Tapestry web app (including workbench example) fails in Tomcat with security
manager enabled
---------------------------------------------------------------------------------------------
Key: TAPESTRY-964
URL: http://issues.apache.org/jira/browse/TAPESTRY-964
Project: Tapestry
Type: Bug
Components: Framework
Versions: 4.0.2
Environment: Linux (2.6 kernel), Tomcat 5.0.28, Sun Java SDK 1.5.0_02,
Tapestry 4.0.2
Reporter: Paul Homes
Web apps that use Tapestry 4.0 in Tomcat with the security manager enabled fail
with a "java.lang.NoClassDefFoundError:
org.apache.hivemind.ServiceImplementationFactory" exception.
To simplify testing I only have the Tapestry 4.0.2 example workbench web app
deployed in a new Tomcat 5.0.28 install. The workbench example works fine when
Tomcat is started without the security manager, but when the security manager
is enabled you can see the following stack trace:
2006-05-25 17:32:57 StandardContext[/workbench]Servlet /workbench threw load()
exception javax.servlet.ServletException:
org.apache.hivemind.ServiceImplementationFactory
at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:286)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:110)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1024)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:862)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4013)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4357)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:805)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595)
at
org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:277)
at org.apache.catalina.core.StandardHost.install(StandardHost.java:832)
at
org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:625)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:431)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
at
org.apache.catalina.core.StandardService.start(StandardService.java:480)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
----- Root Cause -----
java.lang.NoClassDefFoundError: org.apache.hivemind.ServiceImplementationFactory
at
org.apache.hivemind.impl.InvokeFactoryServiceConstructor.class$(InvokeFactoryServiceConstructor.java:83)
at
org.apache.hivemind.impl.InvokeFactoryServiceConstructor.setupFactoryAndParameters(InvokeFactoryServiceConstructor.java:82)
at
org.apache.hivemind.impl.InvokeFactoryServiceConstructor.constructCoreServiceImplementation(InvokeFactoryServiceConstructor.java:55)
at
org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructCoreServiceImplementation(AbstractServiceModelImpl.java:108)
at
org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructNewServiceImplementation(AbstractServiceModelImpl.java:158)
at
org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructServiceImplementation(AbstractServiceModelImpl.java:140)
at
org.apache.hivemind.impl.servicemodel.SingletonServiceModel.getActualServiceImplementation(SingletonServiceModel.java:69)
at $Runnable_10b6a75df19._service($Runnable_10b6a75df19.java)
at $Runnable_10b6a75df19.run($Runnable_10b6a75df19.java)
at $Runnable_10b6a75df18.run($Runnable_10b6a75df18.java)
at
org.apache.hivemind.impl.RegistryInfrastructureImpl.startup(RegistryInfrastructureImpl.java:436)
at
org.apache.hivemind.impl.RegistryBuilder.constructRegistry(RegistryBuilder.java:154)
at
org.apache.tapestry.ApplicationServlet.constructRegistry(ApplicationServlet.java:253)
at
org.apache.tapestry.ApplicationServlet.init(ApplicationServlet.java:194)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:268)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:110)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1024)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:862)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4013)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4357)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:805)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595)
at
org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:277)
at org.apache.catalina.core.StandardHost.install(StandardHost.java:832)
at
org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:625)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:431)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
at
org.apache.catalina.core.StandardService.start(StandardService.java:480)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
The catalina.policy file in use is the standard Tomcat one with the following
appended to grant all permissions to the Tapestry workbench example:
grant codeBase "file:${catalina.home}/webapps/workbench/-" {
permission java.security.AllPermission;
};
Tomcat has been started like so:
catalina.sh start -security
Not sure if this helps much, but I enabled some java security debugging with:
export CATALINA_OPTS=-Djava.security.debug=access:failure
catalina.sh start -security
... that generates:
access: access allowed (java.io.FilePermission
/usr/local/jakarta-tomcat-5.0.28/webapps/workbench/WEB-INF/classes/org/apache/hivemind/impl/servicemodel/SingletonInnerProxy.class
read)
access: access allowed (java.io.FilePermission
/usr/local/jakarta-tomcat-5.0.28/webapps/workbench/WEB-INF/lib/hivemind-1.1.1.jar
read)
access: access allowed (java.io.FilePermission
/usr/local/jakarta-tomcat-5.0.28/webapps/workbench/WEB-INF/lib/hivemind-1.1.1.jar
read)
access: access allowed (java.io.FilePermission
/usr/local/jakarta-tomcat-5.0.28/webapps/workbench/WEB-INF/lib/hivemind-1.1.1.jar
read)
access: access allowed (java.lang.RuntimePermission accessDeclaredMembers)
access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks)
access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks)
access: access allowed (java.lang.reflect.ReflectPermission
suppressAccessChecks)
access: access denied (java.io.FilePermission
/usr/local/jakarta-tomcat-5.0.28/webapps/workbench/WEB-INF/classes/org/apache/hivemind/ServiceImplementationFactory.class
