Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
On 8/9/21 11:33 AM, Mark Thomas wrote: The fix will be in the September releases. Thanks. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
On August 9, 2021 5:31:41 PM UTC, "James H. H. Lampert" wrote: >On 8/9/21 10:24 AM, Mark Thomas wrote: >> Future versions of Tomcat won't see this issue but if the customer is > >> prepared to update Tomcat to fix this issue then they might as well >just >> update Java (assuming that is indeed sufficient to fix this). > >Given that they currently seem to be happy as clams on their currently >installed Tomcat 7, and that we've only been updating customers to >Tomcat 8 in order to proactively deal with any security complaints that > >might come up, they can presumably wait for a Tomcat 8 that has the >relevant fix. > >And this customer is not in any particular hurry for updating >*anything* >(a trait I share). > >Any idea when a Tomcat 8 with the relevant fix might come out? The fix will be in the September releases. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: More information, Re: Tomcat 8.5.68 failing on takeoff!
> -Original Message- > From: James H. H. Lampert > Sent: Monday, August 09, 2021 12:21 PM > To: users@tomcat.apache.org > Subject: Re: More information, Re: Tomcat 8.5.68 failing on takeoff! > > On 8/6/21 9:17 AM, Konstantin Kolinko wrote: > > > Try to find what *.jar file in your system contains the above classes. > > > > E.g. searching for string "crimson" in *.jar files. > > That string will be visible in the archive file as it is a name of a > > directory. > > I've learned that QShell (a *nix-like shell that was added with Java > support) on an AS/400 does have both "find" and "grep," so it wasn't quite so > futile as I thought. > > If I go into QShell, navigate to the JVM home directory, and do a "find . - > name '*.jar'" > I get > > ./jre/lib/ppc64/compressedrefs/jclSC180/vm.jar > ./jre/lib/ppc64/default/jclSC180/vm.jar > ./jre/lib/ext/db2_classes18.jar > ./jre/lib/ext/CmpCrmf.jar > ./jre/lib/ext/IBMSecureRandom.jar > ./jre/lib/ext/cldrdata.jar > ./jre/lib/ext/dnsns.jar > ./jre/lib/ext/dtfj.jar > ./jre/lib/ext/dtfjview.jar > ./jre/lib/ext/gskikm.jar > ./jre/lib/ext/healthcenter.jar > ./jre/lib/ext/ibmcmsprovider.jar > ./jre/lib/ext/ibmjcefips.jar > ./jre/lib/ext/ibmjceplus.jar > ./jre/lib/ext/ibmjceprovider.jar > ./jre/lib/ext/ibmkeycert.jar > ./jre/lib/ext/ibmpkcs11impl.jar > ./jre/lib/ext/ibmsaslprovider.jar > ./jre/lib/ext/ibmxmlcrypto.jar > ./jre/lib/ext/ibmxmldsigprovider.jar > ./jre/lib/ext/ibmxmlencprovider.jar > ./jre/lib/ext/jaccess.jar > ./jre/lib/ext/localedata.jar > ./jre/lib/ext/nashorn.jar > ./jre/lib/ext/traceformat.jar > ./jre/lib/ext/xmlencfw.jar > ./jre/lib/ext/zipfs.jar > ./jre/lib/aggressive.jar > ./jre/lib/charsets.jar > ./jre/lib/dataaccess.jar > ./jre/lib/ddr/j9ddr.jar > ./jre/lib/deploy.jar > ./jre/lib/ibmcertpathfw.jar > ./jre/lib/ibmcertpathprovider.jar > ./jre/lib/ibmcfw.jar > ./jre/lib/ibmjcefw.jar > ./jre/lib/ibmjgssfw.jar > ./jre/lib/ibmjgssprovider.jar > ./jre/lib/ibmjssefw.jar > ./jre/lib/ibmjsseprovider2.jar > ./jre/lib/ibmorb.jar > ./jre/lib/ibmorbapi.jar > ./jre/lib/ibmpkcs.jar > ./jre/lib/ibmsaslfw.jar > ./jre/lib/javaws.jar > ./jre/lib/management-agent.jar > ./jre/lib/math.jar > ./jre/lib/plugin.jar > ./jre/lib/resources.jar > ./jre/lib/rt.jar > ./jre/lib/se-service.jar > ./jre/lib/security/US_export_policy_56bit.jar > ./jre/lib/security/local_policy_56bit.jar > ./jre/lib/security/policy/limited/US_export_policy.jar > ./jre/lib/security/policy/limited/local_policy.jar > ./jre/lib/security/policy/unlimited/US_export_policy.jar > ./jre/lib/security/policy/unlimited/local_policy.jar > ./jre/lib/tools/monitoring-api.jar > ./jre/lib/xml.jar > ./jre/lib/xmldsigfw.jar > ./IBMmisc.jar > ./lib/dt.jar > ./lib/ibmorbtools.jar > ./lib/jconsole.jar > ./lib/tools.jar > ./lib/IBMi5OSJSSE.jar > > If I do a "find . -name '*crimson*'", I get nothing. > > If I do a "find . -name '*.jar' -exec grep -l 'crimson' {} \;", I also get > nothing. > > So unless anybody else has any ideas, I'm once again stuck, at least on this > angle. > > Mark Thomas wrote: > > Tomcat 7 doesn't have JASPIC support so you'll never see this issue in > Tomcat 7. > > . . . to which I replied (seriously, rather than flippantly) "What's a > JASPIC?" > > I've finally taken a look at what JASPIC is. Interesting. If it's JASPIC > support in > Tomcat 8 that is throwing exceptions and killing manager under this particular > Java 8 JVM, is there a way to disable it, at least until the customer has > their > PTFs up to date? > > -- > JHHL > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org Check under the Tomcat webapps and lib directories.
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
On 8/9/21 10:24 AM, Mark Thomas wrote: Future versions of Tomcat won't see this issue but if the customer is prepared to update Tomcat to fix this issue then they might as well just update Java (assuming that is indeed sufficient to fix this). Given that they currently seem to be happy as clams on their currently installed Tomcat 7, and that we've only been updating customers to Tomcat 8 in order to proactively deal with any security complaints that might come up, they can presumably wait for a Tomcat 8 that has the relevant fix. And this customer is not in any particular hurry for updating *anything* (a trait I share). Any idea when a Tomcat 8 with the relevant fix might come out? -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
On 09/08/2021 19:21, James H. H. Lampert wrote: On 8/6/21 9:17 AM, Konstantin Kolinko wrote: Try to find what *.jar file in your system contains the above classes. E.g. searching for string "crimson" in *.jar files. That string will be visible in the archive file as it is a name of a directory. I've learned that QShell (a *nix-like shell that was added with Java support) on an AS/400 does have both "find" and "grep," so it wasn't quite so futile as I thought. If I go into QShell, navigate to the JVM home directory, and do a "find . -name '*.jar'" I get ./jre/lib/ppc64/compressedrefs/jclSC180/vm.jar ./jre/lib/ppc64/default/jclSC180/vm.jar ./jre/lib/ext/db2_classes18.jar ./jre/lib/ext/CmpCrmf.jar ./jre/lib/ext/IBMSecureRandom.jar ./jre/lib/ext/cldrdata.jar ./jre/lib/ext/dnsns.jar ./jre/lib/ext/dtfj.jar ./jre/lib/ext/dtfjview.jar ./jre/lib/ext/gskikm.jar ./jre/lib/ext/healthcenter.jar ./jre/lib/ext/ibmcmsprovider.jar ./jre/lib/ext/ibmjcefips.jar ./jre/lib/ext/ibmjceplus.jar ./jre/lib/ext/ibmjceprovider.jar ./jre/lib/ext/ibmkeycert.jar ./jre/lib/ext/ibmpkcs11impl.jar ./jre/lib/ext/ibmsaslprovider.jar ./jre/lib/ext/ibmxmlcrypto.jar ./jre/lib/ext/ibmxmldsigprovider.jar ./jre/lib/ext/ibmxmlencprovider.jar ./jre/lib/ext/jaccess.jar ./jre/lib/ext/localedata.jar ./jre/lib/ext/nashorn.jar ./jre/lib/ext/traceformat.jar ./jre/lib/ext/xmlencfw.jar ./jre/lib/ext/zipfs.jar ./jre/lib/aggressive.jar ./jre/lib/charsets.jar ./jre/lib/dataaccess.jar ./jre/lib/ddr/j9ddr.jar ./jre/lib/deploy.jar ./jre/lib/ibmcertpathfw.jar ./jre/lib/ibmcertpathprovider.jar ./jre/lib/ibmcfw.jar ./jre/lib/ibmjcefw.jar ./jre/lib/ibmjgssfw.jar ./jre/lib/ibmjgssprovider.jar ./jre/lib/ibmjssefw.jar ./jre/lib/ibmjsseprovider2.jar ./jre/lib/ibmorb.jar ./jre/lib/ibmorbapi.jar ./jre/lib/ibmpkcs.jar ./jre/lib/ibmsaslfw.jar ./jre/lib/javaws.jar ./jre/lib/management-agent.jar ./jre/lib/math.jar ./jre/lib/plugin.jar ./jre/lib/resources.jar ./jre/lib/rt.jar ./jre/lib/se-service.jar ./jre/lib/security/US_export_policy_56bit.jar ./jre/lib/security/local_policy_56bit.jar ./jre/lib/security/policy/limited/US_export_policy.jar ./jre/lib/security/policy/limited/local_policy.jar ./jre/lib/security/policy/unlimited/US_export_policy.jar ./jre/lib/security/policy/unlimited/local_policy.jar ./jre/lib/tools/monitoring-api.jar ./jre/lib/xml.jar ./jre/lib/xmldsigfw.jar ./IBMmisc.jar ./lib/dt.jar ./lib/ibmorbtools.jar ./lib/jconsole.jar ./lib/tools.jar ./lib/IBMi5OSJSSE.jar If I do a "find . -name '*crimson*'", I get nothing. If I do a "find . -name '*.jar' -exec grep -l 'crimson' {} \;", I also get nothing. So unless anybody else has any ideas, I'm once again stuck, at least on this angle. Mark Thomas wrote: Tomcat 7 doesn't have JASPIC support so you'll never see this issue in Tomcat 7. . . . to which I replied (seriously, rather than flippantly) "What's a JASPIC?" I've finally taken a look at what JASPIC is. Interesting. If it's JASPIC support in Tomcat 8 that is throwing exceptions and killing manager under this particular Java 8 JVM, is there a way to disable it, at least until the customer has their PTFs up to date? Sorry, no. The code in question is always going to get executed. Future versions of Tomcat won't see this issue but if the customer is prepared to update Tomcat to fix this issue then they might as well just update Java (assuming that is indeed sufficient to fix this). Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
On 8/6/21 9:17 AM, Konstantin Kolinko wrote: Try to find what *.jar file in your system contains the above classes. E.g. searching for string "crimson" in *.jar files. That string will be visible in the archive file as it is a name of a directory. I've learned that QShell (a *nix-like shell that was added with Java support) on an AS/400 does have both "find" and "grep," so it wasn't quite so futile as I thought. If I go into QShell, navigate to the JVM home directory, and do a "find . -name '*.jar'" I get ./jre/lib/ppc64/compressedrefs/jclSC180/vm.jar ./jre/lib/ppc64/default/jclSC180/vm.jar ./jre/lib/ext/db2_classes18.jar ./jre/lib/ext/CmpCrmf.jar ./jre/lib/ext/IBMSecureRandom.jar ./jre/lib/ext/cldrdata.jar ./jre/lib/ext/dnsns.jar ./jre/lib/ext/dtfj.jar ./jre/lib/ext/dtfjview.jar ./jre/lib/ext/gskikm.jar ./jre/lib/ext/healthcenter.jar ./jre/lib/ext/ibmcmsprovider.jar ./jre/lib/ext/ibmjcefips.jar ./jre/lib/ext/ibmjceplus.jar ./jre/lib/ext/ibmjceprovider.jar ./jre/lib/ext/ibmkeycert.jar ./jre/lib/ext/ibmpkcs11impl.jar ./jre/lib/ext/ibmsaslprovider.jar ./jre/lib/ext/ibmxmlcrypto.jar ./jre/lib/ext/ibmxmldsigprovider.jar ./jre/lib/ext/ibmxmlencprovider.jar ./jre/lib/ext/jaccess.jar ./jre/lib/ext/localedata.jar ./jre/lib/ext/nashorn.jar ./jre/lib/ext/traceformat.jar ./jre/lib/ext/xmlencfw.jar ./jre/lib/ext/zipfs.jar ./jre/lib/aggressive.jar ./jre/lib/charsets.jar ./jre/lib/dataaccess.jar ./jre/lib/ddr/j9ddr.jar ./jre/lib/deploy.jar ./jre/lib/ibmcertpathfw.jar ./jre/lib/ibmcertpathprovider.jar ./jre/lib/ibmcfw.jar ./jre/lib/ibmjcefw.jar ./jre/lib/ibmjgssfw.jar ./jre/lib/ibmjgssprovider.jar ./jre/lib/ibmjssefw.jar ./jre/lib/ibmjsseprovider2.jar ./jre/lib/ibmorb.jar ./jre/lib/ibmorbapi.jar ./jre/lib/ibmpkcs.jar ./jre/lib/ibmsaslfw.jar ./jre/lib/javaws.jar ./jre/lib/management-agent.jar ./jre/lib/math.jar ./jre/lib/plugin.jar ./jre/lib/resources.jar ./jre/lib/rt.jar ./jre/lib/se-service.jar ./jre/lib/security/US_export_policy_56bit.jar ./jre/lib/security/local_policy_56bit.jar ./jre/lib/security/policy/limited/US_export_policy.jar ./jre/lib/security/policy/limited/local_policy.jar ./jre/lib/security/policy/unlimited/US_export_policy.jar ./jre/lib/security/policy/unlimited/local_policy.jar ./jre/lib/tools/monitoring-api.jar ./jre/lib/xml.jar ./jre/lib/xmldsigfw.jar ./IBMmisc.jar ./lib/dt.jar ./lib/ibmorbtools.jar ./lib/jconsole.jar ./lib/tools.jar ./lib/IBMi5OSJSSE.jar If I do a "find . -name '*crimson*'", I get nothing. If I do a "find . -name '*.jar' -exec grep -l 'crimson' {} \;", I also get nothing. So unless anybody else has any ideas, I'm once again stuck, at least on this angle. Mark Thomas wrote: Tomcat 7 doesn't have JASPIC support so you'll never see this issue in Tomcat 7. . . . to which I replied (seriously, rather than flippantly) "What's a JASPIC?" I've finally taken a look at what JASPIC is. Interesting. If it's JASPIC support in Tomcat 8 that is throwing exceptions and killing manager under this particular Java 8 JVM, is there a way to disable it, at least until the customer has their PTFs up to date? -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
I don't have an AS/400 any longer but I do I have a 9009 running IBM i. If you use iACS and go to the IFS menu option, you can filter by a file name. Are you looking for a class file within a jar or just the jar itself? Pete Helgren www.petesworkshop.com GIAC Secure Software Programmer-Java AWS Certified Cloud Practitioner Microsoft Certified: Azure Fundamentals Twitter - Sys_i_Geek IBM_i_Geek On 8/6/2021 11:49 AM, James H. H. Lampert wrote: Searching JAR files for "crimson" would likely be an exercise in futility on an AS/400. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: More information, Re: Tomcat 8.5.68 failing on takeoff!
