-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Sean,
On 1/12/18 11:34 AM, Sean Brett wrote: > In case anyone else has such an issue, it appears that this was all > caused by the rt.jar in the webapps WEB-INF/lib directory. > > I removed that jar for one of the other webapps exhibiting the same > issue and it resolved the issue. I wonder what the problematic classes were, here. Tomcat is supposed to prohibit loading certain classes from within the web application. For example, it's not okay for a web application to provide its own implementation of java.lang.Object or java.lang.String. There are certain packages which are supposed to be "protected" (not in the Java sense of the word, but in the "security" sense of the word) from corruption by (broken) web applications. Perhaps something is included in the rt.jar file that "shouldn't be" but Tomcat is allowing it to load. Could you post the manifest of the rt.jar file? Like this: $ jar tf rt.jar It will be a huge list, but that's okay: go ahead and post it, anyway. - -chris > On 12/01/2018 14:38, "Sean Brett" <sean.br...@nottingham.ac.uk> > wrote: > >> Comments at the bottom. (Spoiler alert: Good news!) >> >> >> On 11/01/2018 22:38, "Christopher Schultz" >> <ch...@christopherschultz.net> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >>> >>> Sean, >>> >>> On 1/11/18 11:58 AM, Sean Brett wrote: >>>> On 11/01/2018 15:48, "Christopher Schultz" >>>> <ch...@christopherschultz.net> wrote: >>>> >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >>>>> >>>>> Sean, >>>>> >>>>> (Thanks for moving to the mailing list; it's a much better >>>>> forum for getting into a protracted discussion. See below >>>>> for more, inline.) >>>>> >>>>> On 1/10/18 9:08 AM, Sean Brett wrote: >>>>>> I've been tasked with migrating a site from one >>>>>> institution to another. As part of the process we are >>>>>> attempting to update the versions the site uses. >>>>>> >>>>>> Initially I was asked to use Java 8 with Tomcat 5.5 (on >>>>>> Linux), which led to issues - not to mention Tomcat 5 >>>>>> being 'out of support¹. I have since tried to deploy the >>>>>> webapps to Tomcat 9 with Java 8. Some of the webapps >>>>>> appear to run fine (and resolve the issues I was having >>>>>> with Tomcat5). However, the main app (and 2 >>>>>> similar/smaller web apps) throws a JasperException when I >>>>>> go to the index.jsp - the same web apps deployed to >>>>>> Tomcat 5.5 load without issue. >>>>> >>>>> Moving to a later Tomcat version is best. We'll help you >>>>> figure out these issues so you can use a current version >>>>> and be better-equipped to stay current into the future. >>>>> >>>>>> Most of the similar issues I have found have suggested >>>>>> this would be related to the jar files and possibly some >>>>>> sort of conflict. However, the lib structure for tomcat 9 >>>>>> is different to tomcat5 and I'm not sure which jars could >>>>>> be causing this. e.g. >>>>>> https://stackoverflow.com/questions/22552244/tomcat-7-fails-to-co mpi >>> >>>>>> le >>>>> >>>>>> >>> - - -jsp- >>>>>> >>>>>> >>>>> pages >>>>> >>>>> JAR files might conflict, but that depends upon what you >>>>> have done so far. Easy questions: >>>>> >>>>> 1. Have you added anything to Tomcat's lib/ directory (that >>>>> would be CATALINA_HOME/lib or CATALINA_BASE/lib -- or both) >>>>> after installing Tomcat 8/9? >>>> >>>> Yes, I’ve added some jars. Some I can’t remember why I’ve >>>> added them but doubt they’d be connected to the problem. >>>> Here’s a list of the CATALINA_HOME/lib directory: (the last 4 >>>> being the ones that have been added) >>>> >>>> [snip] >>>> >>>> -rw-r--r--. 1 tomcat tomcat 313898 Dec 20 13:57 >>>> dom4j-1.6.1.jar -rw-r--r--. 1 tomcat tomcat 802494 Dec 20 >>>> 13:57 freemarker-2.3.8.jar -rw-r--r--. 1 tomcat tomcat >>>> 355030 Dec 20 13:57 mail.jar -rw-r--r--. 