tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeanfrancois Arcand <>
Subject Re: Extending GenericPrincipal/RealmBase: Essentially a classloader question
Date Thu, 15 Apr 2004 18:55:19 GMT

John H wrote:

>HI all,
>He have implemented our own realm and principal buy extending org.apache.catalina.realm.RealmBase
and GenericPrincipal.
>(Using TC5.0.19 on Solaris and Windows. Realm defined in <Context>.)
>By doing this, however, we've got ourselves into sort of a catch 22 in terms of classloading.
Hopefully someone can offer some assistance.
>I've referenced the Class Loader HOW-TO at,
so I'll use it's terminology.
>RealmBase and GenericPrincipal are located in catalina.jar, which resides physically in
server/lib. The howo defines this jar as in the Catalina class loader. The definition says
that the Catalina classes are totally invisible to web applications, which seems true enough.
In order to extend these, I must locate my jar in server/lib. So far so good.
>The problem is that I need to use my extension of GenericPrincipal within my webapps.
>I tried moving my jar to common/lib, since, according to the parent tree in the howto,
it is visible to both the Catalina branch and the webapp branch. Doing this causes a NoClassDefFoundError
for GenericPrincipal. Apparently since the Catalina classloader is below the common classloader,
it can't find GenericPrincipal. 
>The only solution that appears to work is moving the entire contents of server/lib to
common/lib, essentially 'promoting' all of the classes normally in the Catalina class loader
to the common class loader. 
>Is this the best solution? It seems to me that I should be able to extend RealmBase/GenericPrincipal
without having to move jars around. 
>Any ideas?
One way will be to define, in your context.xml, the attribute 
privileged="true". This will give the web app access to all the 
server/lib classes (but that's not secure since your web app can play 
with the catalina internal).

If you can turn the SecurityManager on, then  what you can do after is 
turning it on (this will protected all catalina classes from package 
definition/insertion....see for the list of 
protection), you can then add your web app codebase in the 
catalina.policy so only your web app will be able to use the catalina.jar.

I don't see any other way to achieve what you want to do.

-- Jeanfrancois


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message