Bug 60101

Summary: 7.0.71 (RC): Jasper fails to initialize when running with SecurityManager enabled
Product: Tomcat 7 Reporter: Konstantin Kolinko <knst.kolinko>
Component: JasperAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: regression    
Priority: P2    
Version: trunk   
Target Milestone: ---   
Hardware: PC   
OS: Windows NT   
Attachments: logs.zip - Log files

Description Konstantin Kolinko 2016-09-09 21:05:29 UTC 
Steps to reproduce:

1. Unzip apache-tomcat-7.0.71.zip
2. set JAVA_HOME=C:\Program Files (x86)\Java\jdk1.8.0_102  (or 6u45 - does not matter)
3. Start Tomcat with SecurityManager being enabled:
catalina.bat start -security

The following error is observed at startup:

java.lang.ClassNotFoundException: org.apache.jasper.runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper
	at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	at org.apache.jasper.security.SecurityClassLoad.securityClassLoad(SecurityClassLoad.java:49)
	at org.apache.jasper.compiler.JspRuntimeContext.<clinit>(JspRuntimeContext.java:82)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:348)
	at org.apache.catalina.core.JasperListener.lifecycleEvent(JasperListener.java:63)
<...>

I'll attach the log file (catalina.2016-09-09.log) with full stacktrace. This error is reported twice: the first time when it occurs in SecurityClassLoad.securityClassLoadand() and the second time when it pops up in JasperListener.lifecycleEvent().

4. Visit http://localhost:8080/

The page fails with Error 500:

java.lang.NoClassDefFoundError: Could not initialize class org.apache.jasper.compiler.JspRuntimeContext
Comment 1 Konstantin Kolinko 2016-09-09 21:11:14 UTC 
Created attachment 34227 [details]
logs.zip - Log files

Log files.

catalina.2016-09-09.log  - Error messages at startup
localhost.2016-09-09.log - Error message when accessing http://localhost:8080/
localhost_access_log.2016-09-09.txt - Shows the only request to http://localhost:8080/

Some local paths were <redacted>.
Comment 2 Violeta Georgieva 2016-09-12 08:35:58 UTC 
Hi,

Thanks for the report.
This has been fixed in
- 9.0.x for 9.0.0.M11 onwards
- 8.5.x for 8.5.6 onwards
- 8.0.x for 8.0.38 onwards
- 7.0.x for 7.0.72 onwards

Regards,
Violeta