1 tomcat tomcat >>>> 713037 Dec 20 14:15 postgresql-42.1.4.jar >>> >>> Yup, those look "foreign". >>> >>> If possible, I'd move all of those except for the postgresql >>> driver into your web application's WEB-INF/lib folder. We can >>> move them back if absolutely necessary. >>> >>> Is "mail.jar" the JavaMail API/implementation? You'd only need >>> that in Tomcat's lib/ directory if you were asking Tomcat to >>> provide mail session via JNDI -- such would appear somewhere in >>> either your web applications' META-INF/context.xml file or some >>> file under CATALINA_BASE/conf/* >>> >>> Check your version of JavaMail. There are older versions which >>> contain vulnerabilities that have been patched. The API is >>> (AFAICT) 100% backward-compatible, so you should be able to >>> upgrade to JavaMail.latest without any problems. YMMV. >>> >>>>> 2. What JAR files are bundled with your application in >>>>> WEB-INF/lib ? >>>> >>>> -rw-r-----. 1 root root 97703 Jan 11 15:05 servlet-api.jar >>> >>> Remove that one. Tomcat should refuse to load it, but you >>> should remove it anyway. >>> >>>> -rw-r-----. 1 root root 8356134 Jan 11 15:05 rt.jar >>> >>> Is that the Java JDK's runtime library? If so, remove that as >>> well. Tomcat should refuse to load classes over-top of the >>> standard java.*, javax.*, and a few other top-level packages >>> but it's always possible something might sneak in there and >>> confuse everything. >>> >>>> -rw-r-----. 1 root root 474746 Jan 11 15:05 >>>> postgresql-8.3-603.jdbc4.jar> -rw-r-----. 1 root root 355030 >>>> Jan 11 15:05 mail.jar >>> >>> If you have either (or both) of these in Tomcat's >>> CATALINA_BASE/lib or CATALINA_HOME/lib directories, you'll want >>> to remove them from here. >>> >>>> -rw-r-----. 1 root root 352668 Jan 11 15:05 log4j-1.2.8.jar >>> >>> Ok. >>> >>>> -rw-r-----. 1 root root 55008 Jan 11 15:05 >>>> local-ldap-0.0.1.jar -rw-r-----. 1 root root 38114 Jan 11 >>>> 15:05 ldap-src-0.0.1.jar -rw-r-----. 1 root root 38668 Jan >>>> 11 15:05 ldap.jar -rw-r-----. 1 root root 55827 Jan 11 >>>> 15:05 ldap-0.0.1.jar >>> >>> Hmm. Does your application use LDAP directly? >>> >>>> -rw-r-----. 1 root root 146718 Jan 11 15:05 jdom.jar >>>> -rw-r-----. 1 root root 173211 Jan 11 15:05 IonoMap.jar >>>> -rw-r-----. 1 root root 457002 Jan 11 15:05 ibmjndi.jar >>>> -rw-r-----. 1 root root 38015 Jan 11 15:05 >>>> commons-logging-1.0.4.jar -rw-r-----. 1 root root 87776 Jan >>>> 11 15:05 commons-io-1.3.2.jar -rw-r-----. 1 root root >>>> 22379 Jan 11 15:05 commons-fileupload.jar -rw-r-----. 1 root >>>> root 57779 Jan 11 15:05 commons-fileupload-1.2.1.jar >>>> -rw-r-----. 1 root root 559366 Jan 11 15:05 >>>> commons-collections-3.1.jar -rw-r-----. 1 root root 58735 >>>> Jan 11 15:05 common-piims-src.jar -rw-r-----. 1 root root >>>> 175113 Jan 11 15:05 common-piims.jar -rw-r-----. 1 root root >>>> 55147 Jan 11 15:05 activation.jar >>> >>> Everything else looks okay. With Java 8, I'm not sure >>> activation.jar is necessary anymore. But JavaMail and the >>> activation framework should together (if activation.jar is >>> still required). >>> >>>>>> I've also tried changing the index.jsp into a simpler >>>>>> (HelloWorld) form - removing any code. And tried deleting >>>>>> the 'work' directory before restarting Tomcat >>>>>> (http://grokbase.com/t/tomcat/users/072v2kf60h/java-permission-de nie >>> >>>>>> d- >>>>> >>>>>> >>> error >>>>>> >>>>>> >>>>> - -in-tomcat). In both cases the exception is still >>>>> thrown. >>>>> >>>>> Can you post the full text of HelloWorld.jsp? >>>>> >>>>> I'm wondering if you have some odd syntax or are expecting >>>>> to use a "custom base JSP servlet class" or something like >>>>> that which is no longer compatible with Tomcat's current >>>>> JSP servlet. If so, we'll try to figure out why the custom >>>>> code was necessary and make arrangements to replace it. >>>>> >>>>> - -chris >>>> >>>> I also wondered if it could be some incompatible code so >>>> stripped it down to the bare minimum as follows: >>>> >>>> <html> <head> <title>Ionomics Hub (iHUB) - Home</title> >>>> </head> <body class="tundra"> <p>iHub index page</p> </body> >>>> </html> >>> >>> It doesn't get