tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jorgen Thelin <tom...@sw-technologies.com>
Subject Re: Need further help with Error 500 - sun/tools/javac/Main
Date Wed, 19 Jul 2000 06:55:32 GMT
Klacansky, Igor <IKlacansky@ccis2.ucsd.edu> writes:

>> Subject: Re: still sun/tools/javac/Main 
>>
>> Hi,
>> 
>> I'd like to ask still for help on
>> 
>> Error: 500
>> 
>> Location: /examples/jsp/error/errorpge.jsp
>> 
>> sun/tools/javac/Main
>> 
>> (the stack trace as usually)
>> 
>> The problem is all Tomcat JSP examples are working but the ErrorPage when
>it
>> should handle the error situation (on Win NT, Apache 1.3.12, Tomcat3.1). I
>> saw the discussion on this subject and I tried everything suggested but
>> without results.
>> Is it possible that tomcat doesn't like path with spaces inside
>("G:\Program
>> Files\Apache Group\...")?
>> 
>> Thank you,
>> 
>> Igor
>


Glenn Nielsen discovered this problem was caused by the use of a
security policy file with Tomcat running on Java 2.  
I have not tried the absolute latest code from CVS, so I don't know
whether the problem has been solved, but I was still seeing these
symptoms as of last week.

If you running vanilla tomcat with the -security flag, you may want to
try omitting the -security bit and see whether that works until a more
structural solution can be found (it's not just a case of simply adding
a doPrivileged block to the code!).

Hope that helps.


- Jorgen


---------- Forwarded Message ----------

Message ID # 6653
Date: Thu, 18 May 2000 20:32:17 -0500
From: Glenn Nielsen <glenn@voyager.apg.more.net>
Subject: Re: Tomcat 3.1 w/SecurityManager Jasper Compile
AccessControlException


Glenn Nielsen <glenn@voyager.apg.more.net> writes
>I think I figured this one out, the security designed into 
>sun.tools.javac.Main is so strict that it prevents the compiler 
>from being run if a SecurityManager is installed.
>
>sun.tools.javac.Main fails with an AccessControlException if a SecurityManager 
>is
>in use, regardless of what permissions you grant in your java.policy file.
>
>So I did a test outside of Tomcat:
>
>I created a system level java.policy file that contained
>
>grant {
>        permission java.security.AllPermission;
>};
>
>Then I wrote the TestCompile.java class as follows
>
>import sun.tools.javac.Main;
>
>public class TestCompile {
>  public static void main (String args[]) {
>    Main compiler = new Main(System.out, "jsp->javac");
>
>    String[] cargs = new String[]
>      {
>        "TestCompile.java"
>      };
>        
>    compiler.compile(cargs);
>  }
>}
>
>I compiled the above with
>
>javac TestCompile.java
>
>Then executed the above without a SecurityManager
>
>java TestCompile
>
>and the compiler ran without an AccessControlException.
>
>Then executed it with the default java.policy file above
>
>java -Djava.security.manager TestCompile
>
>and it generated the following stack trace.
>
>Exception in thread "main" java.security.AccessControlException: access denied
>(java.lang.RuntimePermission accessClassInPackage.sun.tools.java )
>        at java.lang.Throwable.fillInStackTrace(Native Method)
>        at java.lang.Throwable.<init>(Throwable.java:94)
>        at java.lang.Exception.<init>(Exception.java:42)
>        at java.lang.RuntimeException.<init>(RuntimeException.java:47)
>        at java.lang.SecurityException.<init>(SecurityException.java:39)
>        at java.security.AccessControlException.<init>(AccessControlException.ja
>va:57)
>        at java.security.AccessControlContext.checkPermission(Compiled Code)
>        at java.security.AccessController.checkPermission(Compiled Code)
>        at java.lang.SecurityManager.checkPermission(Compiled Code)
>        at java.lang.SecurityManager.checkPackageAccess(Compiled Code)
>        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:272)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:238)
>        at java.lang.ClassLoader.defineClass0(Native Method)
>        at java.lang.ClassLoader.defineClass(ClassLoader.java:404)
>        at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:10
>1)
>        at java.net.URLClassLoader.defineClass(URLClassLoader.java:248)
>        at java.net.URLClassLoader.access$1(URLClassLoader.java:216)
>        at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
>        at java.security.AccessController.doPrivileged(Native Method)
>        at java.net.URLClassLoader.findClass(URLClassLoader.java:191)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:281)
>        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:275)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:238)
>        at TestCompile.main(TestCompile.java:5)
>
>The only conclusion I can reach is that the security designed into 
>sun.tools.javac.Main is so strict that it prevents the compiler from 
>being run if a SecurityManager is installed.
>
>I was able to get Jasper to compile a JSP by using the Jikes compiler config,
>I changed jikes to javac since I don't have jikes installed.
>
>Regards,
>
>Glenn
>
>Glenn Nielsen wrote:
>> 
>> When testing execution of JSP with a SecurityManager I get an 
>AccessControlException
>> when Jasper tries to compile a JSP using sun.tools.java.
>> 
>> Both tools.jar and jasper.jar are in a classpath's that are granted 
>AllPermissions in
>> the policy file.
>> 
>> I tried using AccessController.doPrivileged() to execute the compile,
>> but the AccessControlException is still thrown.
>> 
>> Any ideas what is causing this?
>> 
>> Could it be that the URLClassLoader ends up getting used?
>> 
>> Will an alternate compiler have to be configured for Jasper?
>> And if so, how is that configured in server.xml?
>> 
>> Thanks,
>> 
>> Glenn
>> 


----------------------------------------------------------------------
|  Orbware Ltd                              http://www.orbware.com/  |
|         --- Enterprise technology for the "real world" ---         |
|  Try the OrCAS EJB server -- Completely free for development use.  |
----------------------------------------------------------------------

Mime
View raw message