where are your classes?
if you put them in server/lib or server/classes and not in your webapp,
do you still get the error?
Filip
----- Original Message -----
From: "Viktor Matic" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Wednesday, May 19, 2004 11:04 AM
Subject: Re: java.lang.ClassCircularityError
On Wed, 2004-05-19 at 17:23, Jeanfrancois Arcand wrote:
> >
> Well, take a look at org.apache.catalina.security.SecurityUtil. I am
> setting the Subject/AccessControlContext there. I think that might cause
> your problem, but I need more info ;-). AnybodyPrincipal is trying to do
> what?
>
> -- Jeanfrancois
Thanks for fast replay.
I'll check org.apache.catalina.security.SecurityUtil.
Problem is manifested in line 65 of class SimpeGroup and this line
checks is group member instance of AnybodyPrincipal
isMember = (member instanceof com.ingemark.security.AnybodyPrincipal)
The AnybodyPrincipal is a simple class which returns true if it is
compared to any real principal. But I think that real problem is not in
implementation of this class than more likely in the class loader which
tests permissions to read this particular class. For example if I
comment out line 65 (which is not crucial for this test) and try it
again ClassCircularityError arise on different place, as it can be seen
in the following error stack dump:
java.lang.ClassCircularityError:
com/ingemark/experiments/PermissionName$NameLengthComparator
com.ingemark.experiments.NamespacePermissionCollection.<init>(NamespacePermissionCollection.java:22)
com.ingemark.experiments.NamespacePermission.newPermissionCollection(NamespacePermission.java:66)
java.security.Permissions.getPermissionCollection(Permissions.java:245)
java.security.Permissions.add(Permissions.java:110)
com.ingemark.security.PolicyEntry.getPermissions(PolicyEntry.java:50)
com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:73)
com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95)
java.security.Policy.implies(Policy.java:397)
java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:254)
java.security.AccessController.checkPermission(AccessController.java:401)
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
java.lang.SecurityManager.checkRead(SecurityManager.java:863)
java.io.File.exists(File.java:678)
org.apache.naming.resources.FileDirContext.file(FileDirContext.java:826)
org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:208)
org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:287)
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1707)
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1575)
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:860)
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1307)
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1189)
java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
com.ingemark.experiments.NamespacePermissionCollection.<init>(NamespacePermissionCollection.java:22)
com.ingemark.experiments.NamespacePermission.newPermissionCollection(NamespacePermission.java:66)
java.security.Permissions.getPermissionCollection(Permissions.java:245)
java.security.Permissions.add(Permissions.java:110)
com.ingemark.security.PolicyEntry.getPermissions(PolicyEntry.java:50)
com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:73)
com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95)
java.security.Policy.implies(Policy.java:397)
java.security.ProtectionDomain.implies(ProtectionDomain.java:189)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:254)
java.security.AccessController.checkPermission(AccessController.java:401)
com.ingemark.experiments.ServletSec$SecuredActions.run(ServletSec.java:207)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:437)
com.ingemark.experiments.ServletSec.service(ServletSec.java:181)
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:241)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:263)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
This time execution breaks on different place but in a same conditions catalina class
loader tries to load the class
(com/ingemark/experiments/PermissionName$NameLengthComparator) and loops there
checking read permission.
Here is peace of servlet code which triggers this behavior
..
/*This line is in servlet service method*/
Subject.doAsPrivileged(subject, new SecuredActions(), null );
..
/*this is inner class of servlet class*/
static class SecuredActions implements PrivilegedAction
{
public Object run()
{
log.info( "Subject within Secured action:"
+ Subject.getSubject( AccessController.getContext() ) );
log.info( "Check subject with action="+action + " and target=" + target);
Permission p = new NamespacePermission( target, action );
AccessController.checkPermission( p ); /* <--- this line triggers error
ServletSec.java:207 */
log.info( "User has permission to execute action" );
return null;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
