Re: More information, Re: Tomcat 8.5.68 failing on takeoff!

Thu, 05 Aug 2021 21:16:00 -0700 

James,

On 8/5/21 18:33, James H. H. Lampert wrote:
I finally had a chance to switch the customer back to the failing Tomcat 8.5.68, and this is what the browser error page shows (with a 500 error): 


Type Exception Report


Message AuthConfigFactory error: 
java.lang.reflect.InvocationTargetException



Description The server encountered an unexpected condition that 
prevented it from fulfilling the request.


Exception


java.lang.SecurityException: AuthConfigFactory error: 
java.lang.reflect.InvocationTargetException

     
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:85)
     
org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
     
org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
     
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
     
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
     
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
     org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
     org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
     
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
     
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
     
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
     
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
     
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
     
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
     
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
     java.lang.Thread.run(Thread.java:811)
Root Cause

java.lang.reflect.InvocationTargetException
     sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
     
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
     java.lang.reflect.Constructor.newInstance(Constructor.java:437)
     
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76)
     
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67)
     java.security.AccessController.doPrivileged(AccessController.java:696)
     
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66)
     
org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
     
org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
     
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
     
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
     
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
     org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
     org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
     
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
     
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
     
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
     
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
     
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
     
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
     
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
     java.lang.Thread.run(Thread.java:811)
Root Cause


java.lang.SecurityException: org.xml.sax.SAXNotRecognizedException: 
Feature: http://apache.org/xml/features/allow-java-encodings

     
org.apache.catalina.authenticator.jaspic.PersistentProviderRegistrations.loadProviders(PersistentProviderRegistrations.java:65)
     
org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations(AuthConfigFactoryImpl.java:345)
     
org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.<init>(AuthConfigFactoryImpl.java:68)
     sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
     
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
     java.lang.reflect.Constructor.newInstance(Constructor.java:437)
     
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76)
     
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67)
     java.security.AccessController.doPrivileged(AccessController.java:696)
     
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66)
     
org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
     
org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
     
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
     
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
     
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
     org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
     org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
     
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
     
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
     
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
     
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
     
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
     
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
     
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
     java.lang.Thread.run(Thread.java:811)
Root Cause


org.xml.sax.SAXNotRecognizedException: Feature: 
http://apache.org/xml/features/allow-java-encodings

     org.apache.crimson.parser.XMLReaderImpl.setFeature(XMLReaderImpl.java:213)
     org.apache.crimson.jaxp.SAXParserImpl.setFeatures(SAXParserImpl.java:143)
     org.apache.crimson.jaxp.SAXParserImpl.<init>(SAXParserImpl.java:126)
     
org.apache.crimson.jaxp.SAXParserFactoryImpl.newSAXParserImpl(SAXParserFactoryImpl.java:113)
     
org.apache.crimson.jaxp.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:141)
     org.apache.tomcat.util.digester.Digester.setFeature(Digester.java:526)
     
org.apache.catalina.authenticator.jaspic.PersistentProviderRegistrations.loadProviders(PersistentProviderRegistrations.java:61)
     
org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations(AuthConfigFactoryImpl.java:345)
     
org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.<init>(AuthConfigFactoryImpl.java:68)
     sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:83)
     
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
     java.lang.reflect.Constructor.newInstance(Constructor.java:437)
     
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:76)
     
javax.security.auth.message.config.AuthConfigFactory$1.run(AuthConfigFactory.java:67)
     java.security.AccessController.doPrivileged(AccessController.java:696)
     
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:66)
     
org.apache.catalina.authenticator.AuthenticatorBase.findJaspicProvider(AuthenticatorBase.java:1421)
     
org.apache.catalina.authenticator.AuthenticatorBase.getJaspicProvider(AuthenticatorBase.java:1411)
     
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)
     
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
     
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
     org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
     org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
     
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
     
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
     
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1651)
     
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
     
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
     
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
     
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
     java.lang.Thread.run(Thread.java:811)

Note The full stack trace of the root cause is available in the server 
logs.


Now THAT looks like a bug. Here is the code around that setFeature() call:

            Digester digester = new Digester();

            try {


digester.setFeature("http://apache.org/xml/features/allow-java-encodings";, 
true);

                digester.setValidating(true);
                digester.setNamespaceAware(true);
            } catch (Exception e) {
                throw new SecurityException(e);
            }


That digester.setFeature() call should be in its own try/catch block 
which issues a warning if a SAXException is thrown.



I will note that the *second* SAXNotRecognizedException stack trace 
starts out exactly like the one in catalina.out, but diverges after 
Digester.java:526. The first three stacktraces on the error page look 
completely different.


Yep: the other one you showed was caught and logged, but otherwise ignored.


The first stacktrace on the error page looks similar to one in 
localhost.2021-08-05.log, timestamped when I attempted to access manager:



05-Aug-2021 17:05:52.697 SEVERE [https-jsse-nio-443-exec-10] 
org.apache.catalina.core.StandardHostValve.invoke Exception Processing 
/manager/
java.lang.SecurityException: AuthConfigFactory error: 
java.lang.reflect.InvocationTargetException
at 
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:85) 


. . .

localhost_access_log.2021-08-05.txt shows (IP address redacted):
[05/Aug/2021:17:05:52 -0500] "GET /manager HTTP/1.1" 302 -
[05/Aug/2021:17:05:52 -0500] "GET /manager/ HTTP/1.1" 500 9663

and the manager log shows nothing at all.


And to reiterate, the very same JVM has no difficulty at all running 
Tomcat 7.0.93.



Something seems odd about that. There must be soe configuration 
difference between your 7.0.x environment and the 8.5.x environment you 
are testing. Somehow, the Crimson XML library is not being used by 
Tomcat in your 7.0.x environment. Do you know if you have customized 
your conf/catalina.properties or have some non-mundane CATALINA_OPTS 
being set in your 7.0.x and.or 8.5.x environments?


-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to