| Summary: | AuthConfigFactoryImpl.doRegisterConfigProvider() does not search in the web app classloader when loading the provider class | ||
|---|---|---|---|
| Product: | Tomcat 8 | Reporter: | Lazar Kirchev <lazar.kirchev> |
| Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | P2 | ||
| Version: | 8.5.23 | ||
| Target Milestone: | ---- | ||
| Hardware: | PC | ||
| OS: | All | ||
| Attachments: | sample app | ||
This pull request contains a fix for it: https://github.com/apache/tomcat/pull/90 Many thanks. Fixed in: - trunk for 9.0.2 onwards - 8.5.x for 8.5.24 onwards |
Created attachment 35536 [details] sample app AuthConfigFactoryImpl.doRegisterConfigProvider() first tries to load the provider class with the thread context class loader (which is the application loader) and after that it retries with its own loader. However, the retry is always done, even if the first loading was successful. The result is that if the provider implementation is in the application the second loading fails and the provider registration throws ClassNotFound The attached war contains a very sample application illustrating the problem. It contains a sample provider implementation and a ServletContextListener which tries to register the provider it in its contextInitialized.