read)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1158)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:253)
at
java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:700)
at
org.apache.naming.resources.FileDirContext.file(FileDirContext.java:826)
at
org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:208)
at
org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:287)
at
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1707)
at
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1575)
at
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:860)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1307)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1189)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:164)
at
org.apache.hivemind.impl.InvokeFactoryServiceConstructor.class$(InvokeFactoryServiceConstructor.java:83)
at
org.apache.hivemind.impl.InvokeFactoryServiceConstructor.setupFactoryAndParameters(InvokeFactoryServiceConstructor.java:82)
at
org.apache.hivemind.impl.InvokeFactoryServiceConstructor.constructCoreServiceImplementation(InvokeFactoryServiceConstructor.java:55)
at
org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructCoreServiceImplementation(AbstractServiceModelImpl.java:108)
at
org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructNewServiceImplementation(AbstractServiceModelImpl.java:158)
at
org.apache.hivemind.impl.servicemodel.AbstractServiceModelImpl.constructServiceImplementation(AbstractServiceModelImpl.java:140)
at
org.apache.hivemind.impl.servicemodel.SingletonServiceModel.getActualServiceImplementation(SingletonServiceModel.java:69)
at $Runnable_10b6b1bdd89._service($Runnable_10b6b1bdd89.java)
at $Runnable_10b6b1bdd89.run($Runnable_10b6b1bdd89.java)
at $Runnable_10b6b1bdd88.run($Runnable_10b6b1bdd88.java)
at
org.apache.hivemind.impl.RegistryInfrastructureImpl.startup(RegistryInfrastructureImpl.java:436)
at
org.apache.hivemind.impl.RegistryBuilder.constructRegistry(RegistryBuilder.java:154)
at
org.apache.tapestry.ApplicationServlet.constructRegistry(ApplicationServlet.java:253)
at
org.apache.tapestry.ApplicationServlet.init(ApplicationServlet.java:194)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:268)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:110)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1024)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:862)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4013)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4357)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:805)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595)
at
org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:277)
at org.apache.catalina.core.StandardHost.install(StandardHost.java:832)
at
org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:625)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:431)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:789)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478)
at
org.apache.catalina.core.StandardService.start(StandardService.java:480)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
access: access allowed (java.security.SecurityPermission getPolicy)
access: domain that failed ProtectionDomain (null <no signer certificates>)
[EMAIL PROTECTED]
<no principals>
[EMAIL PROTECTED] (
(java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime)
(java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.runtime.*)
(java.lang.RuntimePermission getAttribute)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission java.home read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission javax.sql.* read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.specification.vendor read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission java.naming.* read)
(java.util.PropertyPermission jaxp.debug read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission line.separator read)
)
There is a similar problem with security manager enabled Tomcat 4.1.31, Java
SDK 1.4.2_10 on Windows XP where the class loading problem shows up this time
as:
javax.servlet.ServletException: Unable to initialize application servlet:
Unable to construct service hivemind.Startup: Error at
jar:file:/C:/jakarta-tomcat-4.1.31/webapps/futrix5dev/WEB-INF/lib/hivemind-1.1.jar!/META-INF/hivemodule.xml,
line 599, column 43: Unable to process attribute autowire-services (of element
construct): Unable to construct configuration hivemind.Translators: Error at
jar:file:/C:/jakarta-tomcat-4.1.31/webapps/futrix5dev/WEB-INF/lib/hivemind-1.1.jar!/META-INF/hivemodule.xml,
line 555, column 62: Unable to process attribute service-id (of element
translator): Unable to lookup java.lang.Class: java.lang.Class
at
org.apache.tapestry.ApplicationServlet.init(ApplicationServlet.java:206)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:888)
.....
Caused by: org.apache.hivemind.ApplicationRuntimeException: Unable to lookup
java.lang.Class: java.lang.Class
at
org.apache.hivemind.service.impl.CtClassSource.getCtClass(CtClassSource.java:56)
at
org.apache.hivemind.service.impl.AbstractFab.convertClass(AbstractFab.java:83)
at
org.apache.hivemind.service.impl.AbstractFab.convertClasses(AbstractFab.java:66)
at
org.apache.hivemind.service.impl.ClassFabImpl.addMethod(ClassFabImpl.java:280)
at
org.apache.hivemind.impl.ProxyBuilder.addServiceMethods(ProxyBuilder.java:139)
at
org.apache.hivemind.impl.servicemodel.SingletonServiceModel.createSingletonProxyClass(SingletonServiceModel.java:183)
at
org.apache.hivemind.impl.servicemodel.SingletonServiceModel.createSingletonProxy(SingletonServiceModel.java:103)
... 73 more
Caused by: javassist.NotFoundException: java.lang.Class
at javassist.ClassPool.get(ClassPool.java:301)
at
org.apache.hivemind.service.impl.CtClassSource.getCtClass(CtClassSource.java:52)
... 79 more
The only existing JIRA issue I can find which sounds similar is TAPESTRY-150
but that is with Tapestry 3.0
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
