tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John H" <tomcatl...@bellsouth.net>
Subject Re: Extending GenericPrincipal/RealmBase: Essentially a classloader question
Date Fri, 16 Apr 2004 20:27:16 GMT
Thanks for the replies.

I've tried some of the suggestions, and I guess I've hit a wall again.

>From what I'm seeing, in order extend RealmBase/GenericPrincipal, your class
MUST exist in server/lib (given the default configuration). I see no other
way, unless I'm missing something. RealmBase is in catalina.jar, which is in
server/lib and is in the catalina classloader. In order for a class to
extend this, it too must be in the catalina classloader.

I tried this modification to catalina.properties:

common.loader=${catalina.base}/common/classes,${catalina.base}/common/endors
ed/*.jar,
${catalina.base}/common/lib/*.jar,${catalina.base}/server/classes,${catalina
.base}/server/lib/*.jar

(note my extension classes are in bbarealm.jar, which is in server/lib)

Withouth making any more changes (other than moving tomcat's jar's back to
their original locations), this worked. This seems exactly like moving all
the files from server/lib (including my bbarealm.jar) to common/lib, though.

Then I tried this: I moved my bbarealm.jar to shared/lib (making it visible
to the apps), changed the common loader back to it's original form, and
added
${catalina.home}/shared/lib/bbarealm.jar to the sever.loader line. This
results in a NCDF for org.apache.catalina.realm.RealmBase

*pulls hair* I'm not sure how catalina.policies is going to help me. This
isn't an priviledges issue. It's a classloader issue. The only classloader
that seems to allow me to extend RealmBase/GenericPrincipal is the catalina
classloader, and can't see a way to add a class to this classloader (other
than sticking it in server/lib, which makes it invisible to my apps!). There
is no 'catalina.loader' line in catalina.properties.

*sigh* Any thoughts?

----- Original Message ----- 
From: "Jeanfrancois Arcand" <jfarcand@apache.org>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Thursday, April 15, 2004 2:55 PM
Subject: Re: Extending GenericPrincipal/RealmBase: Essentially a classloader
question


>
>
> John H wrote:
>
> >HI all,
> >
> >He have implemented our own realm and principal buy extending
org.apache.catalina.realm.RealmBase and GenericPrincipal.
> >
> >(Using TC5.0.19 on Solaris and Windows. Realm defined in <Context>.)
> >
> >By doing this, however, we've got ourselves into sort of a catch 22 in
terms of classloading. Hopefully someone can offer some assistance.
> >
> >I've referenced the Class Loader HOW-TO at
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/class-loader-howto.html, so
I'll use it's terminology.
> >
> >RealmBase and GenericPrincipal are located in catalina.jar, which resides
physically in server/lib. The howo defines this jar as in the Catalina class
loader. The definition says that the Catalina classes are totally invisible
to web applications, which seems true enough. In order to extend these, I
must locate my jar in server/lib. So far so good.
> >
> >The problem is that I need to use my extension of GenericPrincipal within
my webapps.
> >
> >I tried moving my jar to common/lib, since, according to the parent tree
in the howto, it is visible to both the Catalina branch and the webapp
branch. Doing this causes a NoClassDefFoundError for GenericPrincipal.
Apparently since the Catalina classloader is below the common classloader,
it can't find GenericPrincipal.
> >
> >The only solution that appears to work is moving the entire contents of
server/lib to common/lib, essentially 'promoting' all of the classes
normally in the Catalina class loader to the common class loader.
> >
> >Is this the best solution? It seems to me that I should be able to extend
RealmBase/GenericPrincipal without having to move jars around.
> >
> >Any ideas?
> >
> >
> One way will be to define, in your context.xml, the attribute
> privileged="true". This will give the web app access to all the
> server/lib classes (but that's not secure since your web app can play
> with the catalina internal).
>
> If you can turn the SecurityManager on, then  what you can do after is
> turning it on (this will protected all catalina classes from package
> definition/insertion....see catalina.properties for the list of
> protection), you can then add your web app codebase in the
> catalina.policy so only your web app will be able to use the catalina.jar.
>
> I don't see any other way to achieve what you want to do.
>
> -- Jeanfrancois
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message