Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
I will, but now I'm moving houses and I don't have much access to Internet and my dev box is in another country. This is in my todo list for November, there is a small issue to fix in maven-repo-helper, then I will fix tomcat. Ludovic Michael Koch a écrit : On Mon, Sep 28, 2009 at 10:26:07AM +0200, Jakub Skoczen wrote: On my machine all jars under /usr/share/maven-repo/javax are real files and not symlinks. That includes Servlet, JSP and Expression Language APIs so stuff definitely loaded by tomcat: |-- javax | |-- el | | `-- el-api | | `-- 2.1 | | |-- el-api-2.1.jar | | `-- el-api-2.1.pom | `-- servlet | |-- jsp | | `-- jsp-api | | `-- 2.1 | | |-- jsp-api-2.1.jar | | `-- jsp-api-2.1.pom | `-- servlet-api | `-- 2.5 | |-- servlet-api-2.5.jar | `-- servlet-api-2.5.pom Latest package (libservlet2.5-java) also has it this way: mk...@quadriga ~ dpkg -c /var/cache/apt/archives/libservlet2.5-java_6.0.20-6_all.deb | grep jar$ -rw-r--r-- root/root 27811 2009-09-25 07:20 ./usr/share/maven-repo/javax/el/el-api/2.1/el-api-2.1.jar -rw-r--r-- root/root 76591 2009-09-25 07:20 ./usr/share/maven-repo/javax/servlet/jsp/jsp-api/2.1/jsp-api-2.1.jar -rw-r--r-- root/root 88191 2009-09-25 07:20 ./usr/share/maven-repo/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar lrwxrwxrwx root/root 0 2009-09-25 07:20 ./usr/share/java/jsp-api-2.1.jar - ../maven-repo/javax/servlet/jsp/jsp-api/2.1/jsp-api-2.1.jar lrwxrwxrwx root/root 0 2009-09-25 07:20 ./usr/share/java/el-api-2.1.jar - ../maven-repo/javax/el/el-api/2.1/el-api-2.1.jar lrwxrwxrwx root/root 0 2009-09-25 07:20 ./usr/share/java/servlet-api-2.5.jar - ../maven-repo/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar Ludovic, can you please take a look at this? Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
On Mon, Sep 28, 2009 at 10:26:07AM +0200, Jakub Skoczen wrote: On my machine all jars under /usr/share/maven-repo/javax are real files and not symlinks. That includes Servlet, JSP and Expression Language APIs so stuff definitely loaded by tomcat: |-- javax | |-- el | | `-- el-api | | `-- 2.1 | | |-- el-api-2.1.jar | | `-- el-api-2.1.pom | `-- servlet | |-- jsp | | `-- jsp-api | | `-- 2.1 | | |-- jsp-api-2.1.jar | | `-- jsp-api-2.1.pom | `-- servlet-api | `-- 2.5 | |-- servlet-api-2.5.jar | `-- servlet-api-2.5.pom Latest package (libservlet2.5-java) also has it this way: mk...@quadriga ~ dpkg -c /var/cache/apt/archives/libservlet2.5-java_6.0.20-6_all.deb | grep jar$ -rw-r--r-- root/root 27811 2009-09-25 07:20 ./usr/share/maven-repo/javax/el/el-api/2.1/el-api-2.1.jar -rw-r--r-- root/root 76591 2009-09-25 07:20 ./usr/share/maven-repo/javax/servlet/jsp/jsp-api/2.1/jsp-api-2.1.jar -rw-r--r-- root/root 88191 2009-09-25 07:20 ./usr/share/maven-repo/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar lrwxrwxrwx root/root 0 2009-09-25 07:20 ./usr/share/java/jsp-api-2.1.jar - ../maven-repo/javax/servlet/jsp/jsp-api/2.1/jsp-api-2.1.jar lrwxrwxrwx root/root 0 2009-09-25 07:20 ./usr/share/java/el-api-2.1.jar - ../maven-repo/javax/el/el-api/2.1/el-api-2.1.jar lrwxrwxrwx root/root 0 2009-09-25 07:20 ./usr/share/java/servlet-api-2.5.jar - ../maven-repo/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar Ludovic, can you please take a look at this? Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
On my machine all jars under /usr/share/maven-repo/javax are real files and not symlinks. That includes Servlet, JSP and Expression Language APIs so stuff definitely loaded by tomcat: |-- javax | |-- el | | `-- el-api | | `-- 2.1 | | |-- el-api-2.1.jar | | `-- el-api-2.1.pom | `-- servlet | |-- jsp | | `-- jsp-api | | `-- 2.1 | | |-- jsp-api-2.1.jar | | `-- jsp-api-2.1.pom | `-- servlet-api | `-- 2.5 | |-- servlet-api-2.5.jar | `-- servlet-api-2.5.pom On Fri, Sep 25, 2009 at 4:09 PM, Ludovic Claude ludovic.cla...