James,
On 8/5/21 18:33, James H. H. Lampert wrote:
I finally had a chance to switch the customer back to the failing Tomcat
8.5.68, and this is what the browser error page shows (with a 500 error):
Type Exception Report
Message AuthConfigFactory error:
java.lang.reflect.InvocationTargetException
Description The server encountered an unexpected condition that
prevented it from fulfilling the request.
Exception
java.lang.SecurityException: AuthConfigFactory error:
java.lang.reflect.InvocationTargetException
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:85)
org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:811)
Root Cause
java.lang.reflect.InvocationTargetException
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
java.lang.reflect.Constructor.newInstance(Constructor.java:437)
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76)
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67)
java.security.AccessController.doPrivileged(AccessController.java:696)
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66)
org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:811)
Root Cause
java.lang.SecurityException: org.xml.sax.SAXNotRecognizedException:
Feature: http://apache.org/xml/features/allow-java-encodings
org.apache.catalina.authenticator.jaspic.PersistentProviderRegistrations.loadProviders(PersistentProviderRegistrations.java:65)
org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations(AuthConfigFactoryImpl.java:345)
org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.<init>(AuthConfigFactoryImpl.java:68)
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
java.lang.reflect.Constructor.newInstance(Constructor.java:437)
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76)
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67)
java.security.AccessController.doPrivileged(AccessController.java:696)
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66)
org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:811)
Root Cause
org.xml.sax.SAXNotRecognizedException: Feature:
http://apache.org/xml/features/allow-java-encodings
org.apache.crimson.parser.XMLReaderImpl.setFeature(XMLReaderImpl.java:213)
org.apache.crimson.jaxp.SAXParserImpl.setFeatures(SAXParserImpl.java:143)
org.apache.crimson.jaxp.SAXParserImpl.<init>(SAXParserImpl.java:126)
org.apache.crimson.jaxp.SAXParserFactoryImpl.newSAXParserImpl(SAXParserFactoryImpl.java:113)
org.apache.crimson.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:141)
org.apache.tomcat.util.digester.Digester.setFeature(Digester.java:526)
org.apache.catalina.authenticator.jaspic.PersistentProviderRegistrations.loadProviders(PersistentProviderRegistrations.java:61)
org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations(AuthConfigFactoryImpl.java:345)
org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.<init>(AuthConfigFactoryImpl.java:68)
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
java.lang.reflect.Constructor.newInstance(Constructor.java:437)
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76)
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67)
java.security.AccessController.doPrivileged(AccessController.java:696)
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66)
org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:811)
Note The full stack trace of the root cause is available in the server
logs.
Now THAT looks like a bug. Here is the code around that setFeature() call:
Digester digester = new Digester();
try {
digester.setFeature("http://apache.org/xml/features/allow-java-encodings",
true);
digester.setValidating(true);
digester.setNamespaceAware(true);
} catch (Exception e) {
throw new SecurityException(e);
}
That digester.setFeature() call should be in its own try/catch block
which issues a warning if a SAXException is thrown.
I will note that the *second* SAXNotRecognizedException stack trace
starts out exactly like the one in catalina.out, but diverges after
Digester.java:526. The first three stacktraces on the error page look
completely different.
Yep: the other one you showed was caught and logged, but otherwise ignored.
The first stacktrace on the error page looks similar to one in
localhost.2021-08-05.log, timestamped when I attempted to access manager:
05-Aug-2021 17:05:52.697 SEVERE [https-jsse-nio-443-exec-10]
org.apache.catalina.core.StandardHostValve.invoke Exception Processing
/manager/
java.lang.SecurityException: AuthConfigFactory error:
java.lang.reflect.InvocationTargetException
at
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:85)
. . .
localhost_access_log.2021-08-05.txt shows (IP address redacted):
[05/Aug/2021:17:05:52 -0500] "GET /manager HTTP/1.1" 302 -
[05/Aug/2021:17:05:52 -0500] "GET /manager/ HTTP/1.1" 500 9663
and the manager log shows nothing at all.
And to reiterate, the very same JVM has no difficulty at all running
Tomcat 7.0.93.
Something seems odd about that. There must be soe configuration
difference between your 7.0.x environment and the 8.5.x environment you
are testing. Somehow, the Crimson XML library is not being used by
Tomcat in your 7.0.x environment. Do you know if you have customized
your conf/catalina.properties or have some non-mundane CATALINA_OPTS
being set in your 7.0.x and.or 8.5.x environments?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org