Bug 61581 - SecurityException trying to access JNI classes in Drawboard example when running with SecurityManager
Summary: SecurityException trying to access JNI classes in Drawboard example when runn...
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 7
Classification: Unclassified
Component: WebSocket (show other bugs)
Version: 7.0.82
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-02 11:40 UTC by Konstantin Kolinko
Modified: 2017-10-06 12:00 UTC (History)
0 users



Attachments
catalina.2017-10-02.log (12.35 KB, application/octet-stream)
2017-10-02 11:40 UTC, Konstantin Kolinko
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Konstantin Kolinko 2017-10-02 11:40:05 UTC
Created attachment 35393 [details]
catalina.2017-10-02.log

Smoke-testing release candidate of Tomcat 7.0.82.

Java 8u144, Windows, running with APR connector

Steps to reproduce:
1. Start Tomcat
2. Access
http://localhost:8080/examples/websocket/drawboard.xhtml
3. Actual result:
- At client: the page fails to complete loading. It displays some parts of the page, but no drawboard area.
- At server: java.security.AccessControlException is logged

[[[
SEVERE: Unexpected exception: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.org.apache.tomcat.jni")
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.org.apache.tomcat.jni")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
	at java.security.AccessController.checkPermission(AccessController.java:884)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1564)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:315)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:411)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	at org.apache.coyote.http11.upgrade.AprServletOutputStream.doWriteInternal(AprServletOutputStream.java:135)
]]]

I am attaching catalina.2017-10-02.log file.
Comment 1 Konstantin Kolinko 2017-10-03 11:51:06 UTC
AprServletOutputStream.java:135 is

  if (Status.APR_STATUS_IS_EAGAIN(-written)) {

APR_STATUS_IS_EAGAIN is a method, not a constant, and thus Java tries to load the class.

If I preload the Status class the issue does not happen.


This is: to work-around this issue, add the following attribute to JreMemoryLeakPreventionListener configured in conf/server.xml:

[[[
    classesToInitialize="org.apache.tomcat.jni.Status"
]]]
Comment 2 Mark Thomas 2017-10-06 12:00:00 UTC
Fixed in 7.0.x for 7.0.83 onwards.