Bug 48218 - Comet example chat.ChatServlet fails to start when running with SecurityManager
Summary: Comet example chat.ChatServlet fails to start when running with SecurityManager
Status: RESOLVED WONTFIX
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 6.0.20
Hardware: PC Windows XP
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
: 49212 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-11-17 18:36 UTC by Konstantin Kolinko
Modified: 2010-04-30 01:49 UTC (History)
1 user (show)



Attachments
2010-04-30_tc6_bug48218.patch - patch for catalina.policy (672 bytes, patch)
2010-04-30 01:41 UTC, Konstantin Kolinko
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Konstantin Kolinko 2009-11-17 18:36:19 UTC
If I run "catalina.bat start -security" with the latest tc6.0.x as of rev.881628, it fails with the following exception:

18.11.2009 4:36:16 org.apache.catalina.loader.WebappClassLoader findClass
WARNING: WebappClassLoader.findClassInternal(chat.ChatServlet) security exception: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
	at java.security.AccessController.checkPermission(AccessController.java:546)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
	at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
	at java.lang.ClassLoader$1.run(ClassLoader.java:331)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:329)
	at java.lang.ClassLoader.defineClass1(Native Method)
	at java.lang.ClassLoader.defineClass(ClassLoader.java:621)
	at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
	at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1956)
	at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:913)
	at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1387)
	at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1266)
	at org.apache.catalina.startup.WebAnnotationSet.loadApplicationServletAnnotations(WebAnnotationSet.java:108)
	at org.apache.catalina.startup.WebAnnotationSet.loadApplicationAnnotations(WebAnnotationSet.java:58)
	at org.apache.catalina.startup.ContextConfig.applicationAnnotationsConfig(ContextConfig.java:297)
	at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:1069)
	at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:261)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4339)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
	at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123)
	at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:989)
	at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:912)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:495)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1225)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:516)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:583)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)


Apparently the cause of it is that the chat.ChatServlet class of the examples webapp fails to load the following classes:
  org.apache.catalina.CometEvent;
  org.apache.catalina.CometProcessor;

This issue is observable in 6.0.20, but manifests itself silently: the following URL [1] works when running without security manager and fails with Error 500 (java.lang.ClassNotFoundException: chat.ChatServlet) when running with security manager.

[1] http://localhost:8080/examples/jsp/chat/chat

I mean that the statement that prints out the exception was added in revision 832373 and 6.0.20 just swallows it.

I wonder
a) whether we should preload those Comet API classes,
b) why do we have them directly in "org.apache.catalina",
c) whether there is another way to fix it, e.g. like Servlet API classes do not throw such exception though they are not preloaded
Comment 1 Mark Thomas 2009-11-18 03:51:12 UTC
Access is controlled per package so the Comet API really needs to be in a separate package (like the Servlet API). This was done for trunk in r833510 but it is an API breaking change so a straight back-port to 6.0.x is not possible.

Given the circumstances, I leaning towards won't fix for this issue.
Comment 2 Mark Thomas 2009-11-22 15:17:44 UTC
Thought about this some more and there is no easy fix for 6.0.x that doesn't break the API. Note this has been fixed for 7.0.x but is a WONTFIX for 6.0.x.
Comment 3 Konstantin Kolinko 2010-04-30 01:41:27 UTC
Created attachment 25379 [details]
2010-04-30_tc6_bug48218.patch - patch for catalina.policy

Attaching a patch for catalina.policy.

For reference: RuntimePermission matching rules are described in its JavaDoc:
http://java.sun.com/javase/6/docs/api/java/lang/RuntimePermission.html

I will not propose this patch for TC6. Granting this permission by default is too risky because it provides access to Server API. Granting it to the examples app, as the patch does, is better, but will confuse those who do not have the examples app installed.

This issue remains as WONTFIX.

We can add a note to the RELEASE-NOTES, though.
Comment 4 Konstantin Kolinko 2010-04-30 01:49:38 UTC
*** Bug 49212 has been marked as a duplicate of this bug. ***