-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
I'm trying to run Tomcat with a SecurityManager and I'm having a few
problems.
Debian Linux
Tomcat 6.0.26
Sun Java 1.6.0_12 Server VM
I'm using CATALINA_BASE to run Tomcat from a different place than
CATALINA_HOME. I've been doing this for years, so I think I have a
handle on that part. ;)
I'm using ant scripts to start Tomcat, but ultimately they call
catalina.sh with the following environment:
[echo] JAVA_HOME is /usr
[echo] JAVA_OPTS is -Xmx64M
[echo] CATALINA_HOME is /usr/local/apache-tomcat-6.0.26
[echo] CATALINA_BASE is /home/cschultz/.webapps/diagnosis/8215
[echo] CATALINA_OPTS is
- -Djava.library.path=/usr/local/apache-tomcat-6.0.26/server/lib
[echo] security-option is -security
That last message means that we're calling catalina.sh like this:
CATALINA_HOME/bin/catalina.sh start -security
With no CATALINA_BASE/conf/catalina.policy file, I get this error:
Exception in thread "main" java.lang.ExceptionInInitializerError
at
org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171)
at
org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243)
at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298)
at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55)
Caused by: java.security.AccessControlException: access denied
(java.util.PropertyPermission java.util.logging.config.class read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at
java.security.AccessController.checkPermission(AccessController.java:546)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
at java.lang.System.getProperty(System.java:652)
at
org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43)
... 4 more
Could not find the main class: org.apache.catalina.startup.Bootstrap.
Program will exit.
If I copy the stock catalina.policy file from CATALINA_HOME/conf to
CATALINA_BASE/conf, I get further (see below). Would it be possible to
have catalina.sh detect the location of catalina.policy from
CATALINA_BASE (preferred) or CATALINA_HOME (fallback)? Perhaps it's
silly to use a system-wide catalina.policy file, but it's a bit
confusing to see that the Bootstrap class isn't found when you try to
start up Tomcat with a security manager and don't know that copying
catalina.policy is a prerequisite.
The Security Manager HOWTO does specifically say that
CATALINA_BASE/conf/catalina.policy contains the policy, but it might be
nice to check in catalina.sh to see if such a policy exists when invoked
with "-security". I'd be happy to write a patch that provides this check.
Anyhow, when the Security Manager is enabled, I get this exception
during startup (apologies for the lengthy stack trace):
SEVERE: Error configuring application listener of class
org.childhealthcare.diagnosis.servlet.CommonsLoggingListener
java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: org.apache.commons.logging.LogConfigurationException:
User-specified log class 'org.apache.commons.logging.impl.Log4JLogger'
cannot be found or is not useable.
at
org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:874)
at
org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:604)
at
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:336)
at
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:310)
at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:685)
at
org.childhealthcare.diagnosis.servlet.CommonsLoggingListener.<clinit>(CommonsLoggingListener.java:19)
... 33 more
Mar 19, 2010 2:43:11 PM org.apache.catalina.core.StandardContext
listenerStart
SEVERE: Error configuring application listener of class
org.childhealthcare.diagnosis.servlet.ContextParamListener
java.lang.ExceptionInInitializerError
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: org.apache.commons.logging.LogConfigurationException:
User-specified log class 'org.apache.commons.logging.impl.Log4JLogger'
cannot be found or is not useable.
at
org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:874)
at
org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:604)
at
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:336)
at
org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:310)
at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:685)
at
org.childhealthcare.diagnosis.servlet.ContextParamListener.<clinit>(ContextParamListener.java:24)
... 33 more
Mar 19, 2010 2:43:11 PM org.apache.catalina.core.StandardContext
listenerStart
SEVERE: Error configuring application listener of class
org.childhealthcare.diagnosis.servlet.InitListener
java.lang.NoClassDefFoundError: Could not initialize class
org.apache.log4j.LogManager
at org.apache.log4j.Logger.getLogger(Logger.java:118)
at
org.childhealthcare.diagnosis.servlet.InitListener.<init>(InitListener.java:40)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Mar 19, 2010 2:43:11 PM org.apache.catalina.core.StandardContext
listenerStart
SEVERE: Error configuring application listener of class
org.childhealthcare.diagnosis.servlet.SessionAttributeListener
java.lang.NoClassDefFoundError: Could not initialize class
org.apache.log4j.LogManager
at org.apache.log4j.Logger.getLogger(Logger.java:118)
at
org.childhealthcare.diagnosis.servlet.SessionAttributeListener.<clinit>(SessionAttributeListener.java:20)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
=============== END OF STARTUP LOG ============
Tomcat then realizes that something is wrong and decides to stop itself
due to "previous errors" and shuts things down. It fails trying to
de-register the JDBC driver with this exception:
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at
java.security.AccessController.checkPermission(AccessController.java:546)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.Class.getClassLoader(Class.java:594)
at
org.apache.catalina.loader.JdbcLeakPrevention.clearJdbcDriverRegistrations(JdbcLeakPrevention.java:49)
... 35 more
So, it looks like there are actually two startup exceptions:
1. org.apache.commons.logging.LogConfigurationException: User-specified
log class 'org.apache.commons.logging.impl.Log4JLogger' cannot be found
or is not useable.
and
2. java.lang.NoClassDefFoundError: Could not initialize class
org.apache.log4j.LogManager
Both exceptions occur during execution of my own code. Here is the full
class for CommonsLoggingListener.java:
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* A listener to initialize commons-logging.
*
* @author Chris Schultz
* @version $Revision: 1.1 $ $Date: 2008-05-27 21:12:21 $
*/
public class CommonsLoggingListener
implements ServletContextListener
{
private static final Log log =
LogFactory.getLog(CommonsLoggingListener.class);
public void contextInitialized(ServletContextEvent e)
{
log.info("Initializing commons-logging");
}
/**
* Releases Loggers bound to the current ClassLoader.
*
* See
http://www.nabble.com/Undeploying-problem-with-Tomcat-5.5-and-Log4J-to8142921.html#a8149142
*/
public void contextDestroyed(ServletContextEvent e)
{
log.info("Cleaning logs bound to webapp ClassLoader");
LogFactory.release(Thread.currentThread().getContextClassLoader());
}
}
In the InitListener.java class, I basically just try to create a log4j
logger like this:
Logger.getLogger(className)
In both of these situations, Tomcat ought to be able to load the classes
required.
The only changes to the main Tomcat installation are that I copied my
JDBC driver .jar file into CATALINA_HOME/lib. log4j.jar exists only in
WEB-INF/lib/log4j-1.2.15.jar.
The commons-logging library exists only in
WEB-INF/lib/commons-logging-1.1.1.jar
I have no logging.properties in CATALINA_BASE/conf
It almost seems like the wrong ClassLoader is being used to run my
context listeners.
Am I missing something, here?
Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkujy3EACgkQ9CaO5/Lv0PAc0wCfZUO/38cd9A0U3HpunNSTnMu7
qx4AnjitZb4/6bzBB7KIR1lNWTvCwtes
=tmvN
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