@laposte.net wrote: Yes, I mentioned that, although it is possible that you need to rebuild tomcat6 as well as some of its dependent packages. Can you try to locate which jars are loaded from maven-repo? Jakub Skoczen a écrit : Ok, I have checked the packages from unstable and they work fine - that was expected, as the 02debian.policy is updated with a maven entry. When I take the entry out, webapps break in the same way. I'm not sure if you want to pursue that anymore (they DO work now) but I still find it weird that this entry has to be there. Ludovic, didn't you mention rebuilding the packages so jars from maven-repo are no longer referenced? On Fri, Sep 25, 2009 at 11:53 AM, Michael Koch konque...@gmx.de wrote: On Fri, Sep 25, 2009 at 11:35:17AM +0200, Jakub Skoczen wrote: Hi Ludovic, I don't see the new packages being available in testing yet, at least not on danish mirrors. I'll upgrade and test them as soon as they are. It will not be in testing for at least the next 10 days as we just uploaded the package to unstable. Cheers, Michael -- Cheers, Jakub -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
Hi Ludovic, I don't see the new packages being available in testing yet, at least not on danish mirrors. I'll upgrade and test them as soon as they are. On Thu, Sep 24, 2009 at 10:15 PM, Ludovic Claude ludovic.cla...@laposte.net wrote: Yes, this version should fix this bug. It works for me, Jakub, can you confirm that the fix works for you as well? Ludovic Michael Koch a écrit : Hello, On Thu, Sep 24, 2009 at 12:29:11PM +0100, Ludovic Claude wrote: This was a temporary issue with the way I installed jars both to /usr/share/java and /usr/share/maven-repo. In an old version of maven-repo-helper, the script mh_installjar was copying the jars to /usr/share/maven-repo and a link was created in /usr/share/java. I'm doing now the opposite, as it respects more the way things were done before. So this situation is only temporary, if your package is rebuilt against the latest version of maven-repo-helper, then this problem should not appear. Does this mean we should upload 6.0.20-6 to the archive? Cheers, Michael -- Cheers, Jakub -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
On Fri, Sep 25, 2009 at 11:35:17AM +0200, Jakub Skoczen wrote: Hi Ludovic, I don't see the new packages being available in testing yet, at least not on danish mirrors. I'll upgrade and test them as soon as they are. It will not be in testing for at least the next 10 days as we just uploaded the package to unstable. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
Ok, I have checked the packages from unstable and they work fine - that was expected, as the 02debian.policy is updated with a maven entry. When I take the entry out, webapps break in the same way. I'm not sure if you want to pursue that anymore (they DO work now) but I still find it weird that this entry has to be there. Ludovic, didn't you mention rebuilding the packages so jars from maven-repo are no longer referenced? On Fri, Sep 25, 2009 at 11:53 AM, Michael Koch konque...@gmx.de wrote: On Fri, Sep 25, 2009 at 11:35:17AM +0200, Jakub Skoczen wrote: Hi Ludovic, I don't see the new packages being available in testing yet, at least not on danish mirrors. I'll upgrade and test them as soon as they are. It will not be in testing for at least the next 10 days as we just uploaded the package to unstable. Cheers, Michael -- Cheers, Jakub -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
On Fri, Sep 25, 2009 at 2:53 PM, Jakub Skoczen ja...@indexdata.dk wrote: Ok, I have checked the packages from unstable and they work fine - that was expected, as the 02debian.policy is updated with a maven entry. When I take the entry out, webapps break in the same way. I'm not sure if you want to pursue that anymore (they DO work now) but I still find it weird that this entry has to be there. Ludovic, didn't you mention rebuilding the packages so jars from maven-repo are no longer referenced? Actually, after updating the libservlet2.5-java to 6.0.20-6 the /usr/share/java/servlet-api-2.5.jar is still a symlink to /usr/share/maven-repo/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar and not the other way round. On Fri, Sep 25, 2009 at 11:53 AM, Michael Koch konque...@gmx.de wrote: On Fri, Sep 25, 2009 at 11:35:17AM +0200, Jakub Skoczen wrote: Hi Ludovic, I don't see the new packages being available in testing yet, at least not on danish mirrors. I'll upgrade and test them as soon as they are. It will not be in testing for at least the next 10 days as we just uploaded the package to unstable. Cheers, Michael -- Cheers, Jakub -- Cheers, Jakub -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
