Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Tomcat5 security manager ClassLoader troubles...

Programming languages, Coding, Executables, Package Creation, and Scripting.
Post Reply
Message
Author
acidpk
Posts: 1
Joined: 2005-10-01 15:29

Tomcat5 security manager ClassLoader troubles...

#1 Post by acidpk »

Hello everybody,

We deployed a web application on Tomcat5 and Sun's JDK 1.4.10.2.
Without the security manager activated, everything runs fine.
After activating the security manager we received following error:

java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
java.security.AccessController.checkPermission(AccessController.java:401)
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:586)
java.lang.ClassLoader.<init>(ClassLoader.java:210)
org.apache.hivemind.service.impl.ClassFactoryClassLoader.<init>(ClassFactoryClassLoader.java:26)
org.apache.hivemind.service.impl.HiveMindClassPool.<init>(HiveMindClassPool.java:35)
org.apache.hivemind.service.impl.ClassFactoryImpl.<init>(ClassFactoryImpl.java:34)

After adding following permission:

permission java.lang.RuntimePermission "createClassLoader";

to /etc/tomcat5/policy.d/04webapps.policy this problem was resolved, but we now have following error:

javassist.NotFoundException: java.lang.Object
javassist.ClassPool.get(ClassPool.java:374)
org.apache.hivemind.service.impl.CtClassSource.getCtClass(CtClassSource.java:52)
org.apache.hivemind.service.impl.CtClassSource.newClass(CtClassSource.java:62)
org.apache.hivemind.service.impl.ClassFactoryImpl.newClass(ClassFactoryImpl.java:42)
org.apache.hivemind.impl.ProxyBuilder.<init>(ProxyBuilder.java:80)

Does somebody know what permission is missing?

Thanks in advance,
Peter & Rik

PS: If more output is needed, we'll be glad to post that too.

lacek
Posts: 764
Joined: 2004-03-11 18:49
Location: Budapest, Hungary
Contact:

#2 Post by lacek »

It seems that the classes loaded by the "new" classloader can't find the classes which already on the system. I don't think it as a permission problem, since all permission problems throw a SecurityException.

I may be wrong, bit it seems that your class loader doesn't check its parent nor the system's class loader, and if it doesn't find a class (in this case, java.lang.Object), it returns an error. It should call ClassLoader.getSystemClassLoader().getClass() in order to make the system's class loader find the class for it.

Post Reply