> -Original Message- > From: James H. H. Lampert > Sent: Friday, August 06, 2021 11:49 AM > To: Tomcat Users List > Subject: Re: More information, Re: Tomcat 8.5.68 failing on takeoff! > > Searching JAR files for "crimson" would likely be an exercise in futility on > an > AS/400. > > -- > JHHL > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org I think it's likely to have "crimson" in the file name. https://search.maven.org/artifact/crimson/crimson/1.1.3/jar It's ancient, BTW.
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
Searching JAR files for "crimson" would likely be an exercise in futility on an AS/400. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
> On Aug 6, 2021, at 10:17 AM, Konstantin Kolinko > wrote: > > пт, 6 авг. 2021 г. в 01:33, James H. H. Lampert > : >> org.xml.sax.SAXNotRecognizedException: Feature: >> http://apache.org/xml/features/allow-java-encodings >> >> org.apache.crimson.parser.XMLReaderImpl.setFeature(XMLReaderImpl.java:213) >> >> org.apache.crimson.jaxp.SAXParserImpl.setFeatures(SAXParserImpl.java:143) >>org.apache.crimson.jaxp.SAXParserImpl.(SAXParserImpl.java:126) >> >> org.apache.crimson.jaxp.SAXParserFactoryImpl.newSAXParserImpl(SAXParserFactoryImpl.java:113) >> >> org.apache.crimson.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:141) > > Try to find what *.jar file in your system contains the above classes. > > E.g. searching for string "crimson" in *.jar files. > That string will be visible in the archive file as it is a name of a > directory. > > HTH. > I have a bash function which does this moderately well. Happy to share it, if needed. > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
пт, 6 авг. 2021 г. в 01:33, James H. H. Lampert : > org.xml.sax.SAXNotRecognizedException: Feature: > http://apache.org/xml/features/allow-java-encodings > > org.apache.crimson.parser.XMLReaderImpl.setFeature(XMLReaderImpl.java:213) > > org.apache.crimson.jaxp.SAXParserImpl.setFeatures(SAXParserImpl.java:143) > org.apache.crimson.jaxp.SAXParserImpl.(SAXParserImpl.java:126) > > org.apache.crimson.jaxp.SAXParserFactoryImpl.newSAXParserImpl(SAXParserFactoryImpl.java:113) > > org.apache.crimson.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:141) Try to find what *.jar file in your system contains the above classes. E.g. searching for string "crimson" in *.jar files. That string will be visible in the archive file as it is a name of a directory. HTH. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
On 8/6/21 1:40 AM, Mark Thomas wrote: Tomcat 7 doesn't have JASPIC support so you'll never see this issue in Tomcat 7. What's a JASPIC? And as to configuration, Mr. Schultz, my usual procedure is to (after commenting out the default 8080 unsecured connector) copy and paste the active secured port 443 connector *directly* from the Tomcat 7 conf/server.xml to the Tomcat 8 conf/server.xml. Ditto for the one user definition in tomcat-users.xml. That particular installation has a note to add this clause birtUseSvg false to the web.xml of *our webapp,* but nothing server-wide. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
On 06/08/2021 06:15, Christopher Schultz wrote: On 8/5/21 18:33, James H. H. Lampert wrote: java.lang.SecurityException: org.xml.sax.SAXNotRecognizedException: Feature: http://apache.org/xml/features/allow-java-encodings org.apache.catalina.authenticator.jaspic.PersistentProviderRegistrations.loadProviders(PersistentProviderRegistrations.java:65) org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations(AuthConfigFactoryImpl.java:345) org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.(AuthConfigFactoryImpl.java:68) sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83) sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57) java.lang.reflect.Constructor.newInstance(Constructor.java:437) javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76) javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67) java.security.AccessController.doPrivileged(AccessController.java:696) javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66) Now THAT looks like a bug. Here is the code around that setFeature() call: Digester digester = new Digester(); try { digester.setFeature("http://apache.org/xml/features/allow-java-encodings;, true); digester.setValidating(true); digester.setNamespaceAware(true); } catch (Exception e) { throw new SecurityException(e); } That digester.setFeature() call should be in its own try/catch block which issues a warning if a SAXException is thrown. +1 And to reiterate, the very same JVM has no difficulty at all running Tomcat 7.0.93. Something seems odd about that. There must be soe configuration difference between your 7.0.x environment and the 8.5.x environment you are testing. Tomcat 7 doesn't have JASPIC support so you'll never see this issue in Tomcat 7. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: More information, Re: Tomcat 8.5.68 failing on takeoff!
