Created attachment 32892 [details] CometProcessor servlets must not be cached as Servlet or NoSuchMethodException will be thrown. The fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=57281 caused a regression with Tomcat running with a SecurityManager, CometProcessor servlets throw an exception when serving a request. Please find proposed fix in patch file.
javax.servlet.ServletException: Servlet execution threw an exception java.security.AccessController.doPrivileged(Native Method) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:218) org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:333) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079) org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1753) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1712) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) java.lang.Thread.run(Thread.java:745) root cause java.lang.NoSuchMethodException: javax.servlet.Servlet.event(org.apache.catalina.comet.CometEvent) java.lang.Class.getMethod(Class.java:1670) org.apache.catalina.security.SecurityUtil.createMethodAndCacheIt(SecurityUtil.java:380) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161) java.security.AccessController.doPrivileged(Native Method) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:218) org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:333) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079) org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1753) org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1712) java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) java.lang.Thread.run(Thread.java:745)
Would be nice if the fix could be backported to Tomcat 7.
1. This is reproducible with examples webapp (comet chat example) 2. I think the same issue exists with Filter and CometFilter. I do not have an example though. It needs a fix. 3. The patch looks as a working one (as CometProcessor extends Servlet interface) But I wonder whether there is a better fix. It is known what methods belong to Servlet interface and what belong to CometProcessor. The same with Filter and CometFilter. Note: Tomcat trunk is not affected, as Comet API has been removed from Tomcat 9 onwards.
I agree it certainly looks as if a better fix should be possible but having looked at this for a little while I don't see anything obvious. A cleaner final solution may be possible with a more invasive refactoring but given that Comet has been removed from Tomcat 9 onwards I think the proposed patch is the way to go (with a similar solution for filters).
Thanks for the patch. It has been applied (with a minor tweak for more specific generics and an extension for CometFilter) to 8.0.x (for4 8.0.25 onwards) and 7.0.x (for 7.0.64 onwards).
Created attachment 32944 [details] Comet SecurityManager patch Attaching new patch which addresses the same problem with CometFilter.
Beat me to it, thanks a lot Konstantin and Mark!