As suggested, the problem was the security manager: Most of our login related classes are the CATALINA_BASE/lib folder. So uncommenting this lines in the catalina.policy files fix the problem:
// If using a per instance lib directory, i.e. ${catalina.base}/lib, // then the following permission will need to be uncommented grant codeBase "file:${catalina.base}/lib/-" { permission java.security.AllPermission; }; Thanks to Konstantin Kolinko for the quick hint! PS: Why the exception is not clear enough?? -----Original Message----- From: Guillermo GARCIA OCHOA [mailto:guillermo.garcia-oc...@inova-software.com] Sent: vendredi 20 janvier 2012 13:11 To: Tomcat Users List Subject: RE: Tomcat 7 - java.lang.NoClassDefFoundError: Could not initialize class javax.servlet.http.Cookie Answers inline ... -----Original Message----- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: vendredi 20 janvier 2012 13:06 To: Tomcat Users List Subject: Re: Tomcat 7 - java.lang.NoClassDefFoundError: Could not initialize class javax.servlet.http.Cookie 2012/1/20 Guillermo GARCIA OCHOA <guillermo.garcia-oc...@inova-software.com>: > I have an application that use j_security for a form-based authentication. > When the application is deployed for the first time (or the tomcat is > restarted) user gets this exception when trying access a protected content > directly (without login). > > GRAVE: Servlet.service() for servlet [default] in context with path > [/mycontext] threw exception [Could not initialize class > javax.servlet.http.Cookie] with root cause > > java.lang.NoClassDefFoundError: Could not initialize class > javax.servlet.http.Cookie > > at > org.apache.catalina.core.ApplicationSessionCookieConfig.createSessionC > ookie(ApplicationSessionCookieConfig.java:127) > > at > org.apache.catalina.connector.Request.doGetSession(Request.java:2875) > > at > org.apache.catalina.connector.Request.getSession(Request.java:2307) > > at > org.apache.catalina.connector.RequestFacade$GetSessionPrivilegedAction > .run(RequestFacade.java:216) > > at > org.apache.catalina.connector.RequestFacade$GetSessionPrivilegedAction > .run(RequestFacade.java:205) > > at java.security.AccessController.doPrivileged(Native Method) > > at > org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.j > ava:894) > > at > org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.j > ava:909) > > at > javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletReq > uestWrapper.java:238) > > at > com.mycompany.myfilter.SaasComponentImpl.getTenantId(SaasComponentImpl > .java:284) > > The excepted behaviour is to redirect the user to the login form and when the > user logs in redirect him to the requested protected resource. > > But the weird thing is this works correctly if the first request send to the > rebooted server ask for the login form!!! It seems that after this tomcat > find and load correctly the cookie class and then all the request are handled > as expected. > > Why tomcat cannot find the Cookie class that is for sure in the > lib/servlet-api.jar? IMHO, no mmetter when this class is asked to be load for > the first time ... it should be there for any valve, servlet, filter, etc ... > I'm right? > > PS: This was working fine before the app was migrated from tomcat 6. > 1. Your exact version of Tomcat x.y.z =? ******* Tomcat 7.0.23 2. Your OS ********* Windows server 2008 3. Do you think that you are running with Java's SecurityManager enabled? [1] ******* Is enabled whit the same configurations that we used to use with tomcat 6 4. Is there anything else in the logs? ********* Nothing else I thing that the "Could not initialize class" message means that the class is found, but its initialization failed. I wonder though why it is not an instance of ExceptionInInitializerError. [1] http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org