Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
hi Christopher The problem was that there was attempt to access \c:\{$catalina.base}\lib\ojdbc6.jar rather than c:\{$catalina.base}\lib\ojdbc6.jar. when I added new rule the error went away. -suresh Christopher Schultz-2 wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Suresh, > > On 4/22/2010 8:33 PM, suresht wrote: >> I see a char array being set to a number. >> charstring1[charstring1-1] = 0; > > That's obviously not actual code. Can you decompile or otherwise browse > the source of the method where the exception occurs? > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvRzTEACgkQ9CaO5/Lv0PAthQCdFUlvrW4VgDC5M3qc8Lpklc+9 > sC4Anjmgu+jgXzjwgYFDsK+t8g3/ggEh > =ByKq > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28343802.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
The problem was with oracle jar in {catalina.base}\lib dir was getting called with \ at the start. When I added the AllProperty policy rule for that \file:{catalina.base}\lib\- . this error went away. suresht wrote: > > hi Christopher, > I see a char array being set to a number. > charstring1[charstring1-1] = 0; > > > > Christopher Schultz-2 wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Suresh, >> >> On 4/22/2010 4:51 PM, suresht wrote: >>> i have attached a copy of the policy file. >> >> It was stripped by the list. >> >>> yes that is true but the command line application includes the security >>> manager with equivalent policy >> >> Ok. >> >>> The web application works fine without the security manager. >> >> Since the error occurs in the JDBC driver, I would imagine that the >> problem is there: the driver is not properly checking array bounds when >> accessing a String. >> >> Now, more than likely it's some String that is no longer available due >> to the presence of the SecurityManager, but we'll never know what the >> "real" problem is until we can get a report of what String the driver >> can't read properly. >> >> Do you have the source code of the JDBC driver? Can you decompile it to >> find out what is blowing up? >> >> - -chris >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.10 (MingW32) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iEYEARECAAYFAkvQvccACgkQ9CaO5/Lv0PDqXQCfT5BcPuXT2qaKp4ZCChMsBrKy >> Ex4AnikHuVhogRnOM8HW0y3cx9TjqRWu >> =4vR2 >> -END PGP SIGNATURE- >> >> ----------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> > > -- View this message in context: http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28343771.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suresh, On 4/22/2010 8:33 PM, suresht wrote: > I see a char array being set to a number. > charstring1[charstring1-1] = 0; That's obviously not actual code. Can you decompile or otherwise browse the source of the method where the exception occurs? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvRzTEACgkQ9CaO5/Lv0PAthQCdFUlvrW4VgDC5M3qc8Lpklc+9 sC4Anjmgu+jgXzjwgYFDsK+t8g3/ggEh =ByKq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
hi Christopher, I see a char array being set to a number. charstring1[charstring1-1] = 0; Christopher Schultz-2 wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Suresh, > > On 4/22/2010 4:51 PM, suresht wrote: >> i have attached a copy of the policy file. > > It was stripped by the list. > >> yes that is true but the command line application includes the security >> manager with equivalent policy > > Ok. > >> The web application works fine without the security manager. > > Since the error occurs in the JDBC driver, I would imagine that the > problem is there: the driver is not properly checking array bounds when > accessing a String. > > Now, more than likely it's some String that is no longer available due > to the presence of the SecurityManager, but we'll never know what the > "real" problem is until we can get a report of what String the driver > can't read properly. > > Do you have the source code of the JDBC driver? Can you decompile it to > find out what is blowing up? > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvQvccACgkQ9CaO5/Lv0PDqXQCfT5BcPuXT2qaKp4ZCChMsBrKy > Ex4AnikHuVhogRnOM8HW0y3cx9TjqRWu > =4vR2 > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28336163.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suresh, On 4/22/2010 4:51 PM, suresht wrote: > i have attached a copy of the policy file. It was stripped by the list. > yes that is true but the command line application includes the security > manager with equivalent policy Ok. > The web application works fine without the security manager. Since the error occurs in the JDBC driver, I would imagine that the problem is there: the driver is not properly checking array bounds when accessing a String. Now, more than likely it's some String that is no longer available due to the presence of the SecurityManager, but we'll never know what the "real" problem is until we can get a report of what String the driver can't read properly. Do you have the source code of the JDBC driver? Can you decompile it to find out what is blowing up? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvQvccACgkQ9CaO5/Lv0PDqXQCfT5BcPuXT2qaKp4ZCChMsBrKy Ex4AnikHuVhogRnOM8HW0y3cx9TjqRWu =4vR2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