any simpler than that. And it still completely >>> dies when you request that file from Tomcat? Weird. >>> >>>> Another suggestion >>>> (https://coderanch.com/t/689419/Jasper-Exception-Tomcat-works-Tomca t) >>>> >>>> was it may be something to do with precompiled jsps. >>> >>> Are you precompiling JSPS? If you don't know what I'm talking >>> about, you're not precompiling JSPs. >>> >>>> Excuse my ignorance but the file highlighted in the >>>> JasperException is only created when the war file is deployed >>>> by tomcat. So I’m not sure what I can do to influence this >>>> file. Pretty convinced this is a config issue. >>> >>> Your Tomcat may be broken in some way, too. Other than adding >>> those 4 JAR files (and dropping your webapp into >>> CATALINA_BASE/webapps), did you do anything else to Tomcat >>> since you installed it? Any configuration file changes? >>> >>> - -chris >> >> >> >> >> Thanks Chris, it looks like following your advice has resolved >> the issue - I’ve not been through the whole application but the >> first few pages are loading correctly. >> >> I haven’t narrowed down the cause yet but suspect it was the >> servlet-api.jar in the WEB-INF/lib folder that was causing the >> issue. As it stands I removed the dom4j-1.6.1.jar and >> freemarker-2.3.8.jar from $CATALINA_HOME/lib, I then removed >> servlet-api.jar, rt.jar from the web application's WEB-INF/lib >> directory. I needed the mail.jar for other web apps further down >> the chain. >> >> Thanks for your advice, it’s much appreciated. >> >> Best wishes, Sean >> >> >> >> >> >> >> >> This message and any attachment are intended solely for the >> addressee and may contain confidential information. If you have >> received this message in error, please send it back to me, and >> immediately delete it. >> >> Please do not use, copy or disclose the information contained in >> this message or in any attachment. Any views or opinions >> expressed by the author of this email do not necessarily reflect >> the views of the University of Nottingham. >> >> This message has been checked for viruses but the contents of an >> attachment may still contain software viruses which could damage >> your computer system, you are advised to perform your own checks. >> Email communications with the University of Nottingham may be >> monitored as permitted by UK legislation. >> > > > > > > This message and any attachment are intended solely for the > addressee and may contain confidential information. If you have > received this message in error, please send it back to me, and > immediately delete it. > > Please do not use, copy or disclose the information contained in > this message or in any attachment. Any views or opinions expressed > by the author of this email do not necessarily reflect the views of > the University of Nottingham. > > This message has been checked for viruses but the contents of an > attachment may still contain software viruses which could damage > your computer system, you are advised to perform your own checks. > Email communications with the University of Nottingham may be > monitored as permitted by UK legislation. > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlpZCXYdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFgR1Q/9EpCMNq2lpRZ+wvVL EUbolriBQ+G7s2/RshW3/E/uCORG5HSqKiUdhQ709+sjgRQe5zi+WRk6Fj5x65DQ gY5IAk77GMSXPNhw/GJbstsoxAytMFXMXyXBdlTwSPfpKg1PK/lpjkvqH3l7RqI4 VHuahN5LEv82ViEkLCrplhvO0I8idfPOf+YvLi3COWAPq5fi1akb9+NlkzNsoPDy 8opKCoPuaR6PtE8H1C2VZLmAtb299YlWtetQuNT9yOO6uvnnQISuQoxM+VnuM+PE KSgLknr4K/nAgNPPM08n2RFjX8wcZPqnzSn44ZIrm2Iqwkw4S52rwRkoJSY+Zm12 lHQPoZJ97Ln7OcCExLfe4VsuIlT/lnsucuDPjypY1lUC0iGmcepaL8IXDQXH9Hby nSOnBFiBnStxx7UPPhGq58WLKYLkeqaqWyjBIbONqzsz8S5L74qruYDkmP+kKYLd vbeFKhzQIVOnbEfnXN+FQcp3MUdhqxdMeyvY3/yixua8fJIrKW+nZNd2vqeOx1Si vFbSnAm7zD62S4edhXQwHwwf66fqL626LMLKTjH/00h4YWWNjOVFg7rg4wYxNo1I K5v0gDIXYhbR5GZh7fLMrtsIdypZB0VLuE52HKv4mInWE/4GN30a0JYj7eDdSqBN U5Q4eBVO/bA3O1hgK9APRoOYLdU= =kV3E -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