Hi Ludovic, Enabling all security privileges to /usr/share/maven-repo/ did the trick. Still, I don't fully understand why this is needed - shouldn't the maven repository be only used for building stuff (like source packages)? Why does a running tomcat instance even know about it and tries to load jar files from there? -- Cheers, Jakub -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
Hi Jakub, This was a temporary issue with the way I installed jars both to /usr/share/java and /usr/share/maven-repo. In an old version of maven-repo-helper, the script mh_installjar was copying the jars to /usr/share/maven-repo and a link was created in /usr/share/java. I'm doing now the opposite, as it respects more the way things were done before. So this situation is only temporary, if your package is rebuilt against the latest version of maven-repo-helper, then this problem should not appear. Ludovic Jakub Skoczen a écrit : Hi Ludovic, Enabling all security privileges to /usr/share/maven-repo/ did the trick. Still, I don't fully understand why this is needed - shouldn't the maven repository be only used for building stuff (like source packages)? Why does a running tomcat instance even know about it and tries to load jar files from there? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
Hello, On Thu, Sep 24, 2009 at 12:29:11PM +0100, Ludovic Claude wrote: This was a temporary issue with the way I installed jars both to /usr/share/java and /usr/share/maven-repo. In an old version of maven-repo-helper, the script mh_installjar was copying the jars to /usr/share/maven-repo and a link was created in /usr/share/java. I'm doing now the opposite, as it respects more the way things were done before. So this situation is only temporary, if your package is rebuilt against the latest version of maven-repo-helper, then this problem should not appear. Does this mean we should upload 6.0.20-6 to the archive? Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
Yes, this version should fix this bug. It works for me, Jakub, can you confirm that the fix works for you as well? Ludovic Michael Koch a écrit : Hello, On Thu, Sep 24, 2009 at 12:29:11PM +0100, Ludovic Claude wrote: This was a temporary issue with the way I installed jars both to /usr/share/java and /usr/share/maven-repo. In an old version of maven-repo-helper, the script mh_installjar was copying the jars to /usr/share/maven-repo and a link was created in /usr/share/java. I'm doing now the opposite, as it respects more the way things were done before. So this situation is only temporary, if your package is rebuilt against the latest version of maven-repo-helper, then this problem should not appear. Does this mean we should upload 6.0.20-6 to the archive? Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
On Thu, Sep 24, 2009 at 09:15:47PM +0100, Ludovic Claude wrote: Yes, this version should fix this bug. It works for me, Jakub, can you confirm that the fix works for you as well? I have made some small changes and uploaded to the archive. Thanks for your work. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
Hello Heikki and Jakub,
Thanks for this detailed error report. I believe that I have fixed this
issue, by adding a grant on /usr/share/maven-repo/ in the file
02debian.policy. Can you check that it is working? If you need, I have
created a new .deb in my PPA
(https://launchpad.net/~ludovicc/+archive/ppa/), and I will add those
fixes shortly to Debian.
02debian.policy:
// These permissions apply to all JARs from Debian packages
grant codeBase file:/usr/share/java/- {
permission java.security.AllPermission;
};
grant codeBase file:/usr/share/maven-repo/- {
permission java.security.AllPermission;
};
grant codeBase file:/usr/share/ant/lib/- {
permission java.security.AllPermission;
};
Ludovic
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
On Wed, Sep 09, 2009 at 09:24:12PM +0200, Marcus Better wrote:
the file /etc/inint.d/tomcat6 should be left alone, the security manager
can be disabled in /etc/default/tomcat6.