James, On 8/5/21 18:33, James H. H. Lampert wrote: I finally had a chance to switch the customer back to the failing Tomcat 8.5.68, and this is what the browser error page shows (with a 500 error): Type Exception Report Message AuthConfigFactory error: java.lang.reflect.InvocationTargetException Description The server encountered an unexpected condition that prevented it from fulfilling the request. Exception java.lang.SecurityException: AuthConfigFactory error: java.lang.reflect.InvocationTargetException javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:85) org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421) org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411) org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364) org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624) org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651) org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) java.lang.Thread.run(Thread.java:811) Root Cause java.lang.reflect.InvocationTargetException sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83) sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57) java.lang.reflect.Constructor.newInstance(Constructor.java:437) javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76) javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67) java.security.AccessController.doPrivileged(AccessController.java:696) javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66) org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421) org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411) org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364) org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624) org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651) org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) java.lang.Thread.run(Thread.java:811) Root Cause java.lang.SecurityException: org.xml.sax.SAXNotRecognizedException: Feature: http://apache.org/xml/features/allow-java-encodings org.apache.catalina.authenticator.jaspic.PersistentProviderRegistrations.loadProviders(PersistentProviderRegistrations.java:65) org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations(AuthConfigFactoryImpl.java:345) org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.(AuthConfigFactoryImpl.java:68) sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83) sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57) java.lang.reflect.Constructor.newInstance(Constructor.java:437) javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76)
More information, Re: Tomcat 8.5.68 failing on takeoff!
I finally had a chance to switch the customer back to the failing Tomcat 8.5.68, and this is what the browser error page shows (with a 500 error): Type Exception Report Message AuthConfigFactory error: java.lang.reflect.InvocationTargetException Description The server encountered an unexpected condition that prevented it from fulfilling the request. Exception java.lang.SecurityException: AuthConfigFactory error: java.lang.reflect.InvocationTargetException javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:85) org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421) org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411) org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364) org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624) org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651) org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) java.lang.Thread.run(Thread.java:811) Root Cause java.lang.reflect.InvocationTargetException sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83) sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57) java.lang.reflect.Constructor.newInstance(Constructor.java:437) javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76) javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67) java.security.AccessController.doPrivileged(AccessController.java:696) javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66) org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421) org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411) org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364) org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624) org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651) org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) java.lang.Thread.run(Thread.java:811) Root Cause java.lang.SecurityException: org.xml.sax.SAXNotRecognizedException: Feature: http://apache.org/xml/features/allow-java-encodings org.apache.catalina.authenticator.jaspic.PersistentProviderRegistrations.loadProviders(PersistentProviderRegistrations.java:65) org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations(AuthConfigFactoryImpl.java:345) org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.(AuthConfigFactoryImpl.java:68) sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83) sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57) java.lang.reflect.Constructor.newInstance(Constructor.java:437)