hi Christopher i have attached a copy of the policy file. yes that is true but the command line application includes the security manager with equivalent policy, Tomcat + your webapp + Oracle JDBC Driver + SecurityManager = Exception Some other app + Oracle JDBC Driver = no exception I am running oracle jdbc thin driver ConnectionPool http://old.nabble.com/file/p28334465/catalina.policy.2 catalina.policy.2 "11.1.0.7.0-Produ" The web application works fine without the security manager. Christopher Schultz-2 wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Suresh, > > On 4/22/2010 3:19 PM, suresht wrote: >> when I run TOMCAT using -security option on Java 1.6 jdk, I get following >> error. I added policy definitions for all properities, oraclejars and >> JNDIpermission for the context. > > Care to share those policy definitions? > >> java.lang.ArrayIndexOutOfBoundsException: -1 >> >> oracle.jdbc.driver.T4CTTIoauthenticate.setSessionFields(T4CTTIoauthenticate.java:942) > > Are you running the latest version of Oracle's JDBC driver? > >> when I run the similar program outside tomcat with -security it runs >> fine. any thoughts > > Tomcat + your webapp + Oracle JDBC Driver + SecurityManager = Exception > Some other app + Oracle JDBC Driver = no exception > > There are very few common terms in those two equations. Are you sure > they have any relation to one another? > > For instance, are you running your "similar program" with the same > policy file? Are you running through the same code that your webapp does? > > You never said whether your webapp works properly without the > SecurityManager installed. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvQtFcACgkQ9CaO5/Lv0PDm2QCbBZChSL7huRcZS18GvFBFCTza > 1BUAn1WGlfBSYbboiHeZNbC/GqxcNzDP > =zOZB > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28334465.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suresh, On 4/22/2010 3:19 PM, suresht wrote: > when I run TOMCAT using -security option on Java 1.6 jdk, I get following > error. I added policy definitions for all properities, oraclejars and > JNDIpermission for the context. Care to share those policy definitions? > java.lang.ArrayIndexOutOfBoundsException: -1 > > oracle.jdbc.driver.T4CTTIoauthenticate.setSessionFields(T4CTTIoauthenticate.java:942) Are you running the latest version of Oracle's JDBC driver? > when I run the similar program outside tomcat with -security it runs > fine. any thoughts Tomcat + your webapp + Oracle JDBC Driver + SecurityManager = Exception Some other app + Oracle JDBC Driver = no exception There are very few common terms in those two equations. Are you sure they have any relation to one another? For instance, are you running your "similar program" with the same policy file? Are you running through the same code that your webapp does? You never said whether your webapp works properly without the SecurityManager installed. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvQtFcACgkQ9CaO5/Lv0PDm2QCbBZChSL7huRcZS18GvFBFCTza 1BUAn1WGlfBSYbboiHeZNbC/GqxcNzDP =zOZB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Running tomcat/6.0.26 with security manager generates ORACLE jdbc error
hi Users, when I run TOMCAT using -security option on Java 1.6 jdk, I get following error. I added policy definitions for all properities, oraclejars and JNDIpermission for the context. org.apache.jasper.JasperException: java.lang.ArrayIndexOutOfBoundsException: -1 org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:491) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:419) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:517) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) root cause java.lang.ArrayIndexOutOfBoundsException: -1 oracle.jdbc.driver.T4CTTIoauthenticate.setSessionFields(T4CTTIoauthenticate.java:942) oracle.jdbc.driver.T4CTTIoauthenticate.(T4CTTIoauthenticate.java:221) oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:358) oracle.jdbc.driver.PhysicalConnection.(PhysicalConnection.java:508) oracle.jdbc.driver.T4CConnection.(T4CConnection.java:203) oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33) oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:510) oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:275) oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:206) xxx.yyy.CPC.data.DAOUtil.getConnection(Unknown Source) xxx.yyy.CPC.logging.LogDAO.createLog(Unknown Source) xxx.yyy.CPC.logging.DBLogger.db(Unknown Source) org.apache.jsp.CPC.Default_jsp._jspService(Default_jsp.java:90) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:517) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) when I run the similar program outside tomcat with -security it runs fine. any thoughts -suresh -- View this message in context: http://old.nabble.com/Running-tomcat-6.0.26-with-security-manager-generates-ORACLE-jdbc-error-tp28333480p28333480.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org