveServletLoader-> org.apache.tomcat.core.ServletWrapper-> org.apache.tomcat.core.ServletWrapper-> org.apache.tomcat.core.Handler-> org.apache.tomcat.core.ServletWrapper-> org.apache.tomcat.core.ContextManager-> org.apache.tomcat.core.ContextManager-> org.apache.tomcat.service.connector.Ajp13ConnectionHandler-> org.apache.tomcat.service.TcpWorkerThread-> org.apache.tomcat.util.ThreadPool$ControlRunnable-> java.lang.Thread TOMCAT_HOME=/usr/local/tomcat Server started in /usr/local/tomcat/config/mmarx (user.dir) The class is actually in /usr/local/tomcat/config/mmarx/webapps/hrid/WEB-INF/classes/com/att/hrid /HridServlet.class Why is it looking where it's looking? Everything seems to run OK, so Tomcat does eventually find the file, but I generate A LOT of error messages, and it would seem to be a security hole. Thanks in advance Mitchell Evan Marx [EMAIL PROTECTED] AT&T IP Network Configuration & Provisioning Development -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
