-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All,
I'm trying to run Tomcat with a SecurityManager and I'm having a few problems. Debian Linux Tomcat 6.0.26 Sun Java 1.6.0_12 Server VM I'm using CATALINA_BASE to run Tomcat from a different place than CATALINA_HOME. I've been doing this for years, so I think I have a handle on that part. ;) I'm using ant scripts to start Tomcat, but ultimately they call catalina.sh with the following environment: [echo] JAVA_HOME is /usr [echo] JAVA_OPTS is -Xmx64M [echo] CATALINA_HOME is /usr/local/apache-tomcat-6.0.26 [echo] CATALINA_BASE is /home/cschultz/.webapps/diagnosis/8215 [echo] CATALINA_OPTS is - -Djava.library.path=/usr/local/apache-tomcat-6.0.26/server/lib [echo] security-option is -security That last message means that we're calling catalina.sh like this: CATALINA_HOME/bin/catalina.sh start -security With no CATALINA_BASE/conf/catalina.policy file, I get this error: Exception in thread "main" java.lang.ExceptionInInitializerError at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:171) at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:243) at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:298) at org.apache.catalina.startup.Bootstrap.<clinit>(Bootstrap.java:55) Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission java.util.logging.config.class read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285) at java.lang.System.getProperty(System.java:652) at org.apache.juli.logging.DirectJDKLog.<clinit>(DirectJDKLog.java:43) ... 4 more Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit. If I copy the stock catalina.policy file from CATALINA_HOME/conf to CATALINA_BASE/conf, I get further (see below). Would it be possible to have catalina.sh detect the location of catalina.policy from CATALINA_BASE (preferred) or CATALINA_HOME (fallback)? Perhaps it's silly to use a system-wide catalina.policy file, but it's a bit confusing to see that the Bootstrap class isn't found when you try to start up Tomcat with a security manager and don't know that copying catalina.policy is a prerequisite. The Security Manager HOWTO does specifically say that CATALINA_BASE/conf/catalina.policy contains the policy, but it might be nice to check in catalina.sh to see if such a policy exists when invoked with "-security". I'd be happy to write a patch that provides this check. Anyhow, when the Security Manager is enabled, I get this exception during startup (apologies for the lengthy stack trace): SEVERE: Error configuring application listener of class org.childhealthcare.diagnosis.servlet.CommonsLoggingListener java.lang.ExceptionInInitializerError at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:785) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:519) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:581) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Caused by: org.apache.commons.logging.LogConfigurationException: User-specified log class 'org.apache.commons.logging.impl.Log4JLogger' cannot be found or is not useable. at org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:874) at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:604) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:336) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:310) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:685) at org.childhealthcare.diagnosis.servlet.CommonsLoggingListener.<clinit>(CommonsLoggingListener.java:19) ... 33 more Mar 19, 2010 2:43:11 PM org.apache.catalina.core.StandardContext listenerStart SEVERE: Error configuring application listener of class org.childhealthcare.diagnosis.servlet.ContextParamListener java.lang.ExceptionInInitializerError at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:785) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:519) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:581) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Caused by: org.apache.commons.logging.LogConfigurationException: User-specified log class 'org.apache.commons.logging.impl.Log4JLogger' cannot be found or is not useable. at org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:874) at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:604) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:336) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:310) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:685) at org.childhealthcare.diagnosis.servlet.ContextParamListener.<clinit>(ContextParamListener.java:24) ... 33 more Mar 19, 2010 2:43:11 PM org.apache.catalina.core.StandardContext listenerStart SEVERE: Error configuring application listener of class org.childhealthcare.diagnosis.servlet.InitListener java.lang.NoClassDefFoundError: Could not initialize class org.apache.log4j.LogManager at org.apache.log4j.Logger.getLogger(Logger.java:118) at org.childhealthcare.diagnosis.servlet.InitListener.<init>(InitListener.java:40) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:785) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:519) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:581) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Mar 19, 2010 2:43:11 PM org.apache.catalina.core.StandardContext listenerStart SEVERE: Error configuring application listener of class org.childhealthcare.diagnosis.servlet.SessionAttributeListener java.lang.NoClassDefFoundError: Could not initialize class org.apache.log4j.LogManager at org.apache.log4j.Logger.getLogger(Logger.java:118) at org.childhealthcare.diagnosis.servlet.SessionAttributeListener.<clinit>(SessionAttributeListener.java:20) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3916) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:785) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:519) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:581) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) =============== END OF STARTUP LOG ============ Tomcat then realizes that something is wrong and decides to stop itself due to "previous errors" and shuts things down. It fails trying to de-register the JDBC driver with this exception: Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.Class.getClassLoader(Class.java:594) at org.apache.catalina.loader.JdbcLeakPrevention.clearJdbcDriverRegistrations(JdbcLeakPrevention.java:49) ... 35 more So, it looks like there are actually two startup exceptions: 1. org.apache.commons.logging.LogConfigurationException: User-specified log class 'org.apache.commons.logging.impl.Log4JLogger' cannot be found or is not useable. and 2. java.lang.NoClassDefFoundError: Could not initialize class org.apache.log4j.LogManager Both exceptions occur during execution of my own code. Here is the full class for CommonsLoggingListener.java: import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; /** * A listener to initialize commons-logging. * * @author Chris Schultz * @version $Revision: 1.1 $ $Date: 2008-05-27 21:12:21 $ */ public class CommonsLoggingListener implements ServletContextListener { private static final Log log = LogFactory.getLog(CommonsLoggingListener.class); public void contextInitialized(ServletContextEvent e) { log.info("Initializing commons-logging"); } /** * Releases Loggers bound to the current ClassLoader. * * See http://www.nabble.com/Undeploying-problem-with-Tomcat-5.5-and-Log4J-to8142921.html#a8149142 */ public void contextDestroyed(ServletContextEvent e) { log.info("Cleaning logs bound to webapp ClassLoader"); LogFactory.release(Thread.currentThread().getContextClassLoader()); } } In the InitListener.java class, I basically just try to create a log4j logger like this: Logger.getLogger(className) In both of these situations, Tomcat ought to be able to load the classes required. The only changes to the main Tomcat installation are that I copied my JDBC driver .jar file into CATALINA_HOME/lib. log4j.jar exists only in WEB-INF/lib/log4j-1.2.15.jar. The commons-logging library exists only in WEB-INF/lib/commons-logging-1.1.1.jar I have no logging.properties in CATALINA_BASE/conf It almost seems like the wrong ClassLoader is being used to run my context listeners. Am I missing something, here? Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkujy3EACgkQ9CaO5/Lv0PAc0wCfZUO/38cd9A0U3HpunNSTnMu7 qx4AnjitZb4/6bzBB7KIR1lNWTvCwtes =tmvN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org