my code that seems to cause the problem is as follows:
HttpSession session = request.getSession();
session.setAttribute( "customerProfile", new Profile() );
session.setAttribute( "loggedIn", new Boolean( false ) );
session.setAttribute( "customerOrder", new Order() );
RequestDispatcher dispatcher = null;
String destination = "factoryLoaderServlet";
try{
dispatcher = this.getServletContext().getNamedDispatcher( destination );
this.log( "Including destination => " + destination );
dispatcher.include( request, response );
}
catch( ServletException exception ){
//The error needs to be logged may have to redirect to page that request the user to
//return at a later time
this.log( "Servlet threw an exception when attempting to forward to " + destination, exception );
throw exception;
}
catch( IOException exception ){
//The error needs to be logged may have to redirect to page that request the user to
//return at a later time
this.log( "Servlet threw an exception when attempting to forward to " + destination, exception );
throw exception;
}
I am unwilling to get rid of the SecurityManager due to this being a public site. As can be seen by the stack trace the call to getNamedDispatcher eventually causes the ApplicationDispatcher class to be called but it is not being called from my code explictly. i have included the permission as you suggested but still get the following message in the browser (even thought the previous stack trace is not output to the catalina.out file any longer)
<p><b>root cause</b> <pre>java.lang.NoClassDefFoundError: org/apache/catalina/core/ApplicationDispatcher
at org.apache.catalina.core.ApplicationContext.getNamedDispatcher(Applicati onContext.java:534)
at org.apache.catalina.core.ApplicationContextFacade.getNamedDispatcher(App licationContextFacade.java:179)
at alvolo.servlet.DispatcherServlet.initialiseSession(DispatcherServlet.jav a:280)
at alvolo.servlet.DispatcherServlet.doGet(DispatcherServlet.java:146)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilt erChain.java:197)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterC hain.java:176)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:172)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:190)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:566)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.ja va:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:234 3)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :180)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherVa lve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:174)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.ja va:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:429)
at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:495)
at java.lang.Thread.run(Thread.java:536)
</pre></p>
On Wednesday, October 23, 2002, at 04:02 PM, Jean-Francois Arcand wrote:
Is alvolo.servlet.DispatcherServlet.initialiseSession try to get access to org.apache.catalina.core.ApplicationDispatcher ? That's the normal behaviour if your answer is yes. Tomcat internal classes are protected against package access/insertion. If you really want to use that class, add to your catalina.policy file the following under
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
[...]
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.core.*";
}
or do not use the SecurityManager.
*But* remember you are opening the Tomcat core classes to all web applications, and this is potentially a *security risk*. Also, your application is not portable across different Servlet Container when doing that.
-- Jeanfrancois
[EMAIL PROTECTED] wrote:
I have the following exception thrown when attempting to access tomcat app resources
WarpEngine[Apache - Tomcat4]: Mapping request
Security Violation, attempt to use Restricted Class: org.apache.catalina.core.ApplicationDispatcher
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.core)
at java.security.AccessControlContext.checkPermission(AccessControlContex t. java:270)
at java.security.AccessController.checkPermission(AccessController.java:4 01 )
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1513 )
at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClass Lo ader.java:1056)
at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClass Lo ader.java:992)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:322)
at org.apache.catalina.core.ApplicationContext.getNamedDispatcher(Applica ti onContext.java:534)
at org.apache.catalina.core.ApplicationContextFacade.getNamedDispatcher(A pp licationContextFacade.java:179)
at alvolo.servlet.DispatcherServlet.initialiseSession(DispatcherServlet.j av a:280)
at alvolo.servlet.DispatcherServlet.doGet(DispatcherServlet.java:146)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli ca tionFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFi lt erChain.java:197)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte rC hain.java:176)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi lt erChain.java:172)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa lv e.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa lv e.java:190)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:566)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve. ja va:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2 34 3)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja va :180)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcher Va lve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja va :170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv e. java:174)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:429)
at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:495)
at java.lang.Thread.run(Thread.java:536)
StandardClassLoader: Security Violation, attempt to use Restricted Class: org.apache.catalina.core.ApplicationDispatcher
Does anybody have any suggestions as to how to attack this issue
Kind regards
Warren
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
