too complex and issue currently to restart without SecurityManager. May be able to do overnight. Other dependent apps need to be up during the day
Warren
On Wednesday, October 23, 2002, at 04:19 PM, Jean-Francois Arcand wrote:
If you run the same code without the SecurityManager, do you get the same exception? Is the "factoryLoaderServlet" defined in your web.xml?
-- Jeanfrancois
[EMAIL PROTECTED] wrote:
thanks for the reply
my code that seems to cause the problem is as follows:
HttpSession session = request.getSession();
session.setAttribute( "customerProfile", new Profile() );
session.setAttribute( "loggedIn", new Boolean( false ) );
session.setAttribute( "customerOrder", new Order() );
RequestDispatcher dispatcher = null;
String destination = "factoryLoaderServlet";
try{
dispatcher = this.getServletContext().getNamedDispatcher( destination );
this.log( "Including destination => " + destination );
dispatcher.include( request, response );
}
catch( ServletException exception ){
//The error needs to be logged may have to redirect to page that request the user to
//return at a later time
this.log( "Servlet threw an exception when attempting to forward to " + destination, exception );
throw exception;
}
catch( IOException exception ){
//The error needs to be logged may have to redirect to page that request the user to
//return at a later time
this.log( "Servlet threw an exception when attempting to forward to " + destination, exception );
throw exception;
}
I am unwilling to get rid of the SecurityManager due to this being a public site. As can be seen by the stack trace the call to getNamedDispatcher eventually causes the ApplicationDispatcher class to be called but it is not being called from my code explictly. i have included the permission as you suggested but still get the following message in the browser (even thought the previous stack trace is not output to the catalina.out file any longer)
<p><b>root cause</b> <pre>java.lang.NoClassDefFoundError: org/apache/catalina/core/ApplicationDispatcher
at org.apache.catalina.core.ApplicationContext.getNamedDispatcher(Applica ti onContext.java:534)
at org.apache.catalina.core.ApplicationContextFacade.getNamedDispatcher(A pp licationContextFacade.java:179)
at alvolo.servlet.DispatcherServlet.initialiseSession(DispatcherServlet.j av a:280)
at alvolo.servlet.DispatcherServlet.doGet(DispatcherServlet.java:146)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appli ca tionFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFi lt erChain.java:197)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilte rC hain.java:176)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFi lt erChain.java:172)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVa lv e.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextVa lv e.java:190)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:566)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve. ja va:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2 34 3)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.ja va :180)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcher Va lve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja va :170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValv e. java:174)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline. ja va:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:429)
at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:495)
at java.lang.Thread.run(Thread.java:536)
</pre></p>
On Wednesday, October 23, 2002, at 04:02 PM, Jean-Francois Arcand wrote:
Is alvolo.servlet.DispatcherServlet.initialiseSession try to get access to org.apache.catalina.core.ApplicationDispatcher ? That's the normal behaviour if your answer is yes. Tomcat internal classes are protected against package access/insertion. If you really want to use that class, add to your catalina.policy file the following under
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
[...]
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.core.*";
}
or do not use the SecurityManager.
*But* remember you are opening the Tomcat core classes to all web applications, and this is potentially a *security risk*. Also, your application is not portable across different Servlet Container when doing that.
-- Jeanfrancois
[EMAIL PROTECTED] wrote:
I have the following exception thrown when attempting to access tomcat app resources
WarpEngine[Apache - Tomcat4]: Mapping request
Security Violation, attempt to use Restricted Class: org.apache.catalina.core.ApplicationDispatcher
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.core)
at java.security.AccessControlContext.checkPermission(AccessControlCont ex t. java:270)
at java.security.AccessController.checkPermission(AccessController.java :4 01 )
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:15 13 )
at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardCla ss Lo ader.java:1056)
at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardCla ss Lo ader.java:992)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:322)
at org.apache.catalina.core.ApplicationContext.getNamedDispatcher(Appli ca ti onContext.java:534)
at org.apache.catalina.core.ApplicationContextFacade.getNamedDispatcher (A pp licationContextFacade.java:179)
at alvolo.servlet.DispatcherServlet.initialiseSession(DispatcherServlet .j av a:280)
at alvolo.servlet.DispatcherServlet.doGet(DispatcherServlet.java:146)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(App li ca tionFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.access$0(Application Fi lt erChain.java:197)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFil te rC hain.java:176)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(Application Fi lt erChain.java:172)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapper Va lv e.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipelin e. ja va:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.ja va :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943 )
at org.apache.catalina.core.StandardContextValve.invoke(StandardContext Va lv e.java:190)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipelin e. ja va:566)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValv e. ja va:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipelin e. ja va:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.ja va :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943 )
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java :2 34 3)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve. ja va :180)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipelin e. ja va:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatch er Va lve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipelin e. ja va:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve. ja va :170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipelin e. ja va:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.ja va :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943 )
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVa lv e. java:174)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipelin e. ja va:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.ja va :4 72)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943 )
at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:42 9)
at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:495)
at java.lang.Thread.run(Thread.java:536)
StandardClassLoader: Security Violation, attempt to use Restricted Class: org.apache.catalina.core.ApplicationDispatcher
Does anybody have any suggestions as to how to attack this issue
Kind regards
Warren
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
-- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
