Bug 48438 - RC2 of 6.0.21: java.security.AccessControlException on Error 500 page
Summary: RC2 of 6.0.21: java.security.AccessControlException on Error 500 page
Status: RESOLVED DUPLICATE of bug 48580
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Jasper (show other bugs)
Version: 6.0.20
Hardware: PC Windows XP
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-23 05:26 UTC by Konstantin Kolinko
Modified: 2010-01-20 12:02 UTC (History)
0 users



Attachments
/webapps/examples/jsp/tagplugin/if.jsp (1.62 KB, application/octet-stream)
2009-12-23 05:26 UTC, Konstantin Kolinko
Details
localhost.2009-12-23.log that contains the full stack trace (3.84 KB, text/plain)
2009-12-23 05:28 UTC, Konstantin Kolinko
Details
localhost.2009-12-23.log for Comment 2 (37.01 KB, text/plain)
2009-12-23 06:08 UTC, Konstantin Kolinko
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Konstantin Kolinko 2009-12-23 05:26:17 UTC
Created attachment 24753 [details]
/webapps/examples/jsp/tagplugin/if.jsp

Steps to reproduce:
1. Download and install 6.0.21 release candidate "try2"
2. Replace /webapps/examples/jsp/tagplugin/if.jsp with the file attacted to this bug report. It has a few lines added to reproduce bug 48112.
3. Run  catalina start -security
4. Access http://localhost:8080/examples/jsp/tagplugin/if.jsp
5. Observe Error 500 page with java.security.AccessControlException

java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper.security)
	java.security.AccessControlContext.checkPermission(Unknown Source)
	java.security.AccessController.checkPermission(Unknown Source)
	java.lang.SecurityManager.checkPermission(Unknown Source)
	java.lang.SecurityManager.checkPackageAccess(Unknown Source)
	sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
	java.lang.ClassLoader.loadClass(Unknown Source)
	java.lang.ClassLoader.loadClass(Unknown Source)
	java.lang.ClassLoader.loadClassInternal(Unknown Source)
org.apache.jasper.runtime.ProtectedFunctionMapper.getMapForFunction(ProtectedFunctionMapper.java:145)
	org.apache.jsp.jsp.tagplugin.if_jsp.<clinit>(if_jsp.java:13)

The full stack trace will be in an attachment.

6. If run without Security manager, the error report as described in bug 48112 is observed, that is
(..)
org.apache.el.parser.ParseException: Encountered " <ILLEGAL_CHARACTER> "\' ""
at line 1, column 11.
(..)

5. is the unexpected result, 6. is the expected result
Comment 1 Konstantin Kolinko 2009-12-23 05:28:43 UTC
Created attachment 24754 [details]
localhost.2009-12-23.log that contains the full stack trace
Comment 2 Konstantin Kolinko 2009-12-23 06:01:26 UTC
Retrying to reproduce this with
\webapps\examples\jsp\jsp2\el\basic-arithmetic.jsp

If I add the following four lines to the end of the file:
    48112:
    <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
    <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
    <c:out value="${fn:trim('{world}')}"/>

When running with Security Manager I observe three different behaviors:

A). The proper error report from bug 48112
(..)
org.apache.el.parser.ParseException: Encountered " <ILLEGAL_CHARACTER> "\' ""
at line 1, column 11.
(..)

To reproduce:
1. Clear the working directory
2. Start Tomcat
3. Remove added lines from basic-arithmetic.jsp, so that it becomes valid
4. Browse http://localhost:8080/examples/jsp/jsp2/el/basic-arithmetic.jsp
5. Add the lines to basic-arithmetic.jsp
6. Reload the page in the browser
7. Observe the error

B). AccessControlException

To reproduce:
1. Clear the working directory
2. Start Tomcat
3. Add the lines to basic-arithmetic.jsp
4. Browse http://localhost:8080/examples/jsp/jsp2/el/basic-arithmetic.jsp
5. Observe the error

C). NoClassDefFoundError

To reproduce:
1. Run A) or B)
2. Stop Tomcat and do *not* clear the working directory
3. Start Tomcat
4. Browse http://localhost:8080/examples/jsp/jsp2/el/basic-arithmetic.jsp
5. Observe the error


java.lang.NoClassDefFoundError: Could not initialize class org.apache.jsp.jsp.jsp2.el.basic_002darithmetic_jsp
	sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
	sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
	java.lang.reflect.Constructor.newInstance(Unknown Source)
	java.lang.Class.newInstance0(Unknown Source)
	java.lang.Class.newInstance(Unknown Source)
	org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:145)

I observe the following oddity:
1. Run B)
2. In the working folder both java and class file for the page are present:
basic_002darithmetic_jsp.class
basic_002darithmetic_jsp.java

So, how does it produce a class file when java file generation should have failed with an exception?
Comment 3 Konstantin Kolinko 2009-12-23 06:08:21 UTC
Created attachment 24755 [details]
localhost.2009-12-23.log for Comment 2
Comment 4 Konstantin Kolinko 2009-12-23 06:15:23 UTC
Additional observation for A):

That org.apache.el.parser.ParseException: occurs at run time, not at compile time!

It explains why the class file is generated.

You can see the stacktrace for this case in attachment 24755 [details].

It is
 at org.apache.el.parser.ELParser.generateParseException(ELParser.java:2142)
 at org.apache.el.parser.ELParser.jj_consume_token(ELParser.java:2024)
 (.. a dozen of ELParser methods)
 (.. a pair of ExpressionBuilder methods)
 at org.apache.el.ExpressionFactoryImpl.createValueExpression(ExpressionFactoryImpl.java:68)
 at org.apache.jasper.runtime.PageContextImpl$13.run(PageContextImpl.java:919)
 at java.security.AccessController.doPrivileged(Native Method)
 at org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:913)
 at org.apache.jsp.jsp.jsp2.el.basic_002darithmetic_jsp._jspx_meth_c_005fout_005f0(basic_002darithmetic_jsp.java:205)
 at org.apache.jsp.jsp.jsp2.el.basic_002darithmetic_jsp._jspService(basic_002darithmetic_jsp.java:179)

So it occurs in _jspService() of a running page, when it calls PageContextImpl.proprietaryEvaluate to evaluate an EL expression.
Comment 5 Konstantin Kolinko 2010-01-20 12:02:34 UTC
It is a duplicate of bug 48580.

That this page would fail without SecurityManager is just a coincidence.
With a SecurityManager it does not initialize (fails in its <clinit>), and that happens earlier than any EL evaluation takes place.

*** This bug has been marked as a duplicate of bug 48580 ***