where are your classes? if you put them in server/lib or server/classes and not in your webapp, do you still get the error?
Filip ----- Original Message ----- From: "Viktor Matic" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Wednesday, May 19, 2004 11:04 AM Subject: Re: java.lang.ClassCircularityError On Wed, 2004-05-19 at 17:23, Jeanfrancois Arcand wrote: > > > Well, take a look at org.apache.catalina.security.SecurityUtil. I am > setting the Subject/AccessControlContext there. I think that might cause > your problem, but I need more info ;-). AnybodyPrincipal is trying to do > what? > > -- Jeanfrancois Thanks for fast replay. I'll check org.apache.catalina.security.SecurityUtil. Problem is manifested in line 65 of class SimpeGroup and this line checks is group member instance of AnybodyPrincipal isMember = (member instanceof com.ingemark.security.AnybodyPrincipal) The AnybodyPrincipal is a simple class which returns true if it is compared to any real principal. But I think that real problem is not in implementation of this class than more likely in the class loader which tests permissions to read this particular class. For example if I comment out line 65 (which is not crucial for this test) and try it again ClassCircularityError arise on different place, as it can be seen in the following error stack dump: java.lang.ClassCircularityError: com/ingemark/experiments/PermissionName$NameLengthComparator com.ingemark.experiments.NamespacePermissionCollection.<init>(NamespacePermissionCollection.java:22) com.ingemark.experiments.NamespacePermission.newPermissionCollection(NamespacePermission.java:66) java.security.Permissions.getPermissionCollection(Permissions.java:245) java.security.Permissions.add(Permissions.java:110) com.ingemark.security.PolicyEntry.getPermissions(PolicyEntry.java:50) com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:73) com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95) java.security.Policy.implies(Policy.java:397) java.security.ProtectionDomain.implies(ProtectionDomain.java:189) java.security.AccessControlContext.checkPermission(AccessControlContext.java:254) java.security.AccessController.checkPermission(AccessController.java:401) java.lang.SecurityManager.checkPermission(SecurityManager.java:524) java.lang.SecurityManager.checkRead(SecurityManager.java:863) java.io.File.exists(File.java:678) org.apache.naming.resources.FileDirContext.file(FileDirContext.java:826) org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:208) org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:287) org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1707) org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1575) org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:860) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1307) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1189) java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) com.ingemark.experiments.NamespacePermissionCollection.<init>(NamespacePermissionCollection.java:22) com.ingemark.experiments.NamespacePermission.newPermissionCollection(NamespacePermission.java:66) java.security.Permissions.getPermissionCollection(Permissions.java:245) java.security.Permissions.add(Permissions.java:110) com.ingemark.security.PolicyEntry.getPermissions(PolicyEntry.java:50) com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:73) com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95) java.security.Policy.implies(Policy.java:397) java.security.ProtectionDomain.implies(ProtectionDomain.java:189) java.security.AccessControlContext.checkPermission(AccessControlContext.java:254) java.security.AccessController.checkPermission(AccessController.java:401) com.ingemark.experiments.ServletSec$SecuredActions.run(ServletSec.java:207) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:437) com.ingemark.experiments.ServletSec.service(ServletSec.java:181) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:241) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:500) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:263) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157) This time execution breaks on different place but in a same conditions catalina class loader tries to load the class (com/ingemark/experiments/PermissionName$NameLengthComparator) and loops there checking read permission. Here is peace of servlet code which triggers this behavior .. /*This line is in servlet service method*/ Subject.doAsPrivileged(subject, new SecuredActions(), null ); .. /*this is inner class of servlet class*/ static class SecuredActions implements PrivilegedAction { public Object run() { log.info( "Subject within Secured action:" + Subject.getSubject( AccessController.getContext() ) ); log.info( "Check subject with action="+action + " and target=" + target); Permission p = new NamespacePermission( target, action ); AccessController.checkPermission( p ); /* <--- this line triggers error ServletSec.java:207 */ log.info( "User has permission to execute action" ); return null; } } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]