We are getting java.lang.ClassCircularityError on the Tomcat 5.0.x (we have tested the same code on a following releases 5.0.18, 5.0.19 and 5.0.24). The java source code, which we have used for the testing purposes, consists of the servlet which use our custom implementation of the java.security.Policy to test user rights to execute action. This code pass JUnit tests and works fine if it is called isolated out of the Tomcat (called through class with the main method). It also works fine on Tomcat 4.1.30. Since improvement list for Tomcat 5.0.x states that Security Manager support is enhanced from 4.1.x release maybe there is something we are missing to implement or maybe there is a new bug in the catalina class loader when it is used with java.security.manager. It is important to state that out application sets our policy (Policy.setPolicy(new OurPolicy())). We are pretty sure that we have configured Tomcat properly because everything works fine on older Tomcat.
Here is error stack trace: root cause: java.lang.ClassCircularityError: com/ingemark/security/AnybodyPrincipal com.ingemark.security.SimpleGroup.isMember(SimpleGroup.java:65) com.ingemark.security.NestableGroup.isMember(NestableGroup.java:89) com.ingemark.security.PolicyEntry.contains(PolicyEntry.java:67) com.ingemark.security.PolicyEntry.implies(PolicyEntry.java:105) com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:72) com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95) java.security.Policy.implies(Policy.java:397) java.security.ProtectionDomain.implies(ProtectionDomain.java:189) java.security.AccessControlContext.checkPermission(AccessControlContext.java:254) java.security.AccessController.checkPermission(AccessController.java:401) java.lang.SecurityManager.checkPermission(SecurityManager.java:524) java.lang.SecurityManager.checkRead(SecurityManager.java:863) java.io.File.exists(File.java:678) org.apache.naming.resources.FileDirContext.file(FileDirContext.java:826) org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:208) org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:287) org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1707) org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1575) org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:860) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1307) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1189) java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) com.ingemark.security.SimpleGroup.isMember(SimpleGroup.java:65) com.ingemark.security.NestableGroup.isMember(NestableGroup.java:89) com.ingemark.security.PolicyEntry.contains(PolicyEntry.java:67) com.ingemark.security.PolicyEntry.implies(PolicyEntry.java:105) com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:72) com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95) java.security.Policy.implies(Policy.java:397) java.security.ProtectionDomain.implies(ProtectionDomain.java:189) java.security.AccessControlContext.checkPermission(AccessControlContext.java:254) java.security.AccessController.checkPermission(AccessController.java:401) com.ingemark.experiments.ServletSec$SecuredActions.run(ServletSec.java:207) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:437) com.ingemark.experiments.ServletSec.service(ServletSec.java:181) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:241) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:500) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:263) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157) I will be happy to present this problem in more details if somebody can recognize familiar topic in this post. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]