Thanks. That was just my quick workaround.
Apparently a security manager permission problem. The manager app seems
to need
permission java.util.PropertyPermission catalina.base, read;
You can add the appropriate permissions in /etc/tomcat6/policy.d, but
actually I have no idea how it could work on 6.0.20-2 if the rules were
not there in the first place.
Well, that rule *is* there in the default installation. The problem
seems to be that something prevents it reading any policy files, and
*any* web applications from running!
We have a test application (on another server) with
grant codeBase file:/usr/share/masterkey/torus/- {
permission java.security.AllPermission;
};
but our application crashes with the same error message. I just reported
the admin thing, because that is installed directly from Debian, and
ought to work straight out of the box. I believe the problem is with
the tomcat package itself.
I suspect there is something fishy with file permissions and/or the way
the policy.d is concatenated into a single policy file (that seems to
be Debian-specific), but I haven't been able to debug it further.
--
Heikki Levantoheikki at indexdata dot dk In Murphy We Turst
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
On Thu, Sep 10, 2009 at 10:57:24AM +0200, Heikki Levanto wrote:
On Wed, Sep 09, 2009 at 09:24:12PM +0200, Marcus Better wrote:
You can add the appropriate permissions in /etc/tomcat6/policy.d, but
actually I have no idea how it could work on 6.0.20-2 if the rules were
not there in the first place.
Well, that rule *is* there in the default installation. The problem
seems to be that something prevents it reading any policy files, and
*any* web applications from running!
...
I suspect there is something fishy with file permissions and/or the way
the policy.d is concatenated into a single policy file (that seems to
be Debian-specific), but I haven't been able to debug it further.
I suspected wrong. Adding this entry to some file in policy.d makes the
security manager work:
grant {
permission java.security.AllPermission;
};
So, the files are being concatenated and read all right.
Now I am ready to accept the bug as belonging to the tomcat6-admin. We
may have another problem with our own application, but that is not a
problem for you.
--
Heikki Levantoheikki at indexdata dot dk In Murphy We Turst
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#545674: tomcat6: Crashes when trying to run a web app, including admin
Package: tomcat6 Version: 6.0.20-5 Severity: grave Justification: renders package unusable Installing tomcat6-admin on a brand new Debian/squeeze gets nothing but a crash, when accessing the admin page. A similar crash happens when accessing any web app. I reproduced this on a fresh squeeze (a xen host made for this purpose). apt-get install tomcat6-admin edit /etc/tomcat6/tomcat-users.xml - uncomment the users section - change passwords - add 'admin' and 'manager' to user 'tomcat' Point a browser to port 8080 on that host. Get the 'It Works' page. Click on the 'manager webapp' link, get to ...:8080/manager/html, and see a 500 page with description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: Servlet.init() for servlet HTMLManager threw exception org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) java.lang.Thread.run(Thread.java:636) root cause java.security.AccessControlException: access denied (java.util.PropertyPermission catalina.base read) java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) java.security.AccessController.checkPermission(AccessController.java:553) java.lang.SecurityManager.checkPermission(SecurityManager.java:549) java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302) java.lang.System.getProperty(System.java:669) org.apache.catalina.manager.ManagerServlet.init(ManagerServlet.java:487) org.apache.catalina.manager.HTMLManagerServlet.init(HTMLManagerServlet.java:646) javax.servlet.GenericServlet.init(GenericServlet.java:212) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:616) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:537) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115) org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) java.lang.Thread.run(Thread.java:636) A similar crash can be provoked with the URL ...:8080/foobar/ (but not with plain /foobar without the trailing slash) That is why I report this on tomcat6, and not tomcat6-admin. We had a similar problem after upgrading from tomcat6 from 6.0.20-2 to 6.0.20-5. If I can provide any additional information, I'd be glad to do so. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages tomcat6 depends on: ii adduser 3.110 add and remove users and groups ii jsvc 1.0.2~svn20061127-9 wrapper to launch Java application ii tomcat6-common 6.0.20-5Servlet and JSP engine -- common f tomcat6 recommends no packages. Versions of packages tomcat6 suggests: ii tomcat6-admin 6.0.20-5 Servlet and JSP engine -- admin we pn tomcat6-docs none (no description available) pn tomcat6-examples none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
