Viktor Matic wrote:
We are getting java.lang.ClassCircularityError on the Tomcat 5.0.x (we
have tested the same code on a following releases 5.0.18, 5.0.19 and
5.0.24). The java source code, which we have used for the testing
purposes, consists of the servlet which use our custom implementation of
the java.security.Policy to test user rights to execute action.
This code pass JUnit tests and works fine if it is called isolated out
of the Tomcat (called through class with the main method). It also works
fine on Tomcat 4.1.30.
Since improvement list for Tomcat 5.0.x states that Security Manager
support is enhanced from 4.1.x release maybe there is something we are
missing to implement or maybe there is a new bug in the catalina class
loader when it is used with java.security.manager. It is important to
state that out application sets our policy (Policy.setPolicy(new
OurPolicy())). We are pretty sure that we have configured Tomcat
properly because everything works fine on older Tomcat.
Well, take a look at org.apache.catalina.security.SecurityUtil. I am
setting the Subject/AccessControlContext there. I think that might cause
your problem, but I need more info ;-). AnybodyPrincipal is trying to do
what?
-- Jeanfrancois
Here is error stack trace:
root cause:
java.lang.ClassCircularityError: com/ingemark/security/AnybodyPrincipal
com.ingemark.security.SimpleGroup.isMember(SimpleGroup.java:65)
com.ingemark.security.NestableGroup.isMember(NestableGroup.java:89)
com.ingemark.security.PolicyEntry.contains(PolicyEntry.java:67)
com.ingemark.security.PolicyEntry.implies(PolicyEntry.java:105)
com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:72)
com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95)
java.security.Policy.implies(Policy.java:397)
java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:254)
java.security.AccessController.checkPermission(AccessController.java:401)
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
java.lang.SecurityManager.checkRead(SecurityManager.java:863)
java.io.File.exists(File.java:678)
org.apache.naming.resources.FileDirContext.file(FileDirContext.java:826)
org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:208)
org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:287)
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1707)
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1575)
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:860)
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1307)
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1189)
java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
com.ingemark.security.SimpleGroup.isMember(SimpleGroup.java:65)
com.ingemark.security.NestableGroup.isMember(NestableGroup.java:89)
com.ingemark.security.PolicyEntry.contains(PolicyEntry.java:67)
com.ingemark.security.PolicyEntry.implies(PolicyEntry.java:105)
com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:72)
com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95)
java.security.Policy.implies(Policy.java:397)
java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:254)
java.security.AccessController.checkPermission(AccessController.java:401)
com.ingemark.experiments.ServletSec$SecuredActions.run(ServletSec.java:207)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:437)
com.ingemark.experiments.ServletSec.service(ServletSec.java:181)
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:241)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:263)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
I will be happy to present this problem in more details if somebody can
recognize familiar topic in this post.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
